From 7d344cf9a2817025a2e0dfff201a980815bcca7a Mon Sep 17 00:00:00 2001
From: Quentin Bisson <quentin@giantswarm.io>
Date: Mon, 5 Feb 2024 23:04:22 +0100
Subject: [PATCH] Fix test generation (#1505)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Fix test generation

* Update service/controller/resource/monitoring/verticalpodautoscaler/resource_test.go

Co-authored-by: Hervé Nicol <hervenicol@users.noreply.github.com>

* Fix update flag description

---------

Co-authored-by: Hervé Nicol <hervenicol@users.noreply.github.com>
---
 CHANGELOG.md                                  |    1 +
 pkg/remotewriteutils/util_test.go             |    1 -
 pkg/unittest/input/capi/case-1-capa-mc.golden |   11 +
 pkg/unittest/input/capi/case-2-capa.golden    |   11 +
 pkg/unittest/input/capi/case-3-capz.golden    |   11 +
 .../case-4-eks.golden}                        |    2 -
 pkg/unittest/input/capi/case-5-gcp.golden     |   11 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../input/{ => vintage}/case-2-aws-v16.golden |    0
 .../input/{ => vintage}/case-3-aws-v18.golden |    0
 .../{ => vintage}/case-4-azure-v18.golden     |    0
 pkg/unittest/unittest.go                      |   22 +-
 service/controller/clusterapi/controller.go   |    5 +-
 .../{resource => clusterapi}/resource.go      |    2 +-
 .../alertmanagerconfig/resource_test.go       |   81 +-
 .../case-1-capa-mc.golden}                    |    0
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../case-5-gcp.golden}                        |    0
 .../vintage/case-1-vintage-mc.golden          |  483 +++++++
 .../vintage/case-2-aws-v16.golden             |  483 +++++++
 .../vintage/case-3-aws-v18.golden             |  483 +++++++
 .../vintage/case-4-azure-v18.golden           |  483 +++++++
 .../case-1-capa-mc.golden}                    |    0
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../case-5-gcp.golden}                        |    0
 .../vintage/case-1-vintage-mc.golden          |   69 +
 .../vintage/case-2-aws-v16.golden             |   69 +
 .../vintage/case-3-aws-v18.golden             |   69 +
 .../vintage/case-4-azure-v18.golden           |   69 +
 .../alertmanagerwiring/resource_test.go       |   46 +-
 .../case-1-capa-mc.golden}                    |    0
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../case-5-gcp.golden}                        |    0
 .../test/vintage/case-1-vintage-mc.golden     |    6 +
 .../test/vintage/case-2-aws-v16.golden        |    6 +
 .../test/vintage/case-3-aws-v18.golden        |    6 +
 .../test/vintage/case-4-azure-v18.golden      |    6 +
 .../heartbeatwebhookconfig/resource_test.go   |   46 +-
 .../test/capi/case-1-capa-mc.golden           |   32 +
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../test/capi/case-5-gcp.golden               |   32 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../test/{ => vintage}/case-2-aws-v16.golden  |    0
 .../test/vintage/case-3-aws-v18.golden        |   32 +
 .../test/vintage/case-4-azure-v18.golden      |   32 +
 .../monitoring/ingress/resource_test.go       |  169 +--
 .../test/default/capi/case-1-capa-mc.golden   |   29 +
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../test/default/capi/case-5-gcp.golden       |   29 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../{ => vintage}/case-2-aws-v16.golden       |    0
 .../default/vintage/case-3-aws-v18.golden     |   29 +
 .../default/vintage/case-4-azure-v18.golden   |   29 +
 .../capi/case-1-capa-mc.golden                |   32 +
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../capi/case-5-gcp.golden                    |   32 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../{ => vintage}/case-2-aws-v16.golden       |    0
 .../vintage/case-3-aws-v18.golden             |   32 +
 .../vintage/case-4-azure-v18.golden           |   32 +
 .../externaldns/capi/case-1-capa-mc.golden    |   31 +
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../test/externaldns/capi/case-5-gcp.golden   |   31 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../{ => vintage}/case-2-aws-v16.golden       |    0
 .../externaldns/vintage/case-3-aws-v18.golden |   31 +
 .../vintage/case-4-azure-v18.golden           |   31 +
 .../capi/case-1-capa-mc.golden                |   30 +
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../restricted-access/capi/case-5-gcp.golden  |   30 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../{ => vintage}/case-2-aws-v16.golden       |    0
 .../vintage/case-3-aws-v18.golden             |   30 +
 .../vintage/case-4-azure-v18.golden           |   30 +
 .../monitoring/prometheus/resource_test.go    |  131 +-
 .../test/capi/case-1-capa-mc.golden           |  124 ++
 .../prometheus/test/capi/case-2-capa.golden   |  124 ++
 .../prometheus/test/capi/case-3-capz.golden   |  124 ++
 .../case-4-eks.golden}                        |    2 +-
 .../prometheus/test/capi/case-5-gcp.golden    |  124 ++
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../test/{ => vintage}/case-2-aws-v16.golden  |    0
 .../test/{ => vintage}/case-3-aws-v18.golden  |    0
 .../{ => vintage}/case-4-azure-v18.golden     |    0
 .../remotewriteconfig/shards_test.go          |    2 +-
 .../remotewriteingress/resource_test.go       |   82 +-
 .../test/default/capi/case-1-capa-mc.golden   |   32 +
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../test/default/capi/case-5-gcp.golden       |   32 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../{ => vintage}/case-2-aws-v16.golden       |    0
 .../default/vintage/case-3-aws-v18.golden     |   32 +
 .../default/vintage/case-4-azure-v18.golden   |   32 +
 .../externaldns/capi/case-1-capa-mc.golden    |   34 +
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../test/externaldns/capi/case-5-gcp.golden   |   34 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../{ => vintage}/case-2-aws-v16.golden       |    0
 .../externaldns/vintage/case-3-aws-v18.golden |   34 +
 .../vintage/case-4-azure-v18.golden           |   34 +
 .../monitoring/scrapeconfigs/resource_test.go |   23 +-
 .../test/aws/case-5-eks-v18.golden            |  416 ------
 .../test/azure/case-5-eks-v18.golden          |  424 ------
 .../test/capa/case-1-capa-mc.golden           |  980 ++++++++++++++
 .../test/capa/case-1-vintage-mc.golden        | 1167 -----------------
 ...se-3-aws-v18.golden => case-2-capa.golden} |    0
 .../case-3-capz.golden}                       |   26 +-
 ...ase-5-eks-v18.golden => case-4-eks.golden} |    0
 .../case-5-gcp.golden}                        |  126 +-
 .../test/capz/case-1-capa-mc.golden           |  980 ++++++++++++++
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |   26 +-
 .../case-4-eks.golden}                        |    0
 .../case-5-gcp.golden}                        |  126 +-
 .../test/gcp/case-1-capa-mc.golden            |  980 ++++++++++++++
 .../test/gcp/case-1-vintage-mc.golden         | 1167 -----------------
 .../case-2-capa.golden}                       |    0
 ...-4-azure-v18.golden => case-3-capz.golden} |   26 +-
 .../case-4-eks.golden}                        |    0
 .../case-5-gcp.golden}                        |  126 +-
 .../test/openstack/case-1-vintage-mc.golden   | 1167 -----------------
 .../verticalpodautoscaler/resource_test.go    |   63 +-
 .../test/capi/case-1-capa-mc.golden           |   28 +
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../test/capi/case-5-gcp.golden               |   28 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../test/{ => vintage}/case-2-aws-v16.golden  |    0
 .../test/vintage/case-3-aws-v18.golden        |   28 +
 .../test/vintage/case-4-azure-v18.golden      |   28 +
 .../resource/namespace/resource_test.go       |   43 +-
 .../namespace/test/capi/case-1-capa-mc.golden |   12 +
 .../case-2-capa.golden}                       |    0
 .../case-3-capz.golden}                       |    0
 .../case-4-eks.golden}                        |    0
 .../namespace/test/capi/case-5-gcp.golden     |   12 +
 .../{ => vintage}/case-1-vintage-mc.golden    |    0
 .../test/{ => vintage}/case-2-aws-v16.golden  |    0
 .../test/vintage/case-3-aws-v18.golden        |   12 +
 .../test/vintage/case-4-azure-v18.golden      |   12 +
 161 files changed, 7377 insertions(+), 4893 deletions(-)
 create mode 100644 pkg/unittest/input/capi/case-1-capa-mc.golden
 create mode 100644 pkg/unittest/input/capi/case-2-capa.golden
 create mode 100644 pkg/unittest/input/capi/case-3-capz.golden
 rename pkg/unittest/input/{case-5-eks-v18.golden => capi/case-4-eks.golden} (81%)
 create mode 100644 pkg/unittest/input/capi/case-5-gcp.golden
 rename pkg/unittest/input/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename pkg/unittest/input/{ => vintage}/case-2-aws-v16.golden (100%)
 rename pkg/unittest/input/{ => vintage}/case-3-aws-v18.golden (100%)
 rename pkg/unittest/input/{ => vintage}/case-4-azure-v18.golden (100%)
 rename service/controller/{resource => clusterapi}/resource.go (99%)
 rename service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/{case-1-vintage-mc.golden => capi/case-1-capa-mc.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/{case-2-aws-v16.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/{case-3-aws-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/{case-4-azure-v18.golden => capi/case-4-eks.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/{case-5-eks-v18.golden => capi/case-5-gcp.golden} (100%)
 create mode 100644 service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-1-vintage-mc.golden
 create mode 100644 service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-2-aws-v16.golden
 create mode 100644 service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-4-azure-v18.golden
 rename service/controller/resource/alerting/alertmanagerconfig/test/notification-template/{case-1-vintage-mc.golden => capi/case-1-capa-mc.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerconfig/test/notification-template/{case-2-aws-v16.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerconfig/test/notification-template/{case-3-aws-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerconfig/test/notification-template/{case-4-azure-v18.golden => capi/case-4-eks.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerconfig/test/notification-template/{case-5-eks-v18.golden => capi/case-5-gcp.golden} (100%)
 create mode 100644 service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-1-vintage-mc.golden
 create mode 100644 service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-2-aws-v16.golden
 create mode 100644 service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-4-azure-v18.golden
 rename service/controller/resource/alerting/alertmanagerwiring/test/{case-1-vintage-mc.golden => capi/case-1-capa-mc.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerwiring/test/{case-2-aws-v16.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerwiring/test/{case-3-aws-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerwiring/test/{case-4-azure-v18.golden => capi/case-4-eks.golden} (100%)
 rename service/controller/resource/alerting/alertmanagerwiring/test/{case-5-eks-v18.golden => capi/case-5-gcp.golden} (100%)
 create mode 100644 service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-1-vintage-mc.golden
 create mode 100644 service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-2-aws-v16.golden
 create mode 100644 service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-4-azure-v18.golden
 create mode 100644 service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-1-capa-mc.golden
 rename service/controller/resource/alerting/heartbeatwebhookconfig/test/{case-3-aws-v18.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/alerting/heartbeatwebhookconfig/test/{case-4-azure-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/alerting/heartbeatwebhookconfig/test/{case-5-eks-v18.golden => capi/case-4-eks.golden} (100%)
 create mode 100644 service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-5-gcp.golden
 rename service/controller/resource/alerting/heartbeatwebhookconfig/test/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/alerting/heartbeatwebhookconfig/test/{ => vintage}/case-2-aws-v16.golden (100%)
 create mode 100644 service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-4-azure-v18.golden
 create mode 100644 service/controller/resource/monitoring/ingress/test/default/capi/case-1-capa-mc.golden
 rename service/controller/resource/monitoring/ingress/test/default/{case-3-aws-v18.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/ingress/test/default/{case-4-azure-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/monitoring/ingress/test/default/{case-5-eks-v18.golden => capi/case-4-eks.golden} (100%)
 create mode 100644 service/controller/resource/monitoring/ingress/test/default/capi/case-5-gcp.golden
 rename service/controller/resource/monitoring/ingress/test/default/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/monitoring/ingress/test/default/{ => vintage}/case-2-aws-v16.golden (100%)
 create mode 100644 service/controller/resource/monitoring/ingress/test/default/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/monitoring/ingress/test/default/vintage/case-4-azure-v18.golden
 create mode 100644 service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-1-capa-mc.golden
 rename service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/{case-3-aws-v18.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/{case-4-azure-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/{case-5-eks-v18.golden => capi/case-4-eks.golden} (100%)
 create mode 100644 service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-5-gcp.golden
 rename service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/{ => vintage}/case-2-aws-v16.golden (100%)
 create mode 100644 service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-4-azure-v18.golden
 create mode 100644 service/controller/resource/monitoring/ingress/test/externaldns/capi/case-1-capa-mc.golden
 rename service/controller/resource/monitoring/ingress/test/externaldns/{case-3-aws-v18.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/ingress/test/externaldns/{case-4-azure-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/monitoring/ingress/test/externaldns/{case-5-eks-v18.golden => capi/case-4-eks.golden} (100%)
 create mode 100644 service/controller/resource/monitoring/ingress/test/externaldns/capi/case-5-gcp.golden
 rename service/controller/resource/monitoring/ingress/test/externaldns/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/monitoring/ingress/test/externaldns/{ => vintage}/case-2-aws-v16.golden (100%)
 create mode 100644 service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-4-azure-v18.golden
 create mode 100644 service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-1-capa-mc.golden
 rename service/controller/resource/monitoring/ingress/test/restricted-access/{case-3-aws-v18.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/ingress/test/restricted-access/{case-4-azure-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/monitoring/ingress/test/restricted-access/{case-5-eks-v18.golden => capi/case-4-eks.golden} (100%)
 create mode 100644 service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-5-gcp.golden
 rename service/controller/resource/monitoring/ingress/test/restricted-access/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/monitoring/ingress/test/restricted-access/{ => vintage}/case-2-aws-v16.golden (100%)
 create mode 100644 service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-4-azure-v18.golden
 create mode 100644 service/controller/resource/monitoring/prometheus/test/capi/case-1-capa-mc.golden
 create mode 100644 service/controller/resource/monitoring/prometheus/test/capi/case-2-capa.golden
 create mode 100644 service/controller/resource/monitoring/prometheus/test/capi/case-3-capz.golden
 rename service/controller/resource/monitoring/prometheus/test/{case-5-eks-v18.golden => capi/case-4-eks.golden} (99%)
 create mode 100644 service/controller/resource/monitoring/prometheus/test/capi/case-5-gcp.golden
 rename service/controller/resource/monitoring/prometheus/test/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/monitoring/prometheus/test/{ => vintage}/case-2-aws-v16.golden (100%)
 rename service/controller/resource/monitoring/prometheus/test/{ => vintage}/case-3-aws-v18.golden (100%)
 rename service/controller/resource/monitoring/prometheus/test/{ => vintage}/case-4-azure-v18.golden (100%)
 create mode 100644 service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-1-capa-mc.golden
 rename service/controller/resource/monitoring/remotewriteingress/test/default/{case-3-aws-v18.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/remotewriteingress/test/default/{case-4-azure-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/monitoring/remotewriteingress/test/default/{case-5-eks-v18.golden => capi/case-4-eks.golden} (100%)
 create mode 100644 service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-5-gcp.golden
 rename service/controller/resource/monitoring/remotewriteingress/test/default/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/monitoring/remotewriteingress/test/default/{ => vintage}/case-2-aws-v16.golden (100%)
 create mode 100644 service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-4-azure-v18.golden
 create mode 100644 service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-1-capa-mc.golden
 rename service/controller/resource/monitoring/remotewriteingress/test/externaldns/{case-3-aws-v18.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/remotewriteingress/test/externaldns/{case-4-azure-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/monitoring/remotewriteingress/test/externaldns/{case-5-eks-v18.golden => capi/case-4-eks.golden} (100%)
 create mode 100644 service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-5-gcp.golden
 rename service/controller/resource/monitoring/remotewriteingress/test/externaldns/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/monitoring/remotewriteingress/test/externaldns/{ => vintage}/case-2-aws-v16.golden (100%)
 create mode 100644 service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-4-azure-v18.golden
 delete mode 100644 service/controller/resource/monitoring/scrapeconfigs/test/aws/case-5-eks-v18.golden
 delete mode 100644 service/controller/resource/monitoring/scrapeconfigs/test/azure/case-5-eks-v18.golden
 create mode 100644 service/controller/resource/monitoring/scrapeconfigs/test/capa/case-1-capa-mc.golden
 delete mode 100644 service/controller/resource/monitoring/scrapeconfigs/test/capa/case-1-vintage-mc.golden
 rename service/controller/resource/monitoring/scrapeconfigs/test/capa/{case-3-aws-v18.golden => case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/scrapeconfigs/test/{openstack/case-4-azure-v18.golden => capa/case-3-capz.golden} (99%)
 rename service/controller/resource/monitoring/scrapeconfigs/test/capa/{case-5-eks-v18.golden => case-4-eks.golden} (100%)
 rename service/controller/resource/monitoring/scrapeconfigs/test/{gcp/case-2-aws-v16.golden => capa/case-5-gcp.golden} (93%)
 create mode 100644 service/controller/resource/monitoring/scrapeconfigs/test/capz/case-1-capa-mc.golden
 rename service/controller/resource/monitoring/scrapeconfigs/test/{gcp/case-3-aws-v18.golden => capz/case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/scrapeconfigs/test/{capa/case-4-azure-v18.golden => capz/case-3-capz.golden} (99%)
 rename service/controller/resource/monitoring/scrapeconfigs/test/{gcp/case-5-eks-v18.golden => capz/case-4-eks.golden} (100%)
 rename service/controller/resource/monitoring/scrapeconfigs/test/{capa/case-2-aws-v16.golden => capz/case-5-gcp.golden} (93%)
 create mode 100644 service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-1-capa-mc.golden
 delete mode 100644 service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-1-vintage-mc.golden
 rename service/controller/resource/monitoring/scrapeconfigs/test/{openstack/case-3-aws-v18.golden => gcp/case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/scrapeconfigs/test/gcp/{case-4-azure-v18.golden => case-3-capz.golden} (99%)
 rename service/controller/resource/monitoring/scrapeconfigs/test/{openstack/case-5-eks-v18.golden => gcp/case-4-eks.golden} (100%)
 rename service/controller/resource/monitoring/scrapeconfigs/test/{openstack/case-2-aws-v16.golden => gcp/case-5-gcp.golden} (93%)
 delete mode 100644 service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-1-vintage-mc.golden
 create mode 100644 service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-1-capa-mc.golden
 rename service/controller/resource/monitoring/verticalpodautoscaler/test/{case-3-aws-v18.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/monitoring/verticalpodautoscaler/test/{case-4-azure-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/monitoring/verticalpodautoscaler/test/{case-5-eks-v18.golden => capi/case-4-eks.golden} (100%)
 create mode 100644 service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-5-gcp.golden
 rename service/controller/resource/monitoring/verticalpodautoscaler/test/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/monitoring/verticalpodautoscaler/test/{ => vintage}/case-2-aws-v16.golden (100%)
 create mode 100644 service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-4-azure-v18.golden
 create mode 100644 service/controller/resource/namespace/test/capi/case-1-capa-mc.golden
 rename service/controller/resource/namespace/test/{case-3-aws-v18.golden => capi/case-2-capa.golden} (100%)
 rename service/controller/resource/namespace/test/{case-4-azure-v18.golden => capi/case-3-capz.golden} (100%)
 rename service/controller/resource/namespace/test/{case-5-eks-v18.golden => capi/case-4-eks.golden} (100%)
 create mode 100644 service/controller/resource/namespace/test/capi/case-5-gcp.golden
 rename service/controller/resource/namespace/test/{ => vintage}/case-1-vintage-mc.golden (100%)
 rename service/controller/resource/namespace/test/{ => vintage}/case-2-aws-v16.golden (100%)
 create mode 100644 service/controller/resource/namespace/test/vintage/case-3-aws-v18.golden
 create mode 100644 service/controller/resource/namespace/test/vintage/case-4-azure-v18.golden

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e3f179cb6..775db1645 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 
 - Fix how we enable `remote-write-receiver` to avoid deprecated warnings.
+- Fix test generation to split capi and vintage tests generated files.
 
 ### Removed
 
diff --git a/pkg/remotewriteutils/util_test.go b/pkg/remotewriteutils/util_test.go
index 486b4ff3d..492141c8f 100644
--- a/pkg/remotewriteutils/util_test.go
+++ b/pkg/remotewriteutils/util_test.go
@@ -21,7 +21,6 @@ const (
 var _ = flag.Bool("update", false, "doing nothing")
 
 func TestToRemoteWrite(t *testing.T) {
-
 	type args struct {
 		obj interface{}
 	}
diff --git a/pkg/unittest/input/capi/case-1-capa-mc.golden b/pkg/unittest/input/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..732d6e234
--- /dev/null
+++ b/pkg/unittest/input/capi/case-1-capa-mc.golden
@@ -0,0 +1,11 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: test-installation
+  namespace: org-my-organization
+spec:
+  controlPlaneEndpoint:
+    host: master.test-installation
+    port: 443
+  infrastructureRef:
+    kind: AWSCluster
diff --git a/pkg/unittest/input/capi/case-2-capa.golden b/pkg/unittest/input/capi/case-2-capa.golden
new file mode 100644
index 000000000..9b5a6453a
--- /dev/null
+++ b/pkg/unittest/input/capi/case-2-capa.golden
@@ -0,0 +1,11 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: baz
+  namespace: org-my-organization
+spec:
+  controlPlaneEndpoint:
+    host: master.baz
+    port: 443
+  infrastructureRef:
+    kind: AWSCluster
diff --git a/pkg/unittest/input/capi/case-3-capz.golden b/pkg/unittest/input/capi/case-3-capz.golden
new file mode 100644
index 000000000..73de9e15a
--- /dev/null
+++ b/pkg/unittest/input/capi/case-3-capz.golden
@@ -0,0 +1,11 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: foo
+  namespace: org-my-organization
+spec:
+  controlPlaneEndpoint:
+    host: master.foo
+    port: 443
+  infrastructureRef:
+    kind: AzureCluster
diff --git a/pkg/unittest/input/case-5-eks-v18.golden b/pkg/unittest/input/capi/case-4-eks.golden
similarity index 81%
rename from pkg/unittest/input/case-5-eks-v18.golden
rename to pkg/unittest/input/capi/case-4-eks.golden
index d70bba102..8b8dcf6f8 100644
--- a/pkg/unittest/input/case-5-eks-v18.golden
+++ b/pkg/unittest/input/capi/case-4-eks.golden
@@ -1,8 +1,6 @@
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: Cluster
 metadata:
-  labels:
-    "release.giantswarm.io/version": 18.0.0
   name: eks-sample
   namespace: org-my-organization
 spec:
diff --git a/pkg/unittest/input/capi/case-5-gcp.golden b/pkg/unittest/input/capi/case-5-gcp.golden
new file mode 100644
index 000000000..3ff07d0c5
--- /dev/null
+++ b/pkg/unittest/input/capi/case-5-gcp.golden
@@ -0,0 +1,11 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: gcp-sample
+  namespace: org-my-organization
+spec:
+  controlPlaneEndpoint:
+    host: master.gcp-sample
+    port: 443
+  infrastructureRef:
+    kind: GCPCluster
diff --git a/pkg/unittest/input/case-1-vintage-mc.golden b/pkg/unittest/input/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from pkg/unittest/input/case-1-vintage-mc.golden
rename to pkg/unittest/input/vintage/case-1-vintage-mc.golden
diff --git a/pkg/unittest/input/case-2-aws-v16.golden b/pkg/unittest/input/vintage/case-2-aws-v16.golden
similarity index 100%
rename from pkg/unittest/input/case-2-aws-v16.golden
rename to pkg/unittest/input/vintage/case-2-aws-v16.golden
diff --git a/pkg/unittest/input/case-3-aws-v18.golden b/pkg/unittest/input/vintage/case-3-aws-v18.golden
similarity index 100%
rename from pkg/unittest/input/case-3-aws-v18.golden
rename to pkg/unittest/input/vintage/case-3-aws-v18.golden
diff --git a/pkg/unittest/input/case-4-azure-v18.golden b/pkg/unittest/input/vintage/case-4-azure-v18.golden
similarity index 100%
rename from pkg/unittest/input/case-4-azure-v18.golden
rename to pkg/unittest/input/vintage/case-4-azure-v18.golden
diff --git a/pkg/unittest/unittest.go b/pkg/unittest/unittest.go
index b5bda28cd..199922484 100644
--- a/pkg/unittest/unittest.go
+++ b/pkg/unittest/unittest.go
@@ -2,10 +2,13 @@ package unittest
 
 import (
 	"bytes"
+	"errors"
 	"os"
 	"path"
 	"path/filepath"
 	"runtime"
+	"slices"
+	"strings"
 	"testing"
 
 	"github.com/giantswarm/apiextensions/v6/pkg/apis/provider/v1alpha1"
@@ -25,6 +28,7 @@ type Config struct {
 	TestFunc             TestFunc
 	TestFuncReturnsBytes bool
 	Update               bool
+	Flavor               string
 }
 
 type Marshaller func(o interface{}) ([]byte, error)
@@ -66,6 +70,11 @@ type Value struct {
 	Output []byte
 }
 
+const capiFlavor = "capi"
+const vintageFlavor = "vintage"
+
+var ProviderFlavors = []string{capiFlavor, vintageFlavor}
+
 // NewRunner creates a new Runner given a Config.
 func NewRunner(config Config) (*Runner, error) {
 	_, filename, _, ok := runtime.Caller(0)
@@ -73,7 +82,12 @@ func NewRunner(config Config) (*Runner, error) {
 		return nil, microerror.Mask(executionError)
 	}
 
-	inputDir, err := filepath.Abs(filepath.Join(path.Dir(filename), "input"))
+	if !slices.Contains(ProviderFlavors, config.Flavor) {
+		err := errors.New("flavor must be in the list of supported flavors: [" + strings.Join(ProviderFlavors, " ,") + "]")
+		return nil, microerror.Mask(err)
+	}
+
+	inputDir, err := filepath.Abs(filepath.Join(path.Dir(filename), "input", config.Flavor))
 	if err != nil {
 		return nil, microerror.Mask(err)
 	}
@@ -129,7 +143,11 @@ func (r *Runner) Run() error {
 
 			outputFilePath := filepath.Join(r.OutputDir, file.Name())
 			if r.Update {
-				err := os.WriteFile(outputFilePath, testResult, 0644) // #nosec
+				err := os.MkdirAll(r.OutputDir, os.ModePerm)
+				if err != nil {
+					t.Fatal(err)
+				}
+				err = os.WriteFile(outputFilePath, testResult, 0644) // #nosec
 				if err != nil {
 					t.Fatal(err)
 				}
diff --git a/service/controller/clusterapi/controller.go b/service/controller/clusterapi/controller.go
index 9782f38a5..4a82203fc 100644
--- a/service/controller/clusterapi/controller.go
+++ b/service/controller/clusterapi/controller.go
@@ -16,7 +16,6 @@ import (
 
 	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/cluster"
 	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/project"
-	controllerresource "github.com/giantswarm/prometheus-meta-operator/v2/service/controller/resource"
 )
 
 type ControllerConfig struct {
@@ -61,9 +60,9 @@ func NewController(config ControllerConfig) (*Controller, error) {
 
 	var resources []resource.Interface
 	{
-		c := controllerresource.Config(config)
+		c := Config(config)
 
-		resources, err = controllerresource.New(c)
+		resources, err = New(c)
 		if err != nil {
 			return nil, microerror.Mask(err)
 		}
diff --git a/service/controller/resource/resource.go b/service/controller/clusterapi/resource.go
similarity index 99%
rename from service/controller/resource/resource.go
rename to service/controller/clusterapi/resource.go
index e369d116e..acb2410fa 100644
--- a/service/controller/resource/resource.go
+++ b/service/controller/clusterapi/resource.go
@@ -1,4 +1,4 @@
-package resource
+package clusterapi
 
 import (
 	"net/url"
diff --git a/service/controller/resource/alerting/alertmanagerconfig/resource_test.go b/service/controller/resource/alerting/alertmanagerconfig/resource_test.go
index b85e1192d..1b1047775 100644
--- a/service/controller/resource/alerting/alertmanagerconfig/resource_test.go
+++ b/service/controller/resource/alerting/alertmanagerconfig/resource_test.go
@@ -10,12 +10,13 @@ import (
 	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/unittest"
 )
 
-var update = flag.Bool("update", false, "update the ouput file")
+var update = flag.Bool("update", false, "update the output file")
 
 func TestRenderingOfAlertmanagerNotificationTemplate(t *testing.T) {
 	var testFunc unittest.TestFunc
 	{
 		config := Config{
+			Installation:   "test-installation",
 			GrafanaAddress: "https://grafana",
 		}
 		testFunc = func(v interface{}) (interface{}, error) {
@@ -23,26 +24,29 @@ func TestRenderingOfAlertmanagerNotificationTemplate(t *testing.T) {
 		}
 	}
 
-	outputDir, err := filepath.Abs("./test/notification-template")
-	if err != nil {
-		t.Fatal(err)
-	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/notification-template/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	c := unittest.Config{
-		OutputDir:            outputDir,
-		T:                    t,
-		TestFunc:             testFunc,
-		Update:               *update,
-		TestFuncReturnsBytes: true,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+		c := unittest.Config{
+			OutputDir:            outputDir,
+			T:                    t,
+			TestFunc:             testFunc,
+			Flavor:               flavor,
+			TestFuncReturnsBytes: true,
+			Update:               *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
 func TestRenderingOfAlertmanagerConfig(t *testing.T) {
@@ -64,25 +68,28 @@ func TestRenderingOfAlertmanagerConfig(t *testing.T) {
 		}
 	}
 
-	outputDir, err := filepath.Abs("./test/alertmanager-config")
-	if err != nil {
-		t.Fatal(err)
-	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/alertmanager-config/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	c := unittest.Config{
-		OutputDir:            outputDir,
-		T:                    t,
-		TestFunc:             testFunc,
-		Update:               *update,
-		TestFuncReturnsBytes: true,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+		c := unittest.Config{
+			OutputDir:            outputDir,
+			T:                    t,
+			TestFunc:             testFunc,
+			TestFuncReturnsBytes: true,
+			Flavor:               flavor,
+			Update:               *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-1-vintage-mc.golden b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-1-capa-mc.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-1-vintage-mc.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-1-capa-mc.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-2-aws-v16.golden b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-2-aws-v16.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-2-capa.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-3-aws-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-3-aws-v18.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-3-capz.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-4-azure-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-4-azure-v18.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-4-eks.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-5-eks-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-5-gcp.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/case-5-eks-v18.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/capi/case-5-gcp.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-1-vintage-mc.golden b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-1-vintage-mc.golden
new file mode 100644
index 000000000..f2f773297
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-1-vintage-mc.golden
@@ -0,0 +1,483 @@
+global:
+  resolve_timeout: 5m
+  slack_api_url: https://slack
+
+templates:
+- '/etc/alertmanager/config/*.tmpl'
+
+route:
+  group_by: [alertname, cluster_id, installation, status, team]
+  group_interval: 15m
+  group_wait: 5m
+  repeat_interval: 4h
+  receiver: root
+
+  routes:
+
+  # Falco noise Slack
+  - receiver: falco_noise_slack
+    matchers:
+    - alertname=~"Falco.*"
+    continue: false
+
+  - receiver: team_tinkerers_slack
+    repeat_interval: 14d
+    matchers:
+    - severity=~"page|notify"
+    - team="tinkerers"
+    continue: false
+
+  # Team Ops Opsgenie
+  - receiver: opsgenie_router
+    matchers:
+    - severity="page"
+    continue: true
+
+  # Team Atlas Slack
+  - receiver: team_atlas_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="atlas"
+    - type!="heartbeat"
+    - alertname!~"Inhibition.*"
+    continue: false
+
+  # Team Celestial Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="celestial"
+    - sloth_severity=~"page|ticket"
+    continue: false
+
+  # Team Firecracker Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="firecracker"
+    - sloth_severity=~"page|ticket"
+    continue: false
+
+  # Team Phoenix Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - team="phoenix"
+    - sloth_severity="page"
+    - silence="true"
+    continue: false
+
+  # Team Shield Slack
+  - receiver: team_shield_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="shield"
+    continue: false
+
+  # Team BigMac Slack
+  - receiver: team_bigmac_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="bigmac"
+    continue: false
+
+  # Team Clippy Slack
+  # ReRoute to `phoenix` until we change all team ownership labels
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="clippy"
+    continue: false
+
+  # Team Rocket Slack
+  - receiver: team_rocket_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="rocket"
+    continue: false
+
+  # Team Ops Slack
+  - receiver: team_ops_slack
+    matchers:
+    - severity=~"page|notify"
+    continue: true
+
+  # Team Turtles Slack
+  - receiver: team_turtles_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="turtles"
+    continue: false
+
+receivers:
+- name: root
+
+- name: falco_noise_slack
+  slack_configs:
+  - channel: '#noise-falco'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_atlas_slack
+  slack_configs:
+  - channel: '#alert-atlas-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_phoenix_slack
+  slack_configs:
+  - channel: '#alert-phoenix-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_bigmac_slack
+  slack_configs:
+  - channel: '#alert-bigmac-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_rocket_slack
+  slack_configs:
+  - channel: '#alert-rocket-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_shield_slack
+  slack_configs:
+  - channel: '#alert-shield'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_turtles_slack
+  slack_configs:
+  - channel: '#alert-turtles-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_tinkerers_slack
+  slack_configs:
+  - channel: '#alert-tinkerers'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: opsgenie_router
+  opsgenie_configs:
+  - api_key: opsgenie-key
+    tags: "{{ (index .Alerts 0).Labels.alertname }},{{ (index .Alerts 0).Labels.cluster_type }},{{ (index .Alerts 0).Labels.severity }},{{ (index .Alerts 0).Labels.team }},{{ (index .Alerts 0).Labels.area }},{{ (index .Alerts 0).Labels.service_priority }},{{ (index .Alerts 0).Labels.provider }},{{ (index .Alerts 0).Labels.installation }},{{ (index .Alerts 0).Labels.pipeline }}"
+
+- name: team_ops_slack
+  slack_configs:
+  - channel: '#alert-test-test-installation'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+inhibit_rules:
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  target_matchers:
+  - cancel_if_kube_state_metrics_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  - cluster_id=test-installation
+  target_matchers:
+  - cancel_if_mc_kube_state_metrics_down=true
+
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  target_matchers:
+  - cancel_if_any_kube_state_metrics_down=true
+
+- source_matchers:
+  - cluster_status_creating=true
+  target_matchers:
+  - cancel_if_cluster_status_creating=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_created=true
+  target_matchers:
+  - cancel_if_cluster_status_created=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_updating=true
+  target_matchers:
+  - cancel_if_cluster_status_updating=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_updated=true
+  target_matchers:
+  - cancel_if_cluster_status_updated=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_deleting=true
+  target_matchers:
+  - cancel_if_cluster_status_deleting=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_no_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_no_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_scaling_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_scaling_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_notready_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_notready_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - instance_state_not_running=true
+  target_matchers:
+  - cancel_if_instance_state_not_running=true
+  equal: [node]
+
+- source_matchers:
+  - kiam_has_errors=true
+  target_matchers:
+  - cancel_if_kiam_has_errors=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - kubelet_down=true
+  target_matchers:
+  - cancel_if_kubelet_down=true
+  equal: [cluster_id, ip]
+
+- source_matchers:
+  - kubelet_down=true
+  target_matchers:
+  - cancel_if_any_kubelet_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - kubelet_not_ready=true
+  target_matchers:
+  - cancel_if_kubelet_not_ready=true
+  equal: [cluster_id, ip]
+
+- source_matchers:
+  - kubelet_not_ready=true
+  target_matchers:
+  - cancel_if_any_kubelet_not_ready=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - nodes_down=true
+  target_matchers:
+  - cancel_if_nodes_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - scrape_timeout=true
+  target_matchers:
+  - cancel_if_scrape_timeout=true
+  equal: [cluster_id, instance]
+
+- source_matchers:
+  - control_plane_node_down=true
+  target_matchers:
+  - cancel_if_control_plane_node_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - apiserver_down=true
+  target_matchers:
+  - cancel_if_apiserver_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - apiserver_down=true
+  target_matchers:
+  - cancel_if_any_apiserver_down=true
+
+- source_matchers:
+  - outside_working_hours=true
+  target_matchers:
+  - cancel_if_outside_working_hours=true
+
+- source_matchers:
+  - has_worker_nodes=false
+  target_matchers:
+  - cancel_if_cluster_has_no_workers=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - cluster_is_not_running_prometheus_agent=true
+  target_matchers:
+    - cancel_if_cluster_is_not_running_prometheus_agent=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - inhibit_prometheus_agent_down=true
+  target_matchers:
+    - cancel_if_prometheus_agent_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - stack_failed=true
+  target_matchers:
+    - cancel_if_stack_failed=true
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-2-aws-v16.golden b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-2-aws-v16.golden
new file mode 100644
index 000000000..f2f773297
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-2-aws-v16.golden
@@ -0,0 +1,483 @@
+global:
+  resolve_timeout: 5m
+  slack_api_url: https://slack
+
+templates:
+- '/etc/alertmanager/config/*.tmpl'
+
+route:
+  group_by: [alertname, cluster_id, installation, status, team]
+  group_interval: 15m
+  group_wait: 5m
+  repeat_interval: 4h
+  receiver: root
+
+  routes:
+
+  # Falco noise Slack
+  - receiver: falco_noise_slack
+    matchers:
+    - alertname=~"Falco.*"
+    continue: false
+
+  - receiver: team_tinkerers_slack
+    repeat_interval: 14d
+    matchers:
+    - severity=~"page|notify"
+    - team="tinkerers"
+    continue: false
+
+  # Team Ops Opsgenie
+  - receiver: opsgenie_router
+    matchers:
+    - severity="page"
+    continue: true
+
+  # Team Atlas Slack
+  - receiver: team_atlas_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="atlas"
+    - type!="heartbeat"
+    - alertname!~"Inhibition.*"
+    continue: false
+
+  # Team Celestial Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="celestial"
+    - sloth_severity=~"page|ticket"
+    continue: false
+
+  # Team Firecracker Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="firecracker"
+    - sloth_severity=~"page|ticket"
+    continue: false
+
+  # Team Phoenix Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - team="phoenix"
+    - sloth_severity="page"
+    - silence="true"
+    continue: false
+
+  # Team Shield Slack
+  - receiver: team_shield_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="shield"
+    continue: false
+
+  # Team BigMac Slack
+  - receiver: team_bigmac_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="bigmac"
+    continue: false
+
+  # Team Clippy Slack
+  # ReRoute to `phoenix` until we change all team ownership labels
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="clippy"
+    continue: false
+
+  # Team Rocket Slack
+  - receiver: team_rocket_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="rocket"
+    continue: false
+
+  # Team Ops Slack
+  - receiver: team_ops_slack
+    matchers:
+    - severity=~"page|notify"
+    continue: true
+
+  # Team Turtles Slack
+  - receiver: team_turtles_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="turtles"
+    continue: false
+
+receivers:
+- name: root
+
+- name: falco_noise_slack
+  slack_configs:
+  - channel: '#noise-falco'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_atlas_slack
+  slack_configs:
+  - channel: '#alert-atlas-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_phoenix_slack
+  slack_configs:
+  - channel: '#alert-phoenix-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_bigmac_slack
+  slack_configs:
+  - channel: '#alert-bigmac-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_rocket_slack
+  slack_configs:
+  - channel: '#alert-rocket-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_shield_slack
+  slack_configs:
+  - channel: '#alert-shield'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_turtles_slack
+  slack_configs:
+  - channel: '#alert-turtles-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_tinkerers_slack
+  slack_configs:
+  - channel: '#alert-tinkerers'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: opsgenie_router
+  opsgenie_configs:
+  - api_key: opsgenie-key
+    tags: "{{ (index .Alerts 0).Labels.alertname }},{{ (index .Alerts 0).Labels.cluster_type }},{{ (index .Alerts 0).Labels.severity }},{{ (index .Alerts 0).Labels.team }},{{ (index .Alerts 0).Labels.area }},{{ (index .Alerts 0).Labels.service_priority }},{{ (index .Alerts 0).Labels.provider }},{{ (index .Alerts 0).Labels.installation }},{{ (index .Alerts 0).Labels.pipeline }}"
+
+- name: team_ops_slack
+  slack_configs:
+  - channel: '#alert-test-test-installation'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+inhibit_rules:
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  target_matchers:
+  - cancel_if_kube_state_metrics_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  - cluster_id=test-installation
+  target_matchers:
+  - cancel_if_mc_kube_state_metrics_down=true
+
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  target_matchers:
+  - cancel_if_any_kube_state_metrics_down=true
+
+- source_matchers:
+  - cluster_status_creating=true
+  target_matchers:
+  - cancel_if_cluster_status_creating=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_created=true
+  target_matchers:
+  - cancel_if_cluster_status_created=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_updating=true
+  target_matchers:
+  - cancel_if_cluster_status_updating=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_updated=true
+  target_matchers:
+  - cancel_if_cluster_status_updated=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_deleting=true
+  target_matchers:
+  - cancel_if_cluster_status_deleting=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_no_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_no_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_scaling_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_scaling_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_notready_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_notready_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - instance_state_not_running=true
+  target_matchers:
+  - cancel_if_instance_state_not_running=true
+  equal: [node]
+
+- source_matchers:
+  - kiam_has_errors=true
+  target_matchers:
+  - cancel_if_kiam_has_errors=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - kubelet_down=true
+  target_matchers:
+  - cancel_if_kubelet_down=true
+  equal: [cluster_id, ip]
+
+- source_matchers:
+  - kubelet_down=true
+  target_matchers:
+  - cancel_if_any_kubelet_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - kubelet_not_ready=true
+  target_matchers:
+  - cancel_if_kubelet_not_ready=true
+  equal: [cluster_id, ip]
+
+- source_matchers:
+  - kubelet_not_ready=true
+  target_matchers:
+  - cancel_if_any_kubelet_not_ready=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - nodes_down=true
+  target_matchers:
+  - cancel_if_nodes_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - scrape_timeout=true
+  target_matchers:
+  - cancel_if_scrape_timeout=true
+  equal: [cluster_id, instance]
+
+- source_matchers:
+  - control_plane_node_down=true
+  target_matchers:
+  - cancel_if_control_plane_node_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - apiserver_down=true
+  target_matchers:
+  - cancel_if_apiserver_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - apiserver_down=true
+  target_matchers:
+  - cancel_if_any_apiserver_down=true
+
+- source_matchers:
+  - outside_working_hours=true
+  target_matchers:
+  - cancel_if_outside_working_hours=true
+
+- source_matchers:
+  - has_worker_nodes=false
+  target_matchers:
+  - cancel_if_cluster_has_no_workers=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - cluster_is_not_running_prometheus_agent=true
+  target_matchers:
+    - cancel_if_cluster_is_not_running_prometheus_agent=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - inhibit_prometheus_agent_down=true
+  target_matchers:
+    - cancel_if_prometheus_agent_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - stack_failed=true
+  target_matchers:
+    - cancel_if_stack_failed=true
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-3-aws-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..f2f773297
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-3-aws-v18.golden
@@ -0,0 +1,483 @@
+global:
+  resolve_timeout: 5m
+  slack_api_url: https://slack
+
+templates:
+- '/etc/alertmanager/config/*.tmpl'
+
+route:
+  group_by: [alertname, cluster_id, installation, status, team]
+  group_interval: 15m
+  group_wait: 5m
+  repeat_interval: 4h
+  receiver: root
+
+  routes:
+
+  # Falco noise Slack
+  - receiver: falco_noise_slack
+    matchers:
+    - alertname=~"Falco.*"
+    continue: false
+
+  - receiver: team_tinkerers_slack
+    repeat_interval: 14d
+    matchers:
+    - severity=~"page|notify"
+    - team="tinkerers"
+    continue: false
+
+  # Team Ops Opsgenie
+  - receiver: opsgenie_router
+    matchers:
+    - severity="page"
+    continue: true
+
+  # Team Atlas Slack
+  - receiver: team_atlas_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="atlas"
+    - type!="heartbeat"
+    - alertname!~"Inhibition.*"
+    continue: false
+
+  # Team Celestial Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="celestial"
+    - sloth_severity=~"page|ticket"
+    continue: false
+
+  # Team Firecracker Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="firecracker"
+    - sloth_severity=~"page|ticket"
+    continue: false
+
+  # Team Phoenix Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - team="phoenix"
+    - sloth_severity="page"
+    - silence="true"
+    continue: false
+
+  # Team Shield Slack
+  - receiver: team_shield_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="shield"
+    continue: false
+
+  # Team BigMac Slack
+  - receiver: team_bigmac_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="bigmac"
+    continue: false
+
+  # Team Clippy Slack
+  # ReRoute to `phoenix` until we change all team ownership labels
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="clippy"
+    continue: false
+
+  # Team Rocket Slack
+  - receiver: team_rocket_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="rocket"
+    continue: false
+
+  # Team Ops Slack
+  - receiver: team_ops_slack
+    matchers:
+    - severity=~"page|notify"
+    continue: true
+
+  # Team Turtles Slack
+  - receiver: team_turtles_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="turtles"
+    continue: false
+
+receivers:
+- name: root
+
+- name: falco_noise_slack
+  slack_configs:
+  - channel: '#noise-falco'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_atlas_slack
+  slack_configs:
+  - channel: '#alert-atlas-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_phoenix_slack
+  slack_configs:
+  - channel: '#alert-phoenix-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_bigmac_slack
+  slack_configs:
+  - channel: '#alert-bigmac-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_rocket_slack
+  slack_configs:
+  - channel: '#alert-rocket-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_shield_slack
+  slack_configs:
+  - channel: '#alert-shield'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_turtles_slack
+  slack_configs:
+  - channel: '#alert-turtles-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_tinkerers_slack
+  slack_configs:
+  - channel: '#alert-tinkerers'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: opsgenie_router
+  opsgenie_configs:
+  - api_key: opsgenie-key
+    tags: "{{ (index .Alerts 0).Labels.alertname }},{{ (index .Alerts 0).Labels.cluster_type }},{{ (index .Alerts 0).Labels.severity }},{{ (index .Alerts 0).Labels.team }},{{ (index .Alerts 0).Labels.area }},{{ (index .Alerts 0).Labels.service_priority }},{{ (index .Alerts 0).Labels.provider }},{{ (index .Alerts 0).Labels.installation }},{{ (index .Alerts 0).Labels.pipeline }}"
+
+- name: team_ops_slack
+  slack_configs:
+  - channel: '#alert-test-test-installation'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+inhibit_rules:
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  target_matchers:
+  - cancel_if_kube_state_metrics_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  - cluster_id=test-installation
+  target_matchers:
+  - cancel_if_mc_kube_state_metrics_down=true
+
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  target_matchers:
+  - cancel_if_any_kube_state_metrics_down=true
+
+- source_matchers:
+  - cluster_status_creating=true
+  target_matchers:
+  - cancel_if_cluster_status_creating=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_created=true
+  target_matchers:
+  - cancel_if_cluster_status_created=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_updating=true
+  target_matchers:
+  - cancel_if_cluster_status_updating=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_updated=true
+  target_matchers:
+  - cancel_if_cluster_status_updated=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_deleting=true
+  target_matchers:
+  - cancel_if_cluster_status_deleting=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_no_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_no_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_scaling_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_scaling_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_notready_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_notready_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - instance_state_not_running=true
+  target_matchers:
+  - cancel_if_instance_state_not_running=true
+  equal: [node]
+
+- source_matchers:
+  - kiam_has_errors=true
+  target_matchers:
+  - cancel_if_kiam_has_errors=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - kubelet_down=true
+  target_matchers:
+  - cancel_if_kubelet_down=true
+  equal: [cluster_id, ip]
+
+- source_matchers:
+  - kubelet_down=true
+  target_matchers:
+  - cancel_if_any_kubelet_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - kubelet_not_ready=true
+  target_matchers:
+  - cancel_if_kubelet_not_ready=true
+  equal: [cluster_id, ip]
+
+- source_matchers:
+  - kubelet_not_ready=true
+  target_matchers:
+  - cancel_if_any_kubelet_not_ready=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - nodes_down=true
+  target_matchers:
+  - cancel_if_nodes_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - scrape_timeout=true
+  target_matchers:
+  - cancel_if_scrape_timeout=true
+  equal: [cluster_id, instance]
+
+- source_matchers:
+  - control_plane_node_down=true
+  target_matchers:
+  - cancel_if_control_plane_node_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - apiserver_down=true
+  target_matchers:
+  - cancel_if_apiserver_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - apiserver_down=true
+  target_matchers:
+  - cancel_if_any_apiserver_down=true
+
+- source_matchers:
+  - outside_working_hours=true
+  target_matchers:
+  - cancel_if_outside_working_hours=true
+
+- source_matchers:
+  - has_worker_nodes=false
+  target_matchers:
+  - cancel_if_cluster_has_no_workers=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - cluster_is_not_running_prometheus_agent=true
+  target_matchers:
+    - cancel_if_cluster_is_not_running_prometheus_agent=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - inhibit_prometheus_agent_down=true
+  target_matchers:
+    - cancel_if_prometheus_agent_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - stack_failed=true
+  target_matchers:
+    - cancel_if_stack_failed=true
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-4-azure-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..f2f773297
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerconfig/test/alertmanager-config/vintage/case-4-azure-v18.golden
@@ -0,0 +1,483 @@
+global:
+  resolve_timeout: 5m
+  slack_api_url: https://slack
+
+templates:
+- '/etc/alertmanager/config/*.tmpl'
+
+route:
+  group_by: [alertname, cluster_id, installation, status, team]
+  group_interval: 15m
+  group_wait: 5m
+  repeat_interval: 4h
+  receiver: root
+
+  routes:
+
+  # Falco noise Slack
+  - receiver: falco_noise_slack
+    matchers:
+    - alertname=~"Falco.*"
+    continue: false
+
+  - receiver: team_tinkerers_slack
+    repeat_interval: 14d
+    matchers:
+    - severity=~"page|notify"
+    - team="tinkerers"
+    continue: false
+
+  # Team Ops Opsgenie
+  - receiver: opsgenie_router
+    matchers:
+    - severity="page"
+    continue: true
+
+  # Team Atlas Slack
+  - receiver: team_atlas_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="atlas"
+    - type!="heartbeat"
+    - alertname!~"Inhibition.*"
+    continue: false
+
+  # Team Celestial Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="celestial"
+    - sloth_severity=~"page|ticket"
+    continue: false
+
+  # Team Firecracker Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="firecracker"
+    - sloth_severity=~"page|ticket"
+    continue: false
+
+  # Team Phoenix Slack
+  - receiver: team_phoenix_slack
+    matchers:
+    - team="phoenix"
+    - sloth_severity="page"
+    - silence="true"
+    continue: false
+
+  # Team Shield Slack
+  - receiver: team_shield_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="shield"
+    continue: false
+
+  # Team BigMac Slack
+  - receiver: team_bigmac_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="bigmac"
+    continue: false
+
+  # Team Clippy Slack
+  # ReRoute to `phoenix` until we change all team ownership labels
+  - receiver: team_phoenix_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="clippy"
+    continue: false
+
+  # Team Rocket Slack
+  - receiver: team_rocket_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="rocket"
+    continue: false
+
+  # Team Ops Slack
+  - receiver: team_ops_slack
+    matchers:
+    - severity=~"page|notify"
+    continue: true
+
+  # Team Turtles Slack
+  - receiver: team_turtles_slack
+    matchers:
+    - severity=~"page|notify"
+    - team="turtles"
+    continue: false
+
+receivers:
+- name: root
+
+- name: falco_noise_slack
+  slack_configs:
+  - channel: '#noise-falco'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_atlas_slack
+  slack_configs:
+  - channel: '#alert-atlas-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_phoenix_slack
+  slack_configs:
+  - channel: '#alert-phoenix-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_bigmac_slack
+  slack_configs:
+  - channel: '#alert-bigmac-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_rocket_slack
+  slack_configs:
+  - channel: '#alert-rocket-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_shield_slack
+  slack_configs:
+  - channel: '#alert-shield'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_turtles_slack
+  slack_configs:
+  - channel: '#alert-turtles-test'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: team_tinkerers_slack
+  slack_configs:
+  - channel: '#alert-tinkerers'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" .}}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+- name: opsgenie_router
+  opsgenie_configs:
+  - api_key: opsgenie-key
+    tags: "{{ (index .Alerts 0).Labels.alertname }},{{ (index .Alerts 0).Labels.cluster_type }},{{ (index .Alerts 0).Labels.severity }},{{ (index .Alerts 0).Labels.team }},{{ (index .Alerts 0).Labels.area }},{{ (index .Alerts 0).Labels.service_priority }},{{ (index .Alerts 0).Labels.provider }},{{ (index .Alerts 0).Labels.installation }},{{ (index .Alerts 0).Labels.pipeline }}"
+
+- name: team_ops_slack
+  slack_configs:
+  - channel: '#alert-test-test-installation'
+    send_resolved: true
+    actions:
+    - type: button
+      text: ':green_book: OpsRecipe'
+      url: 'https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}'
+      style: '{{ if eq .Status "firing" }}primary{{ else }}default{{ end }}'
+    - type: button
+      text: ':coffin: Linked PMs'
+      url: '{{ template "__alert_linked_postmortems" . }}'
+    - type: button
+      text: ':mag: Query'
+      url: '{{ (index .Alerts 0).GeneratorURL }}'
+    - type: button
+      text: ':grafana: Dashboard'
+      url: 'https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}'
+    - type: button
+      text: ':no_bell: Silence'
+      url: '{{ template "__alert_silence_link" . }}'
+      style: '{{ if eq .Status "firing" }}danger{{ else }}default{{ end }}'
+
+inhibit_rules:
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  target_matchers:
+  - cancel_if_kube_state_metrics_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  - cluster_id=test-installation
+  target_matchers:
+  - cancel_if_mc_kube_state_metrics_down=true
+
+- source_matchers:
+  - inhibit_kube_state_metrics_down=true
+  target_matchers:
+  - cancel_if_any_kube_state_metrics_down=true
+
+- source_matchers:
+  - cluster_status_creating=true
+  target_matchers:
+  - cancel_if_cluster_status_creating=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_created=true
+  target_matchers:
+  - cancel_if_cluster_status_created=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_updating=true
+  target_matchers:
+  - cancel_if_cluster_status_updating=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_updated=true
+  target_matchers:
+  - cancel_if_cluster_status_updated=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_status_deleting=true
+  target_matchers:
+  - cancel_if_cluster_status_deleting=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_no_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_no_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_scaling_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_scaling_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - cluster_with_notready_nodepools=true
+  target_matchers:
+  - cancel_if_cluster_with_notready_nodepools=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - instance_state_not_running=true
+  target_matchers:
+  - cancel_if_instance_state_not_running=true
+  equal: [node]
+
+- source_matchers:
+  - kiam_has_errors=true
+  target_matchers:
+  - cancel_if_kiam_has_errors=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - kubelet_down=true
+  target_matchers:
+  - cancel_if_kubelet_down=true
+  equal: [cluster_id, ip]
+
+- source_matchers:
+  - kubelet_down=true
+  target_matchers:
+  - cancel_if_any_kubelet_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - kubelet_not_ready=true
+  target_matchers:
+  - cancel_if_kubelet_not_ready=true
+  equal: [cluster_id, ip]
+
+- source_matchers:
+  - kubelet_not_ready=true
+  target_matchers:
+  - cancel_if_any_kubelet_not_ready=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - nodes_down=true
+  target_matchers:
+  - cancel_if_nodes_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - scrape_timeout=true
+  target_matchers:
+  - cancel_if_scrape_timeout=true
+  equal: [cluster_id, instance]
+
+- source_matchers:
+  - control_plane_node_down=true
+  target_matchers:
+  - cancel_if_control_plane_node_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - apiserver_down=true
+  target_matchers:
+  - cancel_if_apiserver_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+  - apiserver_down=true
+  target_matchers:
+  - cancel_if_any_apiserver_down=true
+
+- source_matchers:
+  - outside_working_hours=true
+  target_matchers:
+  - cancel_if_outside_working_hours=true
+
+- source_matchers:
+  - has_worker_nodes=false
+  target_matchers:
+  - cancel_if_cluster_has_no_workers=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - cluster_is_not_running_prometheus_agent=true
+  target_matchers:
+    - cancel_if_cluster_is_not_running_prometheus_agent=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - inhibit_prometheus_agent_down=true
+  target_matchers:
+    - cancel_if_prometheus_agent_down=true
+  equal: [cluster_id]
+
+- source_matchers:
+    - stack_failed=true
+  target_matchers:
+    - cancel_if_stack_failed=true
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-1-vintage-mc.golden b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-1-capa-mc.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-1-vintage-mc.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-1-capa-mc.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-2-aws-v16.golden b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-2-aws-v16.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-2-capa.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-3-aws-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-3-aws-v18.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-3-capz.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-4-azure-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-4-azure-v18.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-4-eks.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-5-eks-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-5-gcp.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerconfig/test/notification-template/case-5-eks-v18.golden
rename to service/controller/resource/alerting/alertmanagerconfig/test/notification-template/capi/case-5-gcp.golden
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-1-vintage-mc.golden b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-1-vintage-mc.golden
new file mode 100644
index 000000000..80c8b80b8
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-1-vintage-mc.golden
@@ -0,0 +1,69 @@
+{{ define "__alertmanager" }}Alertmanager{{ end }}
+{{ define "__alertmanagerurl" }}{{ .ExternalURL }}/#/alerts?receiver={{ .Receiver }}&silenced=false&inhibited=false&active=true&filter=%7Balertname%3D%22{{ .CommonLabels.alertname }}%22%7D{{ end }}
+{{ define "__dashboardurl" -}}{{ if match "^https://.+" (index .Alerts 0).Annotations.dashboard }}{{ (index .Alerts 0).Annotations.dashboard }}{{ else }}https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}{{ end }}{{- end }}
+{{ define "__runbookurl" -}}https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}{{- end }}
+
+{{ define "slack.default.title" }}{{ .Status | toUpper }}[{{ if eq .Status "firing" }}{{ .Alerts.Firing | len }}{{- else }}{{ .Alerts.Resolved | len }}{{- end }}] {{ (index .Alerts 0).Labels.alertname }} - Team {{ (index .Alerts 0).Labels.team }}{{ end }}
+{{ define "slack.default.username" }}{{ template "__alertmanager" . }}{{ end }}
+{{ define "slack.default.fallback" }}{{ template "slack.default.title" . }} | {{ template "slack.default.titlelink" . }}{{ end }}
+{{ define "slack.default.pretext" }}{{ end }}
+{{ define "slack.default.titlelink" }}{{ template "__alertmanagerurl" . }}{{ end }}
+{{ define "slack.default.iconemoji" }}{{ end }}
+{{ define "slack.default.iconurl" }}{{ end }}
+{{ define "slack.default.text" }}*Cluster:* {{ (index .Alerts 0).Labels.installation }}{{ if (index .Alerts 0).Labels.cluster_id }} / {{ (index .Alerts 0).Labels.cluster_id }}{{ end }}{{ if (index .Alerts 0).Labels.service }} / {{ (index .Alerts 0).Labels.service }}{{ end }}
+*Area:* {{ (index .Alerts 0).Labels.area }} / {{ (index .Alerts 0).Labels.topic }}
+{{- if (index .Alerts 0).Annotations.description }}
+*Instances*
+{{ if eq .Status "firing" }}
+{{ range .Alerts.Firing }}
+:fire: {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{- end }}
+{{ else }}
+{{ range .Alerts.Resolved }}
+:success: {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{- end }}
+{{ end }}
+{{- end }}
+{{ end }}
+
+
+{{ define "opsgenie.default.message" }}{{ .GroupLabels.installation }} / {{ .GroupLabels.cluster_id }}{{ if (index .Alerts 0).Labels.service }} / {{ (index .Alerts 0).Labels.service }}{{ end }} - {{ index (index .Alerts.Firing 0).Labels `alertname`}}{{ end }}
+{{ define "opsgenie.default.source" }}{{ template "__alertmanager" . }}{{ end }}
+{{ define "opsgenie.default.description" }}* Team: {{ (index .Alerts 0).Labels.team }}
+* Area: {{ (index .Alerts 0).Labels.area }} / {{ (index .Alerts 0).Labels.topic }}
+
+* Instances:{{ range .Alerts.Firing }}
+🔥 {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{ end }}
+
+---
+
+{{ if (index .Alerts 0).Annotations.opsrecipe -}}
+📗 Runbook: {{ template "__runbookurl" . }}
+{{ end -}}
+🔔 Alertmanager {{ template "__alertmanagerurl" . }}
+{{ if (index .Alerts 0).Annotations.dashboard -}}
+📈 Dashboard: {{ template "__dashboardurl" . }}
+{{ end -}}
+👀 Prometheus: {{ (index .Alerts 0).GeneratorURL }}
+
+---
+
+{{ if not (index .Alerts 0).Annotations.opsrecipe }}⚠️ There is no **runbook** for this alert, time to get your pen.{{- end }}
+{{ if not (index .Alerts 0).Annotations.dashboard }}⚠️ There is no **dashboard** for this alert, time to sketch.{{- end }}
+{{- end }}
+
+# This builds the silence URL.  We exclude the alertname in the range
+# to avoid the issue of having trailing comma separator (%2C) at the end
+# of the generated URL
+{{ define "__alert_silence_link" -}}
+    {{ .ExternalURL }}/#/silences/new?filter=%7B
+    {{- range .CommonLabels.SortedPairs -}}
+        {{- if ne .Name "alertname" -}}
+            {{- .Name }}%3D"{{- .Value -}}"%2C%20
+        {{- end -}}
+    {{- end -}}
+    alertname%3D"{{ .CommonLabels.alertname }}"%7D
+{{- end }}
+
+# Link to related PMs
+{{ define "__alert_linked_postmortems" -}}
+https://github.com/giantswarm/giantswarm/issues?q=is%3Aissue+is%3Aopen+label%3Apostmortem+label%3Aalert%2F{{ .CommonLabels.alertname }}
+{{- end }}
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-2-aws-v16.golden b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-2-aws-v16.golden
new file mode 100644
index 000000000..80c8b80b8
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-2-aws-v16.golden
@@ -0,0 +1,69 @@
+{{ define "__alertmanager" }}Alertmanager{{ end }}
+{{ define "__alertmanagerurl" }}{{ .ExternalURL }}/#/alerts?receiver={{ .Receiver }}&silenced=false&inhibited=false&active=true&filter=%7Balertname%3D%22{{ .CommonLabels.alertname }}%22%7D{{ end }}
+{{ define "__dashboardurl" -}}{{ if match "^https://.+" (index .Alerts 0).Annotations.dashboard }}{{ (index .Alerts 0).Annotations.dashboard }}{{ else }}https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}{{ end }}{{- end }}
+{{ define "__runbookurl" -}}https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}{{- end }}
+
+{{ define "slack.default.title" }}{{ .Status | toUpper }}[{{ if eq .Status "firing" }}{{ .Alerts.Firing | len }}{{- else }}{{ .Alerts.Resolved | len }}{{- end }}] {{ (index .Alerts 0).Labels.alertname }} - Team {{ (index .Alerts 0).Labels.team }}{{ end }}
+{{ define "slack.default.username" }}{{ template "__alertmanager" . }}{{ end }}
+{{ define "slack.default.fallback" }}{{ template "slack.default.title" . }} | {{ template "slack.default.titlelink" . }}{{ end }}
+{{ define "slack.default.pretext" }}{{ end }}
+{{ define "slack.default.titlelink" }}{{ template "__alertmanagerurl" . }}{{ end }}
+{{ define "slack.default.iconemoji" }}{{ end }}
+{{ define "slack.default.iconurl" }}{{ end }}
+{{ define "slack.default.text" }}*Cluster:* {{ (index .Alerts 0).Labels.installation }}{{ if (index .Alerts 0).Labels.cluster_id }} / {{ (index .Alerts 0).Labels.cluster_id }}{{ end }}{{ if (index .Alerts 0).Labels.service }} / {{ (index .Alerts 0).Labels.service }}{{ end }}
+*Area:* {{ (index .Alerts 0).Labels.area }} / {{ (index .Alerts 0).Labels.topic }}
+{{- if (index .Alerts 0).Annotations.description }}
+*Instances*
+{{ if eq .Status "firing" }}
+{{ range .Alerts.Firing }}
+:fire: {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{- end }}
+{{ else }}
+{{ range .Alerts.Resolved }}
+:success: {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{- end }}
+{{ end }}
+{{- end }}
+{{ end }}
+
+
+{{ define "opsgenie.default.message" }}{{ .GroupLabels.installation }} / {{ .GroupLabels.cluster_id }}{{ if (index .Alerts 0).Labels.service }} / {{ (index .Alerts 0).Labels.service }}{{ end }} - {{ index (index .Alerts.Firing 0).Labels `alertname`}}{{ end }}
+{{ define "opsgenie.default.source" }}{{ template "__alertmanager" . }}{{ end }}
+{{ define "opsgenie.default.description" }}* Team: {{ (index .Alerts 0).Labels.team }}
+* Area: {{ (index .Alerts 0).Labels.area }} / {{ (index .Alerts 0).Labels.topic }}
+
+* Instances:{{ range .Alerts.Firing }}
+🔥 {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{ end }}
+
+---
+
+{{ if (index .Alerts 0).Annotations.opsrecipe -}}
+📗 Runbook: {{ template "__runbookurl" . }}
+{{ end -}}
+🔔 Alertmanager {{ template "__alertmanagerurl" . }}
+{{ if (index .Alerts 0).Annotations.dashboard -}}
+📈 Dashboard: {{ template "__dashboardurl" . }}
+{{ end -}}
+👀 Prometheus: {{ (index .Alerts 0).GeneratorURL }}
+
+---
+
+{{ if not (index .Alerts 0).Annotations.opsrecipe }}⚠️ There is no **runbook** for this alert, time to get your pen.{{- end }}
+{{ if not (index .Alerts 0).Annotations.dashboard }}⚠️ There is no **dashboard** for this alert, time to sketch.{{- end }}
+{{- end }}
+
+# This builds the silence URL.  We exclude the alertname in the range
+# to avoid the issue of having trailing comma separator (%2C) at the end
+# of the generated URL
+{{ define "__alert_silence_link" -}}
+    {{ .ExternalURL }}/#/silences/new?filter=%7B
+    {{- range .CommonLabels.SortedPairs -}}
+        {{- if ne .Name "alertname" -}}
+            {{- .Name }}%3D"{{- .Value -}}"%2C%20
+        {{- end -}}
+    {{- end -}}
+    alertname%3D"{{ .CommonLabels.alertname }}"%7D
+{{- end }}
+
+# Link to related PMs
+{{ define "__alert_linked_postmortems" -}}
+https://github.com/giantswarm/giantswarm/issues?q=is%3Aissue+is%3Aopen+label%3Apostmortem+label%3Aalert%2F{{ .CommonLabels.alertname }}
+{{- end }}
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-3-aws-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..80c8b80b8
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-3-aws-v18.golden
@@ -0,0 +1,69 @@
+{{ define "__alertmanager" }}Alertmanager{{ end }}
+{{ define "__alertmanagerurl" }}{{ .ExternalURL }}/#/alerts?receiver={{ .Receiver }}&silenced=false&inhibited=false&active=true&filter=%7Balertname%3D%22{{ .CommonLabels.alertname }}%22%7D{{ end }}
+{{ define "__dashboardurl" -}}{{ if match "^https://.+" (index .Alerts 0).Annotations.dashboard }}{{ (index .Alerts 0).Annotations.dashboard }}{{ else }}https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}{{ end }}{{- end }}
+{{ define "__runbookurl" -}}https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}{{- end }}
+
+{{ define "slack.default.title" }}{{ .Status | toUpper }}[{{ if eq .Status "firing" }}{{ .Alerts.Firing | len }}{{- else }}{{ .Alerts.Resolved | len }}{{- end }}] {{ (index .Alerts 0).Labels.alertname }} - Team {{ (index .Alerts 0).Labels.team }}{{ end }}
+{{ define "slack.default.username" }}{{ template "__alertmanager" . }}{{ end }}
+{{ define "slack.default.fallback" }}{{ template "slack.default.title" . }} | {{ template "slack.default.titlelink" . }}{{ end }}
+{{ define "slack.default.pretext" }}{{ end }}
+{{ define "slack.default.titlelink" }}{{ template "__alertmanagerurl" . }}{{ end }}
+{{ define "slack.default.iconemoji" }}{{ end }}
+{{ define "slack.default.iconurl" }}{{ end }}
+{{ define "slack.default.text" }}*Cluster:* {{ (index .Alerts 0).Labels.installation }}{{ if (index .Alerts 0).Labels.cluster_id }} / {{ (index .Alerts 0).Labels.cluster_id }}{{ end }}{{ if (index .Alerts 0).Labels.service }} / {{ (index .Alerts 0).Labels.service }}{{ end }}
+*Area:* {{ (index .Alerts 0).Labels.area }} / {{ (index .Alerts 0).Labels.topic }}
+{{- if (index .Alerts 0).Annotations.description }}
+*Instances*
+{{ if eq .Status "firing" }}
+{{ range .Alerts.Firing }}
+:fire: {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{- end }}
+{{ else }}
+{{ range .Alerts.Resolved }}
+:success: {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{- end }}
+{{ end }}
+{{- end }}
+{{ end }}
+
+
+{{ define "opsgenie.default.message" }}{{ .GroupLabels.installation }} / {{ .GroupLabels.cluster_id }}{{ if (index .Alerts 0).Labels.service }} / {{ (index .Alerts 0).Labels.service }}{{ end }} - {{ index (index .Alerts.Firing 0).Labels `alertname`}}{{ end }}
+{{ define "opsgenie.default.source" }}{{ template "__alertmanager" . }}{{ end }}
+{{ define "opsgenie.default.description" }}* Team: {{ (index .Alerts 0).Labels.team }}
+* Area: {{ (index .Alerts 0).Labels.area }} / {{ (index .Alerts 0).Labels.topic }}
+
+* Instances:{{ range .Alerts.Firing }}
+🔥 {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{ end }}
+
+---
+
+{{ if (index .Alerts 0).Annotations.opsrecipe -}}
+📗 Runbook: {{ template "__runbookurl" . }}
+{{ end -}}
+🔔 Alertmanager {{ template "__alertmanagerurl" . }}
+{{ if (index .Alerts 0).Annotations.dashboard -}}
+📈 Dashboard: {{ template "__dashboardurl" . }}
+{{ end -}}
+👀 Prometheus: {{ (index .Alerts 0).GeneratorURL }}
+
+---
+
+{{ if not (index .Alerts 0).Annotations.opsrecipe }}⚠️ There is no **runbook** for this alert, time to get your pen.{{- end }}
+{{ if not (index .Alerts 0).Annotations.dashboard }}⚠️ There is no **dashboard** for this alert, time to sketch.{{- end }}
+{{- end }}
+
+# This builds the silence URL.  We exclude the alertname in the range
+# to avoid the issue of having trailing comma separator (%2C) at the end
+# of the generated URL
+{{ define "__alert_silence_link" -}}
+    {{ .ExternalURL }}/#/silences/new?filter=%7B
+    {{- range .CommonLabels.SortedPairs -}}
+        {{- if ne .Name "alertname" -}}
+            {{- .Name }}%3D"{{- .Value -}}"%2C%20
+        {{- end -}}
+    {{- end -}}
+    alertname%3D"{{ .CommonLabels.alertname }}"%7D
+{{- end }}
+
+# Link to related PMs
+{{ define "__alert_linked_postmortems" -}}
+https://github.com/giantswarm/giantswarm/issues?q=is%3Aissue+is%3Aopen+label%3Apostmortem+label%3Aalert%2F{{ .CommonLabels.alertname }}
+{{- end }}
diff --git a/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-4-azure-v18.golden b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..80c8b80b8
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerconfig/test/notification-template/vintage/case-4-azure-v18.golden
@@ -0,0 +1,69 @@
+{{ define "__alertmanager" }}Alertmanager{{ end }}
+{{ define "__alertmanagerurl" }}{{ .ExternalURL }}/#/alerts?receiver={{ .Receiver }}&silenced=false&inhibited=false&active=true&filter=%7Balertname%3D%22{{ .CommonLabels.alertname }}%22%7D{{ end }}
+{{ define "__dashboardurl" -}}{{ if match "^https://.+" (index .Alerts 0).Annotations.dashboard }}{{ (index .Alerts 0).Annotations.dashboard }}{{ else }}https://grafana/d/{{ (index .Alerts 0).Annotations.dashboard }}{{ end }}{{- end }}
+{{ define "__runbookurl" -}}https://intranet.giantswarm.io/docs/support-and-ops/ops-recipes/{{ (index .Alerts 0).Annotations.opsrecipe }}{{- end }}
+
+{{ define "slack.default.title" }}{{ .Status | toUpper }}[{{ if eq .Status "firing" }}{{ .Alerts.Firing | len }}{{- else }}{{ .Alerts.Resolved | len }}{{- end }}] {{ (index .Alerts 0).Labels.alertname }} - Team {{ (index .Alerts 0).Labels.team }}{{ end }}
+{{ define "slack.default.username" }}{{ template "__alertmanager" . }}{{ end }}
+{{ define "slack.default.fallback" }}{{ template "slack.default.title" . }} | {{ template "slack.default.titlelink" . }}{{ end }}
+{{ define "slack.default.pretext" }}{{ end }}
+{{ define "slack.default.titlelink" }}{{ template "__alertmanagerurl" . }}{{ end }}
+{{ define "slack.default.iconemoji" }}{{ end }}
+{{ define "slack.default.iconurl" }}{{ end }}
+{{ define "slack.default.text" }}*Cluster:* {{ (index .Alerts 0).Labels.installation }}{{ if (index .Alerts 0).Labels.cluster_id }} / {{ (index .Alerts 0).Labels.cluster_id }}{{ end }}{{ if (index .Alerts 0).Labels.service }} / {{ (index .Alerts 0).Labels.service }}{{ end }}
+*Area:* {{ (index .Alerts 0).Labels.area }} / {{ (index .Alerts 0).Labels.topic }}
+{{- if (index .Alerts 0).Annotations.description }}
+*Instances*
+{{ if eq .Status "firing" }}
+{{ range .Alerts.Firing }}
+:fire: {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{- end }}
+{{ else }}
+{{ range .Alerts.Resolved }}
+:success: {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{- end }}
+{{ end }}
+{{- end }}
+{{ end }}
+
+
+{{ define "opsgenie.default.message" }}{{ .GroupLabels.installation }} / {{ .GroupLabels.cluster_id }}{{ if (index .Alerts 0).Labels.service }} / {{ (index .Alerts 0).Labels.service }}{{ end }} - {{ index (index .Alerts.Firing 0).Labels `alertname`}}{{ end }}
+{{ define "opsgenie.default.source" }}{{ template "__alertmanager" . }}{{ end }}
+{{ define "opsgenie.default.description" }}* Team: {{ (index .Alerts 0).Labels.team }}
+* Area: {{ (index .Alerts 0).Labels.area }} / {{ (index .Alerts 0).Labels.topic }}
+
+* Instances:{{ range .Alerts.Firing }}
+🔥 {{ if .Labels.instance }}{{ .Labels.instance }}: {{ end }}{{ .Annotations.description }}{{ end }}
+
+---
+
+{{ if (index .Alerts 0).Annotations.opsrecipe -}}
+📗 Runbook: {{ template "__runbookurl" . }}
+{{ end -}}
+🔔 Alertmanager {{ template "__alertmanagerurl" . }}
+{{ if (index .Alerts 0).Annotations.dashboard -}}
+📈 Dashboard: {{ template "__dashboardurl" . }}
+{{ end -}}
+👀 Prometheus: {{ (index .Alerts 0).GeneratorURL }}
+
+---
+
+{{ if not (index .Alerts 0).Annotations.opsrecipe }}⚠️ There is no **runbook** for this alert, time to get your pen.{{- end }}
+{{ if not (index .Alerts 0).Annotations.dashboard }}⚠️ There is no **dashboard** for this alert, time to sketch.{{- end }}
+{{- end }}
+
+# This builds the silence URL.  We exclude the alertname in the range
+# to avoid the issue of having trailing comma separator (%2C) at the end
+# of the generated URL
+{{ define "__alert_silence_link" -}}
+    {{ .ExternalURL }}/#/silences/new?filter=%7B
+    {{- range .CommonLabels.SortedPairs -}}
+        {{- if ne .Name "alertname" -}}
+            {{- .Name }}%3D"{{- .Value -}}"%2C%20
+        {{- end -}}
+    {{- end -}}
+    alertname%3D"{{ .CommonLabels.alertname }}"%7D
+{{- end }}
+
+# Link to related PMs
+{{ define "__alert_linked_postmortems" -}}
+https://github.com/giantswarm/giantswarm/issues?q=is%3Aissue+is%3Aopen+label%3Apostmortem+label%3Aalert%2F{{ .CommonLabels.alertname }}
+{{- end }}
diff --git a/service/controller/resource/alerting/alertmanagerwiring/resource_test.go b/service/controller/resource/alerting/alertmanagerwiring/resource_test.go
index bf9d5591b..ec2a9129a 100644
--- a/service/controller/resource/alerting/alertmanagerwiring/resource_test.go
+++ b/service/controller/resource/alerting/alertmanagerwiring/resource_test.go
@@ -8,30 +8,34 @@ import (
 	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/unittest"
 )
 
-var update = flag.Bool("update", false, "update the ouput file")
+var update = flag.Bool("update", false, "update the output file")
 
 func TestAlertmanagerconfig(t *testing.T) {
-	outputDir, err := filepath.Abs("./test")
-	if err != nil {
-		t.Fatal(err)
-	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/" + flavor)
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			return toData(v), nil
-		},
-		TestFuncReturnsBytes: true,
-		Update:               *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc: func(v interface{}) (interface{}, error) {
+				return toData(v), nil
+			},
+			TestFuncReturnsBytes: true,
+			Update:               *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
diff --git a/service/controller/resource/alerting/alertmanagerwiring/test/case-1-vintage-mc.golden b/service/controller/resource/alerting/alertmanagerwiring/test/capi/case-1-capa-mc.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerwiring/test/case-1-vintage-mc.golden
rename to service/controller/resource/alerting/alertmanagerwiring/test/capi/case-1-capa-mc.golden
diff --git a/service/controller/resource/alerting/alertmanagerwiring/test/case-2-aws-v16.golden b/service/controller/resource/alerting/alertmanagerwiring/test/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerwiring/test/case-2-aws-v16.golden
rename to service/controller/resource/alerting/alertmanagerwiring/test/capi/case-2-capa.golden
diff --git a/service/controller/resource/alerting/alertmanagerwiring/test/case-3-aws-v18.golden b/service/controller/resource/alerting/alertmanagerwiring/test/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerwiring/test/case-3-aws-v18.golden
rename to service/controller/resource/alerting/alertmanagerwiring/test/capi/case-3-capz.golden
diff --git a/service/controller/resource/alerting/alertmanagerwiring/test/case-4-azure-v18.golden b/service/controller/resource/alerting/alertmanagerwiring/test/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerwiring/test/case-4-azure-v18.golden
rename to service/controller/resource/alerting/alertmanagerwiring/test/capi/case-4-eks.golden
diff --git a/service/controller/resource/alerting/alertmanagerwiring/test/case-5-eks-v18.golden b/service/controller/resource/alerting/alertmanagerwiring/test/capi/case-5-gcp.golden
similarity index 100%
rename from service/controller/resource/alerting/alertmanagerwiring/test/case-5-eks-v18.golden
rename to service/controller/resource/alerting/alertmanagerwiring/test/capi/case-5-gcp.golden
diff --git a/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-1-vintage-mc.golden b/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-1-vintage-mc.golden
new file mode 100644
index 000000000..423d6dbad
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-1-vintage-mc.golden
@@ -0,0 +1,6 @@
+- static_configs:
+  - targets:
+    - alertmanager-operated.monitoring.svc:9093	
+  scheme: http
+  timeout: 10s
+  api_version: v2
diff --git a/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-2-aws-v16.golden b/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-2-aws-v16.golden
new file mode 100644
index 000000000..423d6dbad
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-2-aws-v16.golden
@@ -0,0 +1,6 @@
+- static_configs:
+  - targets:
+    - alertmanager-operated.monitoring.svc:9093	
+  scheme: http
+  timeout: 10s
+  api_version: v2
diff --git a/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-3-aws-v18.golden b/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..423d6dbad
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-3-aws-v18.golden
@@ -0,0 +1,6 @@
+- static_configs:
+  - targets:
+    - alertmanager-operated.monitoring.svc:9093	
+  scheme: http
+  timeout: 10s
+  api_version: v2
diff --git a/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-4-azure-v18.golden b/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..423d6dbad
--- /dev/null
+++ b/service/controller/resource/alerting/alertmanagerwiring/test/vintage/case-4-azure-v18.golden
@@ -0,0 +1,6 @@
+- static_configs:
+  - targets:
+    - alertmanager-operated.monitoring.svc:9093	
+  scheme: http
+  timeout: 10s
+  api_version: v2
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/resource_test.go b/service/controller/resource/alerting/heartbeatwebhookconfig/resource_test.go
index 622e5c8df..08a3647e4 100644
--- a/service/controller/resource/alerting/heartbeatwebhookconfig/resource_test.go
+++ b/service/controller/resource/alerting/heartbeatwebhookconfig/resource_test.go
@@ -10,35 +10,37 @@ import (
 	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/unittest"
 )
 
-var update = flag.Bool("update", false, "update the ouput file")
+var update = flag.Bool("update", false, "update the output file")
 
 func TestAlertmanager(t *testing.T) {
-	outputDir, err := filepath.Abs("./test")
-	if err != nil {
-		t.Fatal(err)
-	}
-
 	proxyConfig := httpproxy.Config{}
 	config := Config{
 		Proxy:        proxyConfig.ProxyFunc(),
 		Installation: "test-installation",
 	}
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			return toAlertmanagerConfig(v, config)
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
+		c := unittest.Config{
+			OutputDir: outputDir,
+			Flavor:    flavor,
+			T:         t,
+			TestFunc: func(v interface{}) (interface{}, error) {
+				return toAlertmanagerConfig(v, config)
+			},
+			Update: *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-1-capa-mc.golden b/service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..2a240aac6
--- /dev/null
+++ b/service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-1-capa-mc.golden
@@ -0,0 +1,32 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: alertmanager
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: alertmanager
+  name: test-installation
+  namespace: monitoring
+spec:
+  receivers:
+  - name: heartbeat_test-installation_test-installation
+    webhookConfigs:
+    - httpConfig:
+        authorization:
+          credentials:
+            key: opsGenieApiKey
+            name: alertmanager-global
+          type: GenieKey
+      sendResolved: false
+      url: https://api.opsgenie.com/v2/heartbeats/test-installation-test-installation/ping
+  route:
+    groupInterval: 30s
+    groupWait: 30s
+    matchers:
+    - name: cluster_id
+      value: test-installation
+    - name: installation
+      value: test-installation
+    - name: type
+      value: heartbeat
+    receiver: heartbeat_test-installation_test-installation
+    repeatInterval: 15m
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/test/case-3-aws-v18.golden b/service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/alerting/heartbeatwebhookconfig/test/case-3-aws-v18.golden
rename to service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-2-capa.golden
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/test/case-4-azure-v18.golden b/service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/alerting/heartbeatwebhookconfig/test/case-4-azure-v18.golden
rename to service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-3-capz.golden
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/test/case-5-eks-v18.golden b/service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/alerting/heartbeatwebhookconfig/test/case-5-eks-v18.golden
rename to service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-4-eks.golden
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-5-gcp.golden b/service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-5-gcp.golden
new file mode 100644
index 000000000..9d7eb43c3
--- /dev/null
+++ b/service/controller/resource/alerting/heartbeatwebhookconfig/test/capi/case-5-gcp.golden
@@ -0,0 +1,32 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: alertmanager
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: alertmanager
+  name: gcp-sample
+  namespace: monitoring
+spec:
+  receivers:
+  - name: heartbeat_test-installation_gcp-sample
+    webhookConfigs:
+    - httpConfig:
+        authorization:
+          credentials:
+            key: opsGenieApiKey
+            name: alertmanager-global
+          type: GenieKey
+      sendResolved: false
+      url: https://api.opsgenie.com/v2/heartbeats/test-installation-gcp-sample/ping
+  route:
+    groupInterval: 30s
+    groupWait: 30s
+    matchers:
+    - name: cluster_id
+      value: gcp-sample
+    - name: installation
+      value: test-installation
+    - name: type
+      value: heartbeat
+    receiver: heartbeat_test-installation_gcp-sample
+    repeatInterval: 15m
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/test/case-1-vintage-mc.golden b/service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/alerting/heartbeatwebhookconfig/test/case-1-vintage-mc.golden
rename to service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/test/case-2-aws-v16.golden b/service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/alerting/heartbeatwebhookconfig/test/case-2-aws-v16.golden
rename to service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-3-aws-v18.golden b/service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..e03600884
--- /dev/null
+++ b/service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-3-aws-v18.golden
@@ -0,0 +1,32 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: alertmanager
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: alertmanager
+  name: baz
+  namespace: monitoring
+spec:
+  receivers:
+  - name: heartbeat_test-installation_baz
+    webhookConfigs:
+    - httpConfig:
+        authorization:
+          credentials:
+            key: opsGenieApiKey
+            name: alertmanager-global
+          type: GenieKey
+      sendResolved: false
+      url: https://api.opsgenie.com/v2/heartbeats/test-installation-baz/ping
+  route:
+    groupInterval: 30s
+    groupWait: 30s
+    matchers:
+    - name: cluster_id
+      value: baz
+    - name: installation
+      value: test-installation
+    - name: type
+      value: heartbeat
+    receiver: heartbeat_test-installation_baz
+    repeatInterval: 15m
diff --git a/service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-4-azure-v18.golden b/service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..b3f219c58
--- /dev/null
+++ b/service/controller/resource/alerting/heartbeatwebhookconfig/test/vintage/case-4-azure-v18.golden
@@ -0,0 +1,32 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: alertmanager
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: alertmanager
+  name: foo
+  namespace: monitoring
+spec:
+  receivers:
+  - name: heartbeat_test-installation_foo
+    webhookConfigs:
+    - httpConfig:
+        authorization:
+          credentials:
+            key: opsGenieApiKey
+            name: alertmanager-global
+          type: GenieKey
+      sendResolved: false
+      url: https://api.opsgenie.com/v2/heartbeats/test-installation-foo/ping
+  route:
+    groupInterval: 30s
+    groupWait: 30s
+    matchers:
+    - name: cluster_id
+      value: foo
+    - name: installation
+      value: test-installation
+    - name: type
+      value: heartbeat
+    receiver: heartbeat_test-installation_foo
+    repeatInterval: 15m
diff --git a/service/controller/resource/monitoring/ingress/resource_test.go b/service/controller/resource/monitoring/ingress/resource_test.go
index ae06532a5..af01668da 100644
--- a/service/controller/resource/monitoring/ingress/resource_test.go
+++ b/service/controller/resource/monitoring/ingress/resource_test.go
@@ -8,104 +8,121 @@ import (
 	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/unittest"
 )
 
-var update = flag.Bool("update", false, "update the ouput file")
+var update = flag.Bool("update", false, "update the output file")
 
 func TestIngressDefault(t *testing.T) {
-	outputDir, err := filepath.Abs("./test/default")
-	if err != nil {
-		t.Fatal(err)
+	testFunc := func(v interface{}) (interface{}, error) {
+		return toIngress(v, Config{BaseDomain: "prometheus"})
 	}
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			return toIngress(v, Config{BaseDomain: "prometheus"})
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/default/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc:  testFunc,
+			Update:    *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
 
 func TestIngressRestrictedAccess(t *testing.T) {
-	outputDir, err := filepath.Abs("./test/restricted-access")
-	if err != nil {
-		t.Fatal(err)
-	}
+	testFunc := func(v interface{}) (interface{}, error) {
+		return toIngress(v, Config{BaseDomain: "prometheus", RestrictedAccessEnabled: true, WhitelistedSubnets: "21.10.178/24"})
+	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/restricted-access/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			return toIngress(v, Config{BaseDomain: "prometheus", RestrictedAccessEnabled: true, WhitelistedSubnets: "21.10.178/24"})
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc:  testFunc,
+			Update:    *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
 
 func TestIngressExternalDNS(t *testing.T) {
-	outputDir, err := filepath.Abs("./test/externaldns")
-	if err != nil {
-		t.Fatal(err)
-	}
+	testFunc := func(v interface{}) (interface{}, error) {
+		return toIngress(v, Config{BaseDomain: "prometheus", ExternalDNS: true})
+	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/externaldns/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			return toIngress(v, Config{BaseDomain: "prometheus", ExternalDNS: true})
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc:  testFunc,
+			Update:    *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
 
 func TestIngressExternalDNSWithRestrictedAccess(t *testing.T) {
-	outputDir, err := filepath.Abs("./test/externaldns-with-restricted-access")
-	if err != nil {
-		t.Fatal(err)
-	}
+	testFunc := func(v interface{}) (interface{}, error) {
+		return toIngress(v, Config{BaseDomain: "prometheus.3lkdj.test.gigantic.io", ExternalDNS: true, RestrictedAccessEnabled: true, WhitelistedSubnets: "21.10.178/24"})
+	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/externaldns-with-restricted-access/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			return toIngress(v, Config{BaseDomain: "prometheus.3lkdj.test.gigantic.io", ExternalDNS: true, RestrictedAccessEnabled: true, WhitelistedSubnets: "21.10.178/24"})
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc:  testFunc,
+			Update:    *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
diff --git a/service/controller/resource/monitoring/ingress/test/default/capi/case-1-capa-mc.golden b/service/controller/resource/monitoring/ingress/test/default/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..86be6652d
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/default/capi/case-1-capa-mc.golden
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: test-installation
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: test-installation
+  name: prometheus-test-installation
+  namespace: test-installation-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /test-installation
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/default/case-3-aws-v18.golden b/service/controller/resource/monitoring/ingress/test/default/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/default/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/ingress/test/default/capi/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/ingress/test/default/case-4-azure-v18.golden b/service/controller/resource/monitoring/ingress/test/default/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/default/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/ingress/test/default/capi/case-3-capz.golden
diff --git a/service/controller/resource/monitoring/ingress/test/default/case-5-eks-v18.golden b/service/controller/resource/monitoring/ingress/test/default/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/default/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/ingress/test/default/capi/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/ingress/test/default/capi/case-5-gcp.golden b/service/controller/resource/monitoring/ingress/test/default/capi/case-5-gcp.golden
new file mode 100644
index 000000000..2fcccd884
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/default/capi/case-5-gcp.golden
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: gcp-sample
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: gcp-sample
+  name: prometheus-gcp-sample
+  namespace: gcp-sample-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /gcp-sample
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/default/case-1-vintage-mc.golden b/service/controller/resource/monitoring/ingress/test/default/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/default/case-1-vintage-mc.golden
rename to service/controller/resource/monitoring/ingress/test/default/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/monitoring/ingress/test/default/case-2-aws-v16.golden b/service/controller/resource/monitoring/ingress/test/default/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/default/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/ingress/test/default/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/monitoring/ingress/test/default/vintage/case-3-aws-v18.golden b/service/controller/resource/monitoring/ingress/test/default/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..034974d6a
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/default/vintage/case-3-aws-v18.golden
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: baz
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: baz
+  name: prometheus-baz
+  namespace: baz-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /baz
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/default/vintage/case-4-azure-v18.golden b/service/controller/resource/monitoring/ingress/test/default/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..a6ded9353
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/default/vintage/case-4-azure-v18.golden
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: foo
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: foo
+  name: prometheus-foo
+  namespace: foo-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /foo
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-1-capa-mc.golden b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..49aeb5df9
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-1-capa-mc.golden
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus.3lkdj.test.gigantic.io
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/whitelist-source-range: 21.10.178/24
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: test-installation
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: test-installation
+  name: prometheus-test-installation
+  namespace: test-installation-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus.3lkdj.test.gigantic.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /test-installation
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-3-aws-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-4-azure-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-3-capz.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-5-eks-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-5-gcp.golden b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-5-gcp.golden
new file mode 100644
index 000000000..ef955bd28
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/capi/case-5-gcp.golden
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus.3lkdj.test.gigantic.io
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/whitelist-source-range: 21.10.178/24
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: gcp-sample
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: gcp-sample
+  name: prometheus-gcp-sample
+  namespace: gcp-sample-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus.3lkdj.test.gigantic.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /gcp-sample
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-1-vintage-mc.golden b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-1-vintage-mc.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-2-aws-v16.golden b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-3-aws-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..f86fc6882
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-3-aws-v18.golden
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus.3lkdj.test.gigantic.io
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/whitelist-source-range: 21.10.178/24
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: baz
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: baz
+  name: prometheus-baz
+  namespace: baz-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus.3lkdj.test.gigantic.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /baz
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-4-azure-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..b7e8c632f
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/externaldns-with-restricted-access/vintage/case-4-azure-v18.golden
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus.3lkdj.test.gigantic.io
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/whitelist-source-range: 21.10.178/24
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: foo
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: foo
+  name: prometheus-foo
+  namespace: foo-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus.3lkdj.test.gigantic.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /foo
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns/capi/case-1-capa-mc.golden b/service/controller/resource/monitoring/ingress/test/externaldns/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..61a6c5109
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/externaldns/capi/case-1-capa-mc.golden
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: test-installation
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: test-installation
+  name: prometheus-test-installation
+  namespace: test-installation-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /test-installation
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns/case-3-aws-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns/capi/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns/case-4-azure-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns/capi/case-3-capz.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns/case-5-eks-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns/capi/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns/capi/case-5-gcp.golden b/service/controller/resource/monitoring/ingress/test/externaldns/capi/case-5-gcp.golden
new file mode 100644
index 000000000..4f810c449
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/externaldns/capi/case-5-gcp.golden
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: gcp-sample
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: gcp-sample
+  name: prometheus-gcp-sample
+  namespace: gcp-sample-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /gcp-sample
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns/case-1-vintage-mc.golden b/service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns/case-1-vintage-mc.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns/case-2-aws-v16.golden b/service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/externaldns/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-3-aws-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..66dbcc649
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-3-aws-v18.golden
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: baz
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: baz
+  name: prometheus-baz
+  namespace: baz-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /baz
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-4-azure-v18.golden b/service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..a7cf784f0
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/externaldns/vintage/case-4-azure-v18.golden
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: foo
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: foo
+  name: prometheus-foo
+  namespace: foo-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /foo
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-1-capa-mc.golden b/service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..b83bae4a3
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-1-capa-mc.golden
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/whitelist-source-range: 21.10.178/24
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: test-installation
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: test-installation
+  name: prometheus-test-installation
+  namespace: test-installation-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /test-installation
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/restricted-access/case-3-aws-v18.golden b/service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/restricted-access/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/ingress/test/restricted-access/case-4-azure-v18.golden b/service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/restricted-access/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-3-capz.golden
diff --git a/service/controller/resource/monitoring/ingress/test/restricted-access/case-5-eks-v18.golden b/service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/restricted-access/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-5-gcp.golden b/service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-5-gcp.golden
new file mode 100644
index 000000000..eabd6cceb
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/restricted-access/capi/case-5-gcp.golden
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/whitelist-source-range: 21.10.178/24
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: gcp-sample
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: gcp-sample
+  name: prometheus-gcp-sample
+  namespace: gcp-sample-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /gcp-sample
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/restricted-access/case-1-vintage-mc.golden b/service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/restricted-access/case-1-vintage-mc.golden
rename to service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/monitoring/ingress/test/restricted-access/case-2-aws-v16.golden b/service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/monitoring/ingress/test/restricted-access/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-3-aws-v18.golden b/service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..91fb357aa
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-3-aws-v18.golden
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/whitelist-source-range: 21.10.178/24
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: baz
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: baz
+  name: prometheus-baz
+  namespace: baz-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /baz
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-4-azure-v18.golden b/service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..0a6927223
--- /dev/null
+++ b/service/controller/resource/monitoring/ingress/test/restricted-access/vintage/case-4-azure-v18.golden
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/whitelist-source-range: 21.10.178/24
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: foo
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: foo
+  name: prometheus-foo
+  namespace: foo-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /foo
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/prometheus/resource_test.go b/service/controller/resource/monitoring/prometheus/resource_test.go
index 33a29f91e..1214c1f69 100644
--- a/service/controller/resource/monitoring/prometheus/resource_test.go
+++ b/service/controller/resource/monitoring/prometheus/resource_test.go
@@ -18,14 +18,10 @@ import (
 	"github.com/giantswarm/prometheus-meta-operator/v2/service/key"
 )
 
-var update = flag.Bool("update", false, "update the ouput file")
+var update = flag.Bool("update", false, "update the output file")
 
 func TestPrometheus(t *testing.T) {
-	outputDir, err := filepath.Abs("./test")
-	if err != nil {
-		t.Fatal(err)
-	}
-
+	var err error
 	var logger micrologger.Logger
 	{
 		c := micrologger.Config{}
@@ -36,69 +32,78 @@ func TestPrometheus(t *testing.T) {
 		}
 	}
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			testCluster, err := key.ToCluster(v)
-			if err != nil {
-				t.Fatal(err)
-			}
-			var secret runtime.Object
-			{
-				secret = &v1.Secret{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "cluster-certificates",
-						Namespace: key.Namespace(testCluster),
-					},
-					Data: map[string][]byte{
-						"token": []byte("my-token"),
-					},
-				}
-			}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-			var k8sClient k8sclient.Interface
-			{
-				c := k8sclient.ClientsConfig{
-					Logger:        logger,
-					SchemeBuilder: k8sclient.SchemeBuilder(v1.SchemeBuilder),
-				}
-				k8sClient, err = fake.NewClients(c, secret)
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc: func(v interface{}) (interface{}, error) {
+				testCluster, err := key.ToCluster(v)
 				if err != nil {
 					t.Fatal(err)
 				}
-			}
 
-			config := Config{
-				Address:            "http://prometheus/cluster",
-				Customer:           "Giant Swarm",
-				EvaluationInterval: "60s",
-				Installation:       "test-installation",
-				Pipeline:           "testing",
-				K8sClient:          k8sClient,
-				Provider: cluster.Provider{
-					Kind:   "aws",
-					Flavor: "vintage",
-				},
-				Region:          "onprem",
-				ImageRepository: "giantswarm/prometheus",
-				LogLevel:        "debug",
-				Registry:        "quay.io",
-				ScrapeInterval:  "60s",
-				Version:         "v2.28.1",
-			}
+				var secret runtime.Object
+				{
+					secret = &v1.Secret{
+						ObjectMeta: metav1.ObjectMeta{
+							Name:      "cluster-certificates",
+							Namespace: key.Namespace(testCluster),
+						},
+						Data: map[string][]byte{
+							"token": []byte("my-token"),
+						},
+					}
+				}
 
-			return toPrometheus(context.Background(), v, config)
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+				var k8sClient k8sclient.Interface
+				{
+					c := k8sclient.ClientsConfig{
+						Logger:        logger,
+						SchemeBuilder: k8sclient.SchemeBuilder(v1.SchemeBuilder),
+					}
+					k8sClient, err = fake.NewClients(c, secret)
+					if err != nil {
+						t.Fatal(err)
+					}
+				}
+
+				config := Config{
+					Address:            "http://prometheus/cluster",
+					Customer:           "Giant Swarm",
+					EvaluationInterval: "60s",
+					Installation:       "test-installation",
+					Pipeline:           "testing",
+					K8sClient:          k8sClient,
+					Provider: cluster.Provider{
+						Kind:   "aws",
+						Flavor: flavor,
+					},
+					Region:          "onprem",
+					ImageRepository: "giantswarm/prometheus",
+					LogLevel:        "debug",
+					Registry:        "quay.io",
+					ScrapeInterval:  "60s",
+					Version:         "v2.28.1",
+				}
+
+				return toPrometheus(context.Background(), v, config)
+			},
+			Update: *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
diff --git a/service/controller/resource/monitoring/prometheus/test/capi/case-1-capa-mc.golden b/service/controller/resource/monitoring/prometheus/test/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..cfbcec251
--- /dev/null
+++ b/service/controller/resource/monitoring/prometheus/test/capi/case-1-capa-mc.golden
@@ -0,0 +1,124 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: test-installation
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: test-installation
+  name: test-installation
+  namespace: test-installation-prometheus
+spec:
+  additionalAlertManagerConfigs:
+    key: alertmanager-additional.yaml
+    name: alertmanager-config
+  additionalScrapeConfigs:
+    key: prometheus-additional.yaml
+    name: additional-scrape-configs
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: node-role.kubernetes.io/control-plane
+            operator: DoesNotExist
+  apiserverConfig:
+    bearerTokenFile: /etc/prometheus/secrets/cluster-certificates/token
+    host: https://master.test-installation:443
+    tlsConfig:
+      ca: {}
+      caFile: /etc/prometheus/secrets/cluster-certificates/ca
+      cert: {}
+  arbitraryFSAccessThroughSMs: {}
+  enableRemoteWriteReceiver: true
+  evaluationInterval: 60s
+  externalLabels:
+    cluster_id: test-installation
+    cluster_type: workload_cluster
+    customer: Giant Swarm
+    installation: test-installation
+    pipeline: testing
+    provider: capa
+    region: onprem
+  externalUrl: http://prometheus/test-installation
+  image: quay.io/giantswarm/prometheus:v2.28.1
+  keepDroppedTargets: 5
+  logLevel: debug
+  podMetadata:
+    labels:
+      app.kubernetes.io/instance: test-installation
+      app.kubernetes.io/managed-by: prometheus-meta-operator
+      app.kubernetes.io/name: prometheus
+      giantswarm.io/cluster: test-installation
+      giantswarm.io/monitoring: "true"
+  priorityClassName: prometheus
+  replicas: 1
+  resources:
+    limits:
+      cpu: 150m
+      memory: "1073741824"
+    requests:
+      cpu: 100m
+      memory: "1073741824"
+  retentionSize: 85GiB
+  routePrefix: /test-installation
+  ruleNamespaceSelector:
+    matchExpressions:
+    - key: kubernetes.io/metadata.name
+      operator: Exists
+  ruleSelector:
+    matchExpressions:
+    - key: cluster_type
+      operator: NotIn
+      values:
+      - management_cluster
+    - key: application.giantswarm.io/team
+      operator: Exists
+  rules:
+    alert: {}
+  scrapeInterval: 60s
+  secrets:
+  - cluster-certificates
+  securityContext:
+    fsGroup: 2000
+    runAsGroup: 65534
+    runAsNonRoot: true
+    runAsUser: 1000
+    seccompProfile:
+      type: RuntimeDefault
+  serviceMonitorNamespaceSelector:
+    matchExpressions:
+    - key: nonexistentkey
+      operator: Exists
+  serviceMonitorSelector:
+    matchExpressions:
+    - key: nonexistentkey
+      operator: Exists
+  shards: 1
+  storage:
+    volumeClaimTemplate:
+      metadata: {}
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 100Gi
+      status: {}
+  topologySpreadConstraints:
+  - labelSelector:
+      matchLabels:
+        app.kubernetes.io/name: prometheus
+    maxSkew: 1
+    topologyKey: kubernetes.io/hostname
+    whenUnsatisfiable: ScheduleAnyway
+  tsdb: {}
+  version: v2.28.1
+  walCompression: true
+  web:
+    pageTitle: test-installation/test-installation Prometheus
+status:
+  availableReplicas: 0
+  paused: false
+  replicas: 0
+  unavailableReplicas: 0
+  updatedReplicas: 0
diff --git a/service/controller/resource/monitoring/prometheus/test/capi/case-2-capa.golden b/service/controller/resource/monitoring/prometheus/test/capi/case-2-capa.golden
new file mode 100644
index 000000000..5f39c0e9a
--- /dev/null
+++ b/service/controller/resource/monitoring/prometheus/test/capi/case-2-capa.golden
@@ -0,0 +1,124 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: baz
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: baz
+  name: baz
+  namespace: baz-prometheus
+spec:
+  additionalAlertManagerConfigs:
+    key: alertmanager-additional.yaml
+    name: alertmanager-config
+  additionalScrapeConfigs:
+    key: prometheus-additional.yaml
+    name: additional-scrape-configs
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: node-role.kubernetes.io/control-plane
+            operator: DoesNotExist
+  apiserverConfig:
+    bearerTokenFile: /etc/prometheus/secrets/cluster-certificates/token
+    host: https://master.baz:443
+    tlsConfig:
+      ca: {}
+      caFile: /etc/prometheus/secrets/cluster-certificates/ca
+      cert: {}
+  arbitraryFSAccessThroughSMs: {}
+  enableRemoteWriteReceiver: true
+  evaluationInterval: 60s
+  externalLabels:
+    cluster_id: baz
+    cluster_type: workload_cluster
+    customer: Giant Swarm
+    installation: test-installation
+    pipeline: testing
+    provider: capa
+    region: onprem
+  externalUrl: http://prometheus/baz
+  image: quay.io/giantswarm/prometheus:v2.28.1
+  keepDroppedTargets: 5
+  logLevel: debug
+  podMetadata:
+    labels:
+      app.kubernetes.io/instance: baz
+      app.kubernetes.io/managed-by: prometheus-meta-operator
+      app.kubernetes.io/name: prometheus
+      giantswarm.io/cluster: baz
+      giantswarm.io/monitoring: "true"
+  priorityClassName: prometheus
+  replicas: 1
+  resources:
+    limits:
+      cpu: 150m
+      memory: "1073741824"
+    requests:
+      cpu: 100m
+      memory: "1073741824"
+  retentionSize: 85GiB
+  routePrefix: /baz
+  ruleNamespaceSelector:
+    matchExpressions:
+    - key: kubernetes.io/metadata.name
+      operator: Exists
+  ruleSelector:
+    matchExpressions:
+    - key: cluster_type
+      operator: NotIn
+      values:
+      - management_cluster
+    - key: application.giantswarm.io/team
+      operator: Exists
+  rules:
+    alert: {}
+  scrapeInterval: 60s
+  secrets:
+  - cluster-certificates
+  securityContext:
+    fsGroup: 2000
+    runAsGroup: 65534
+    runAsNonRoot: true
+    runAsUser: 1000
+    seccompProfile:
+      type: RuntimeDefault
+  serviceMonitorNamespaceSelector:
+    matchExpressions:
+    - key: nonexistentkey
+      operator: Exists
+  serviceMonitorSelector:
+    matchExpressions:
+    - key: nonexistentkey
+      operator: Exists
+  shards: 1
+  storage:
+    volumeClaimTemplate:
+      metadata: {}
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 100Gi
+      status: {}
+  topologySpreadConstraints:
+  - labelSelector:
+      matchLabels:
+        app.kubernetes.io/name: prometheus
+    maxSkew: 1
+    topologyKey: kubernetes.io/hostname
+    whenUnsatisfiable: ScheduleAnyway
+  tsdb: {}
+  version: v2.28.1
+  walCompression: true
+  web:
+    pageTitle: test-installation/baz Prometheus
+status:
+  availableReplicas: 0
+  paused: false
+  replicas: 0
+  unavailableReplicas: 0
+  updatedReplicas: 0
diff --git a/service/controller/resource/monitoring/prometheus/test/capi/case-3-capz.golden b/service/controller/resource/monitoring/prometheus/test/capi/case-3-capz.golden
new file mode 100644
index 000000000..3ec3146ee
--- /dev/null
+++ b/service/controller/resource/monitoring/prometheus/test/capi/case-3-capz.golden
@@ -0,0 +1,124 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: foo
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: foo
+  name: foo
+  namespace: foo-prometheus
+spec:
+  additionalAlertManagerConfigs:
+    key: alertmanager-additional.yaml
+    name: alertmanager-config
+  additionalScrapeConfigs:
+    key: prometheus-additional.yaml
+    name: additional-scrape-configs
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: node-role.kubernetes.io/control-plane
+            operator: DoesNotExist
+  apiserverConfig:
+    bearerTokenFile: /etc/prometheus/secrets/cluster-certificates/token
+    host: https://master.foo:443
+    tlsConfig:
+      ca: {}
+      caFile: /etc/prometheus/secrets/cluster-certificates/ca
+      cert: {}
+  arbitraryFSAccessThroughSMs: {}
+  enableRemoteWriteReceiver: true
+  evaluationInterval: 60s
+  externalLabels:
+    cluster_id: foo
+    cluster_type: workload_cluster
+    customer: Giant Swarm
+    installation: test-installation
+    pipeline: testing
+    provider: capz
+    region: onprem
+  externalUrl: http://prometheus/foo
+  image: quay.io/giantswarm/prometheus:v2.28.1
+  keepDroppedTargets: 5
+  logLevel: debug
+  podMetadata:
+    labels:
+      app.kubernetes.io/instance: foo
+      app.kubernetes.io/managed-by: prometheus-meta-operator
+      app.kubernetes.io/name: prometheus
+      giantswarm.io/cluster: foo
+      giantswarm.io/monitoring: "true"
+  priorityClassName: prometheus
+  replicas: 1
+  resources:
+    limits:
+      cpu: 150m
+      memory: "1073741824"
+    requests:
+      cpu: 100m
+      memory: "1073741824"
+  retentionSize: 85GiB
+  routePrefix: /foo
+  ruleNamespaceSelector:
+    matchExpressions:
+    - key: kubernetes.io/metadata.name
+      operator: Exists
+  ruleSelector:
+    matchExpressions:
+    - key: cluster_type
+      operator: NotIn
+      values:
+      - management_cluster
+    - key: application.giantswarm.io/team
+      operator: Exists
+  rules:
+    alert: {}
+  scrapeInterval: 60s
+  secrets:
+  - cluster-certificates
+  securityContext:
+    fsGroup: 2000
+    runAsGroup: 65534
+    runAsNonRoot: true
+    runAsUser: 1000
+    seccompProfile:
+      type: RuntimeDefault
+  serviceMonitorNamespaceSelector:
+    matchExpressions:
+    - key: nonexistentkey
+      operator: Exists
+  serviceMonitorSelector:
+    matchExpressions:
+    - key: nonexistentkey
+      operator: Exists
+  shards: 1
+  storage:
+    volumeClaimTemplate:
+      metadata: {}
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 100Gi
+      status: {}
+  topologySpreadConstraints:
+  - labelSelector:
+      matchLabels:
+        app.kubernetes.io/name: prometheus
+    maxSkew: 1
+    topologyKey: kubernetes.io/hostname
+    whenUnsatisfiable: ScheduleAnyway
+  tsdb: {}
+  version: v2.28.1
+  walCompression: true
+  web:
+    pageTitle: test-installation/foo Prometheus
+status:
+  availableReplicas: 0
+  paused: false
+  replicas: 0
+  unavailableReplicas: 0
+  updatedReplicas: 0
diff --git a/service/controller/resource/monitoring/prometheus/test/case-5-eks-v18.golden b/service/controller/resource/monitoring/prometheus/test/capi/case-4-eks.golden
similarity index 99%
rename from service/controller/resource/monitoring/prometheus/test/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/prometheus/test/capi/case-4-eks.golden
index fd295cbde..270ba08fa 100644
--- a/service/controller/resource/monitoring/prometheus/test/case-5-eks-v18.golden
+++ b/service/controller/resource/monitoring/prometheus/test/capi/case-4-eks.golden
@@ -37,7 +37,7 @@ spec:
     customer: Giant Swarm
     installation: test-installation
     pipeline: testing
-    provider: aws
+    provider: eks
     region: onprem
   externalUrl: http://prometheus/eks-sample
   image: quay.io/giantswarm/prometheus:v2.28.1
diff --git a/service/controller/resource/monitoring/prometheus/test/capi/case-5-gcp.golden b/service/controller/resource/monitoring/prometheus/test/capi/case-5-gcp.golden
new file mode 100644
index 000000000..1f86421f3
--- /dev/null
+++ b/service/controller/resource/monitoring/prometheus/test/capi/case-5-gcp.golden
@@ -0,0 +1,124 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: gcp-sample
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: gcp-sample
+  name: gcp-sample
+  namespace: gcp-sample-prometheus
+spec:
+  additionalAlertManagerConfigs:
+    key: alertmanager-additional.yaml
+    name: alertmanager-config
+  additionalScrapeConfigs:
+    key: prometheus-additional.yaml
+    name: additional-scrape-configs
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: node-role.kubernetes.io/control-plane
+            operator: DoesNotExist
+  apiserverConfig:
+    bearerTokenFile: /etc/prometheus/secrets/cluster-certificates/token
+    host: https://master.gcp-sample:443
+    tlsConfig:
+      ca: {}
+      caFile: /etc/prometheus/secrets/cluster-certificates/ca
+      cert: {}
+  arbitraryFSAccessThroughSMs: {}
+  enableRemoteWriteReceiver: true
+  evaluationInterval: 60s
+  externalLabels:
+    cluster_id: gcp-sample
+    cluster_type: workload_cluster
+    customer: Giant Swarm
+    installation: test-installation
+    pipeline: testing
+    provider: gcp
+    region: onprem
+  externalUrl: http://prometheus/gcp-sample
+  image: quay.io/giantswarm/prometheus:v2.28.1
+  keepDroppedTargets: 5
+  logLevel: debug
+  podMetadata:
+    labels:
+      app.kubernetes.io/instance: gcp-sample
+      app.kubernetes.io/managed-by: prometheus-meta-operator
+      app.kubernetes.io/name: prometheus
+      giantswarm.io/cluster: gcp-sample
+      giantswarm.io/monitoring: "true"
+  priorityClassName: prometheus
+  replicas: 1
+  resources:
+    limits:
+      cpu: 150m
+      memory: "1073741824"
+    requests:
+      cpu: 100m
+      memory: "1073741824"
+  retentionSize: 85GiB
+  routePrefix: /gcp-sample
+  ruleNamespaceSelector:
+    matchExpressions:
+    - key: kubernetes.io/metadata.name
+      operator: Exists
+  ruleSelector:
+    matchExpressions:
+    - key: cluster_type
+      operator: NotIn
+      values:
+      - management_cluster
+    - key: application.giantswarm.io/team
+      operator: Exists
+  rules:
+    alert: {}
+  scrapeInterval: 60s
+  secrets:
+  - cluster-certificates
+  securityContext:
+    fsGroup: 2000
+    runAsGroup: 65534
+    runAsNonRoot: true
+    runAsUser: 1000
+    seccompProfile:
+      type: RuntimeDefault
+  serviceMonitorNamespaceSelector:
+    matchExpressions:
+    - key: nonexistentkey
+      operator: Exists
+  serviceMonitorSelector:
+    matchExpressions:
+    - key: nonexistentkey
+      operator: Exists
+  shards: 1
+  storage:
+    volumeClaimTemplate:
+      metadata: {}
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 100Gi
+      status: {}
+  topologySpreadConstraints:
+  - labelSelector:
+      matchLabels:
+        app.kubernetes.io/name: prometheus
+    maxSkew: 1
+    topologyKey: kubernetes.io/hostname
+    whenUnsatisfiable: ScheduleAnyway
+  tsdb: {}
+  version: v2.28.1
+  walCompression: true
+  web:
+    pageTitle: test-installation/gcp-sample Prometheus
+status:
+  availableReplicas: 0
+  paused: false
+  replicas: 0
+  unavailableReplicas: 0
+  updatedReplicas: 0
diff --git a/service/controller/resource/monitoring/prometheus/test/case-1-vintage-mc.golden b/service/controller/resource/monitoring/prometheus/test/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/monitoring/prometheus/test/case-1-vintage-mc.golden
rename to service/controller/resource/monitoring/prometheus/test/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/monitoring/prometheus/test/case-2-aws-v16.golden b/service/controller/resource/monitoring/prometheus/test/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/monitoring/prometheus/test/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/prometheus/test/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/monitoring/prometheus/test/case-3-aws-v18.golden b/service/controller/resource/monitoring/prometheus/test/vintage/case-3-aws-v18.golden
similarity index 100%
rename from service/controller/resource/monitoring/prometheus/test/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/prometheus/test/vintage/case-3-aws-v18.golden
diff --git a/service/controller/resource/monitoring/prometheus/test/case-4-azure-v18.golden b/service/controller/resource/monitoring/prometheus/test/vintage/case-4-azure-v18.golden
similarity index 100%
rename from service/controller/resource/monitoring/prometheus/test/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/prometheus/test/vintage/case-4-azure-v18.golden
diff --git a/service/controller/resource/monitoring/remotewriteconfig/shards_test.go b/service/controller/resource/monitoring/remotewriteconfig/shards_test.go
index 40d5d38d1..26d6e75b0 100644
--- a/service/controller/resource/monitoring/remotewriteconfig/shards_test.go
+++ b/service/controller/resource/monitoring/remotewriteconfig/shards_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 )
 
-var _ = flag.Bool("update", false, "update the ouput file")
+var _ = flag.Bool("update", false, "update the output file")
 
 func TestShardComputationScaleUp(t *testing.T) {
 	expected := 1
diff --git a/service/controller/resource/monitoring/remotewriteingress/resource_test.go b/service/controller/resource/monitoring/remotewriteingress/resource_test.go
index 5aab5ceb2..4e9fd732f 100644
--- a/service/controller/resource/monitoring/remotewriteingress/resource_test.go
+++ b/service/controller/resource/monitoring/remotewriteingress/resource_test.go
@@ -8,54 +8,62 @@ import (
 	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/unittest"
 )
 
-var update = flag.Bool("update", false, "update the ouput file")
+var update = flag.Bool("update", false, "update the output file")
 
 func TestIngressDefault(t *testing.T) {
-	outputDir, err := filepath.Abs("./test/default")
-	if err != nil {
-		t.Fatal(err)
+	testFunc := func(v interface{}) (interface{}, error) {
+		return toIngress(v, Config{BaseDomain: "prometheus"})
 	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/default/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			return toIngress(v, Config{BaseDomain: "prometheus"})
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc:  testFunc,
+			Update:    *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
 
 func TestIngressExternalDNS(t *testing.T) {
-	outputDir, err := filepath.Abs("./test/externaldns")
-	if err != nil {
-		t.Fatal(err)
+	testFunc := func(v interface{}) (interface{}, error) {
+		return toIngress(v, Config{BaseDomain: "prometheus", ExternalDNS: true})
 	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/externaldns/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			return toIngress(v, Config{BaseDomain: "prometheus", ExternalDNS: true})
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc:  testFunc,
+			Update:    *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-1-capa-mc.golden b/service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..971e31021
--- /dev/null
+++ b/service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-1-capa-mc.golden
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
+    nginx.ingress.kubernetes.io/auth-secret: remote-write-ingress-auth
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 50m
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: test-installation
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: test-installation
+  name: prometheus-test-installation-remote-write
+  namespace: test-installation-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /test-installation/api/v1/write
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/default/case-3-aws-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/default/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/default/case-4-azure-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/default/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-3-capz.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/default/case-5-eks-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/default/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-5-gcp.golden b/service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-5-gcp.golden
new file mode 100644
index 000000000..d448cfde7
--- /dev/null
+++ b/service/controller/resource/monitoring/remotewriteingress/test/default/capi/case-5-gcp.golden
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
+    nginx.ingress.kubernetes.io/auth-secret: remote-write-ingress-auth
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 50m
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: gcp-sample
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: gcp-sample
+  name: prometheus-gcp-sample-remote-write
+  namespace: gcp-sample-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /gcp-sample/api/v1/write
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/default/case-1-vintage-mc.golden b/service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/default/case-1-vintage-mc.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/default/case-2-aws-v16.golden b/service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/default/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-3-aws-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..235a7658e
--- /dev/null
+++ b/service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-3-aws-v18.golden
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
+    nginx.ingress.kubernetes.io/auth-secret: remote-write-ingress-auth
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 50m
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: baz
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: baz
+  name: prometheus-baz-remote-write
+  namespace: baz-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /baz/api/v1/write
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-4-azure-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..a564d8650
--- /dev/null
+++ b/service/controller/resource/monitoring/remotewriteingress/test/default/vintage/case-4-azure-v18.golden
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
+    nginx.ingress.kubernetes.io/auth-secret: remote-write-ingress-auth
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 50m
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: foo
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: foo
+  name: prometheus-foo-remote-write
+  namespace: foo-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /foo/api/v1/write
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-1-capa-mc.golden b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..436e243b9
--- /dev/null
+++ b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-1-capa-mc.golden
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
+    nginx.ingress.kubernetes.io/auth-secret: remote-write-ingress-auth
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 50m
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: test-installation
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: test-installation
+  name: prometheus-test-installation-remote-write
+  namespace: test-installation-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /test-installation/api/v1/write
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-3-aws-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-4-azure-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-3-capz.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-5-eks-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-5-gcp.golden b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-5-gcp.golden
new file mode 100644
index 000000000..59213bddd
--- /dev/null
+++ b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/capi/case-5-gcp.golden
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
+    nginx.ingress.kubernetes.io/auth-secret: remote-write-ingress-auth
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 50m
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: gcp-sample
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: gcp-sample
+  name: prometheus-gcp-sample-remote-write
+  namespace: gcp-sample-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /gcp-sample/api/v1/write
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-1-vintage-mc.golden b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-1-vintage-mc.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-2-aws-v16.golden b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/monitoring/remotewriteingress/test/externaldns/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-3-aws-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..d34ff9c3f
--- /dev/null
+++ b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-3-aws-v18.golden
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
+    nginx.ingress.kubernetes.io/auth-secret: remote-write-ingress-auth
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 50m
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: baz
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: baz
+  name: prometheus-baz-remote-write
+  namespace: baz-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /baz/api/v1/write
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-4-azure-v18.golden b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..6d4221035
--- /dev/null
+++ b/service/controller/resource/monitoring/remotewriteingress/test/externaldns/vintage/case-4-azure-v18.golden
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: prometheus
+    giantswarm.io/external-dns: managed
+    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
+    nginx.ingress.kubernetes.io/auth-secret: remote-write-ingress-auth
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 50m
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: foo
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: foo
+  name: prometheus-foo-remote-write
+  namespace: foo-prometheus
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: prometheus
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
+        path: /foo/api/v1/write
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
diff --git a/service/controller/resource/monitoring/scrapeconfigs/resource_test.go b/service/controller/resource/monitoring/scrapeconfigs/resource_test.go
index d29d609cc..a4fdca6c0 100644
--- a/service/controller/resource/monitoring/scrapeconfigs/resource_test.go
+++ b/service/controller/resource/monitoring/scrapeconfigs/resource_test.go
@@ -25,7 +25,7 @@ import (
 	"github.com/giantswarm/prometheus-meta-operator/v2/service/key"
 )
 
-var update = flag.Bool("update", false, "update the ouput file")
+var update = flag.Bool("update", false, "update the output file")
 
 const additionalScrapeConfigs = `- job_name: test1
   static_configs:
@@ -135,11 +135,12 @@ func TestAWSScrapeconfigs(t *testing.T) {
 	}
 
 	c := unittest.Config{
+		Flavor:               "vintage",
 		OutputDir:            outputDir,
 		T:                    t,
 		TestFunc:             testFunc,
-		Update:               *update,
 		TestFuncReturnsBytes: true,
+		Update:               *update,
 	}
 	runner, err := unittest.NewRunner(c)
 	if err != nil {
@@ -240,11 +241,12 @@ func TestAzureScrapeconfigs(t *testing.T) {
 	}
 
 	c := unittest.Config{
+		Flavor:               "vintage",
 		OutputDir:            outputDir,
 		T:                    t,
 		TestFunc:             testFunc,
-		Update:               *update,
 		TestFuncReturnsBytes: true,
+		Update:               *update,
 	}
 	runner, err := unittest.NewRunner(c)
 	if err != nil {
@@ -257,7 +259,7 @@ func TestAzureScrapeconfigs(t *testing.T) {
 	}
 }
 
-func TestOpenStackScrapeconfigs(t *testing.T) {
+func TestCAPZScrapeconfigs(t *testing.T) {
 	var err error
 	var logger micrologger.Logger
 	{
@@ -347,7 +349,7 @@ func TestOpenStackScrapeconfigs(t *testing.T) {
 				TemplatePath:            path,
 				OrganizationReader:      FakeReader{},
 				Provider: cluster.Provider{
-					Kind:   "openstack",
+					Kind:   "capz",
 					Flavor: "capi",
 				},
 				Customer:     "pmo",
@@ -360,17 +362,18 @@ func TestOpenStackScrapeconfigs(t *testing.T) {
 		}
 	}
 
-	outputDir, err := filepath.Abs("./test/openstack")
+	outputDir, err := filepath.Abs("./test/capz")
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	c := unittest.Config{
+		Flavor:               "capi",
 		OutputDir:            outputDir,
 		T:                    t,
 		TestFunc:             testFunc,
-		Update:               *update,
 		TestFuncReturnsBytes: true,
+		Update:               *update,
 	}
 	runner, err := unittest.NewRunner(c)
 	if err != nil {
@@ -492,11 +495,12 @@ func TestGCPScrapeconfigs(t *testing.T) {
 	}
 
 	c := unittest.Config{
+		Flavor:               "capi",
 		OutputDir:            outputDir,
 		T:                    t,
 		TestFunc:             testFunc,
-		Update:               *update,
 		TestFuncReturnsBytes: true,
+		Update:               *update,
 	}
 	runner, err := unittest.NewRunner(c)
 	if err != nil {
@@ -618,11 +622,12 @@ func TestCAPAScrapeconfigs(t *testing.T) {
 	}
 
 	c := unittest.Config{
+		Flavor:               "capi",
 		OutputDir:            outputDir,
 		T:                    t,
 		TestFunc:             testFunc,
-		Update:               *update,
 		TestFuncReturnsBytes: true,
+		Update:               *update,
 	}
 	runner, err := unittest.NewRunner(c)
 	if err != nil {
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-5-eks-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-5-eks-v18.golden
deleted file mode 100644
index b03011c23..000000000
--- a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-5-eks-v18.golden
+++ /dev/null
@@ -1,416 +0,0 @@
-
-# Add scrape configuration for docker
-- job_name: eks-sample-prometheus/docker-eks-sample/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: node
-    api_server: https://master.eks-sample:443
-    bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token
-    tls_config:
-      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-      insecure_skip_verify: false
-  bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token
-  tls_config:
-    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-    insecure_skip_verify: false
-  relabel_configs:
-  - target_label: __address__
-    replacement: master.eks-sample:443
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/nodes/${1}:9323/proxy/metrics
-  - target_label: app
-    replacement: docker
-  - source_labels: [__meta_kubernetes_node_address_InternalIP]
-    replacement: ${1}:9323
-    target_label: instance
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: aws
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  - source_labels: [__name__]
-    regex: (engine_daemon_image_actions_seconds_count|process_virtual_memory_bytes|process_resident_memory_bytes)
-    action: keep
-# calico-node
-- job_name: eks-sample-prometheus/calico-node-eks-sample/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    api_server: https://master.eks-sample:443
-    bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token
-    tls_config:
-      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-      insecure_skip_verify: false
-  bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token
-  tls_config:
-    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-    insecure_skip_verify: false
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: ${1}:9091
-    target_label: instance
-  - target_label: __address__
-    replacement: master.eks-sample:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (calico-node.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9091/proxy/metrics
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
-    regex: kube-system;calico-node.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: aws
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# cert-exporter
-- job_name: eks-sample-prometheus/cert-exporter-eks-sample/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - kube-system
-    api_server: https://master.eks-sample:443
-    bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token
-    tls_config:
-      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-      insecure_skip_verify: false
-  bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token
-  tls_config:
-    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - source_labels: [__meta_kubernetes_service_label_app]
-    regex: cert-exporter
-    action: keep
-  - target_label: __address__
-    replacement: master.eks-sample:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (cert-exporter.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9005/proxy/metrics
-  - source_labels: [__meta_kubernetes_service_label_app]
-    target_label: app
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: aws
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-- job_name: eks-sample-prometheus/workload-eks-sample/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    api_server: https://master.eks-sample:443
-    bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token
-    tls_config:
-      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-      insecure_skip_verify: false
-  bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token
-  tls_config:
-    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: keep
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_path is present, we use it as the metrics path
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_path]
-    action: replace
-    target_label: __metrics_path__
-    regex: (.+)
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port, we use it as the metrics port
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    target_label: __address__
-    regex: ([^:]+):(\d+);(\d+)
-    replacement: $1:$3
-    # if the protocol is empty, we set it to http by default, this allows to override the protocol for services using https like prometheus operator
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol]
-    action: replace
-    target_label: __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol
-    regex: (.*);
-    replacement: "http"
-  - source_labels: [__meta_kubernetes_pod_ip, __address__]
-    regex: (.*);([^:]+):(\d+)
-    replacement: $1:$3
-    target_label: instance
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol, __meta_kubernetes_pod_name, __address__, __metrics_path__]
-    regex: (.*);(.*);(.*);(.+:)(\d+);(.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/${1}/pods/${2}:${3}:${5}/proxy${6}
-    action: replace
-  - regex: (.*)
-    target_label: __address__
-    replacement: master.eks-sample:443
-    action: replace
-  - source_labels: [__meta_kubernetes_service_name]
-    regex: (.*)
-    target_label: app
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_app_label]
-    regex: (.+)
-    target_label: app
-    action: replace
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: aws
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  - source_labels: [container]
-    regex: prometheus-operator-app
-    action: drop
-  - source_labels: [app]
-    regex: coredns
-    action: drop
-  - source_labels: [app]
-    regex: kube-state-metrics
-    action: drop
-  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
-    action: drop
-  # drop unused kong metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kong_(upstream_target_health|latency_bucket|latency_count|latency_sum)
-    action: drop
-  # drop unused kube-state-metrics metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kube_(.+_annotations|secret_type|pod_status_qos_class|pod_tolerations|pod_status_scheduled|replicaset_metadata_generation|replicaset_status_observed_generation|replicaset_annotations|replicaset_status_fully_labeled_replicas|.+_metadata_resource_version)
-    action: drop
-  # drop unused promtail/loki metrics
-  - source_labels: [__name__]
-    regex: promtail_request_duration_seconds_bucket|loki_request_duration_seconds_bucket
-    action: drop
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-  # drop image_id label from kube-state-metrics
-  - source_labels: [app,image_id]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    replacement: ""
-    action: replace
-    target_label: image_id
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: deployment
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: daemonset
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: statefulset
-    action: replace
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_region]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: region
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_zone]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: zone
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_topology_kubernetes_io_region|label_topology_kubernetes_io_zone
-  # Override with label for AWS clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_deployment]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  # Override with label for Azure clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_pool]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
-# prometheus
-- job_name: eks-sample-prometheus/prometheus-eks-sample/0
-  honor_labels: true
-  scheme: http
-  metrics_path: /eks-sample/metrics
-  static_configs:
-    - targets: ['localhost:9090']
-  relabel_configs:
-  - replacement: prometheus
-    target_label: app
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: aws
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/azure/case-5-eks-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/azure/case-5-eks-v18.golden
deleted file mode 100644
index 57a94618f..000000000
--- a/service/controller/resource/monitoring/scrapeconfigs/test/azure/case-5-eks-v18.golden
+++ /dev/null
@@ -1,424 +0,0 @@
-
-# Add scrape configuration for docker
-- job_name: eks-sample-prometheus/docker-eks-sample/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: node
-    api_server: https://master.eks-sample:443
-    tls_config:
-      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
-      key_file: /etc/prometheus/secrets/cluster-certificates/key
-      insecure_skip_verify: false
-  tls_config:
-    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
-    key_file: /etc/prometheus/secrets/cluster-certificates/key
-    insecure_skip_verify: false
-  relabel_configs:
-  - target_label: __address__
-    replacement: master.eks-sample:443
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/nodes/${1}:9323/proxy/metrics
-  - target_label: app
-    replacement: docker
-  - source_labels: [__meta_kubernetes_node_address_InternalIP]
-    replacement: ${1}:9323
-    target_label: instance
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: azure
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  - source_labels: [__name__]
-    regex: (engine_daemon_image_actions_seconds_count|process_virtual_memory_bytes|process_resident_memory_bytes)
-    action: keep
-# calico-node
-- job_name: eks-sample-prometheus/calico-node-eks-sample/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    api_server: https://master.eks-sample:443
-    tls_config:
-      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
-      key_file: /etc/prometheus/secrets/cluster-certificates/key
-      insecure_skip_verify: false
-  tls_config:
-    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
-    key_file: /etc/prometheus/secrets/cluster-certificates/key
-    insecure_skip_verify: false
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: ${1}:9091
-    target_label: instance
-  - target_label: __address__
-    replacement: master.eks-sample:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (calico-node.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9091/proxy/metrics
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
-    regex: kube-system;calico-node.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: azure
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# cert-exporter
-- job_name: eks-sample-prometheus/cert-exporter-eks-sample/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - kube-system
-    api_server: https://master.eks-sample:443
-    tls_config:
-      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
-      key_file: /etc/prometheus/secrets/cluster-certificates/key
-      insecure_skip_verify: false
-  tls_config:
-    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
-    key_file: /etc/prometheus/secrets/cluster-certificates/key
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - source_labels: [__meta_kubernetes_service_label_app]
-    regex: cert-exporter
-    action: keep
-  - target_label: __address__
-    replacement: master.eks-sample:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (cert-exporter.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9005/proxy/metrics
-  - source_labels: [__meta_kubernetes_service_label_app]
-    target_label: app
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: azure
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-- job_name: eks-sample-prometheus/workload-eks-sample/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    api_server: https://master.eks-sample:443
-    tls_config:
-      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
-      key_file: /etc/prometheus/secrets/cluster-certificates/key
-      insecure_skip_verify: false
-  tls_config:
-    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
-    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
-    key_file: /etc/prometheus/secrets/cluster-certificates/key
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: keep
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_path is present, we use it as the metrics path
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_path]
-    action: replace
-    target_label: __metrics_path__
-    regex: (.+)
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port, we use it as the metrics port
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    target_label: __address__
-    regex: ([^:]+):(\d+);(\d+)
-    replacement: $1:$3
-    # if the protocol is empty, we set it to http by default, this allows to override the protocol for services using https like prometheus operator
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol]
-    action: replace
-    target_label: __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol
-    regex: (.*);
-    replacement: "http"
-  - source_labels: [__meta_kubernetes_pod_ip, __address__]
-    regex: (.*);([^:]+):(\d+)
-    replacement: $1:$3
-    target_label: instance
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol, __meta_kubernetes_pod_name, __address__, __metrics_path__]
-    regex: (.*);(.*);(.*);(.+:)(\d+);(.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/${1}/pods/${2}:${3}:${5}/proxy${6}
-    action: replace
-  - regex: (.*)
-    target_label: __address__
-    replacement: master.eks-sample:443
-    action: replace
-  - source_labels: [__meta_kubernetes_service_name]
-    regex: (.*)
-    target_label: app
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_app_label]
-    regex: (.+)
-    target_label: app
-    action: replace
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: azure
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  - source_labels: [container]
-    regex: prometheus-operator-app
-    action: drop
-  - source_labels: [app]
-    regex: coredns
-    action: drop
-  - source_labels: [app]
-    regex: kube-state-metrics
-    action: drop
-  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
-    action: drop
-  # drop unused kong metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kong_(upstream_target_health|latency_bucket|latency_count|latency_sum)
-    action: drop
-  # drop unused kube-state-metrics metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kube_(.+_annotations|secret_type|pod_status_qos_class|pod_tolerations|pod_status_scheduled|replicaset_metadata_generation|replicaset_status_observed_generation|replicaset_annotations|replicaset_status_fully_labeled_replicas|.+_metadata_resource_version)
-    action: drop
-  # drop unused promtail/loki metrics
-  - source_labels: [__name__]
-    regex: promtail_request_duration_seconds_bucket|loki_request_duration_seconds_bucket
-    action: drop
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-  # drop image_id label from kube-state-metrics
-  - source_labels: [app,image_id]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    replacement: ""
-    action: replace
-    target_label: image_id
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: deployment
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: daemonset
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: statefulset
-    action: replace
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_region]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: region
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_zone]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: zone
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_topology_kubernetes_io_region|label_topology_kubernetes_io_zone
-  # Override with label for AWS clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_deployment]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  # Override with label for Azure clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_pool]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
-# prometheus
-- job_name: eks-sample-prometheus/prometheus-eks-sample/0
-  honor_labels: true
-  scheme: http
-  metrics_path: /eks-sample/metrics
-  static_configs:
-    - targets: ['localhost:9090']
-  relabel_configs:
-  - replacement: prometheus
-    target_label: app
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: eks-sample
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: workload_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: azure
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-1-capa-mc.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-1-capa-mc.golden
new file mode 100644
index 000000000..b0235109a
--- /dev/null
+++ b/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-1-capa-mc.golden
@@ -0,0 +1,980 @@
+- job_name: test-installation-prometheus/kubernetes-apiserver-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_service_label_component]
+    regex: apiserver
+    action: keep
+  - source_labels: [__meta_kubernetes_endpoint_port_name]
+    regex: https
+    action: keep
+  - target_label: app
+    replacement: kubernetes
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+# Add kubelet configuration
+- job_name: test-installation-prometheus/kubelet-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: node
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - target_label: app
+    replacement: kubelet
+  - source_labels: [__address__]
+    target_label: instance
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_node_name]
+    target_label: __metrics_path__
+    replacement: /api/v1/nodes/${1}:10250/proxy/metrics
+  - source_labels: [__meta_kubernetes_node_name]
+    target_label: node
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+  # drop uid label from kubelet
+  - action: labeldrop
+    regex: uid
+# Add scrape configuration for cadvisor
+- job_name: test-installation-prometheus/cadvisor-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: node
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: false
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: instance
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_node_name]
+    target_label: __metrics_path__
+    replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
+  - target_label: app
+    replacement: cadvisor
+  # Add node name.
+  - source_labels: [__meta_kubernetes_node_label_kubernetes_io_hostname]
+    target_label: node
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  metric_relabel_configs:
+  # drop id and name labels from cAdvisor as they do not provide value but use a lot of RAM
+  - action: labeldrop
+    regex: id|name
+  # dropping explained here https://github.com/giantswarm/giantswarm/issues/26361
+  - source_labels: [__name__]
+    regex: container_(blkio_device_usage_total|network_transmit_errors_total|network_receive_errors_total|tasks_state|memory_failures_total|memory_max_usage_bytes|cpu_load_average_10s|memory_failcnt|cpu_system_seconds_total)
+    action: drop
+  - source_labels: [namespace]
+    regex: (kube-system|giantswarm.*|kong.*|kyverno)
+    action: keep
+# calico-node
+- job_name: test-installation-prometheus/calico-node-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: false
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: ${1}:9091
+    target_label: instance
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (calico-node.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:9091/proxy/metrics
+  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
+    regex: kube-system;calico-node.*
+    action: keep
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: app
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+# Add etcd configuration
+- job_name: test-installation-prometheus/etcd-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: (etcd)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
+    action: replace
+  - source_labels: [ __meta_kubernetes_pod_name ]
+    target_label: pod_name
+  - target_label: app
+    replacement: etcd
+  - source_labels: [__address__]
+    target_label: instance
+  # Add ip label.
+  - target_label: ip
+    source_labels: [__meta_kubernetes_node_address_InternalIP]
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+# kube-controller-manager
+- job_name: test-installation-prometheus/kubernetes-controller-manager-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: 10257
+    target_label: __tmp_port
+  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
+    action: replace
+    regex: true;(\d+)
+    replacement: $1
+    target_label: __tmp_port
+  - source_labels: [__address__, __tmp_port]
+    target_label: instance
+    regex: (.+);(.+)
+    replacement: $1:$2
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: (k8s-controller-manager|kube-controller-manager)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
+    target_label: __metrics_path__
+    regex: (.+);(\d+)
+    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
+  - target_label: app
+    replacement: kube-controller-manager
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+# kube-scheduler
+- job_name: test-installation-prometheus/kubernetes-scheduler-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: 10259
+    target_label: __tmp_port
+  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
+    action: replace
+    regex: true;(\d+)
+    replacement: $1
+    target_label: __tmp_port
+  - source_labels: [__address__, __tmp_port]
+    target_label: instance
+    regex: (.+);(.+)
+    replacement: $1:$2
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: (k8s-scheduler|kube-scheduler)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
+    target_label: __metrics_path__
+    regex: (.+);(\d+)
+    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
+  - target_label: app
+    replacement: kube-scheduler
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+# kube-proxy
+- job_name: test-installation-prometheus/kube-proxy-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: $1:10249
+    target_label: instance
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (kube-proxy.*)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (kube-proxy.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:10249/proxy/metrics
+  - target_label: app
+    replacement: kube-proxy
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+# coredns
+- job_name: test-installation-prometheus/coredns-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: instance
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: coredns
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (coredns.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:9153/proxy/metrics
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: app
+  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: drop
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused coredns metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: coredns_dns_(response_size_bytes_bucket|request_size_bytes_bucket)
+    action: drop
+# cert-exporter
+- job_name: test-installation-prometheus/cert-exporter-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: instance
+  - source_labels: [__meta_kubernetes_service_label_app]
+    regex: cert-exporter
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (cert-exporter.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:9005/proxy/metrics
+  - source_labels: [__meta_kubernetes_service_label_app]
+    target_label: app
+  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: drop
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+# node-exporter
+- job_name: test-installation-prometheus/node-exporter-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (node-exporter.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:10300/proxy/metrics
+  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
+    regex: kube-system;node-exporter.*
+    action: keep
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: app
+  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_pod_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: drop
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: node_(filesystem_files|filesystem_readonly|nfs_requests_total|network_carrier|network_transmit_colls_total|network_carrier_changes_total|network_transmit_packets_total|network_carrier_down_changes_total|network_carrier_up_changes_total|network_iface_id|xfs_.+|ethtool_.+)
+    action: drop
+- job_name: test-installation-prometheus/workload-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: keep
+    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_path is present, we use it as the metrics path
+  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_path]
+    action: replace
+    target_label: __metrics_path__
+    regex: (.+)
+    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port, we use it as the metrics port
+  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port]
+    action: replace
+    target_label: __address__
+    regex: ([^:]+):(\d+);(\d+)
+    replacement: $1:$3
+    # if the protocol is empty, we set it to http by default, this allows to override the protocol for services using https like prometheus operator
+  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol]
+    action: replace
+    target_label: __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol
+    regex: (.*);
+    replacement: "http"
+  - source_labels: [__meta_kubernetes_pod_ip, __address__]
+    regex: (.*);([^:]+):(\d+)
+    replacement: $1:$3
+    target_label: instance
+  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol, __meta_kubernetes_pod_name, __address__, __metrics_path__]
+    regex: (.*);(.*);(.*);(.+:)(\d+);(.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/${1}/pods/${2}:${3}:${5}/proxy${6}
+    action: replace
+  - regex: (.*)
+    target_label: __address__
+    replacement: master.test-installation:443
+    action: replace
+  - source_labels: [__meta_kubernetes_service_name]
+    regex: (.*)
+    target_label: app
+    action: replace
+  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_app_label]
+    regex: (.+)
+    target_label: app
+    action: replace
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
+    action: drop
+  # drop unused kong metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: kong_(upstream_target_health|latency_bucket|latency_count|latency_sum)
+    action: drop
+  # drop unused kube-state-metrics metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: kube_(.+_annotations|secret_type|pod_status_qos_class|pod_tolerations|pod_status_scheduled|replicaset_metadata_generation|replicaset_status_observed_generation|replicaset_annotations|replicaset_status_fully_labeled_replicas|.+_metadata_resource_version)
+    action: drop
+  # drop unused promtail/loki metrics
+  - source_labels: [__name__]
+    regex: promtail_request_duration_seconds_bucket|loki_request_duration_seconds_bucket
+    action: drop
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+  # drop image_id label from kube-state-metrics
+  - source_labels: [app,image_id]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    replacement: ""
+    action: replace
+    target_label: image_id
+  - source_labels: [app,deployment]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_type
+    replacement: deployment
+    action: replace
+  - source_labels: [app,daemonset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_type
+    replacement: daemonset
+    action: replace
+  - source_labels: [app,statefulset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_type
+    replacement: statefulset
+    action: replace
+  - source_labels: [app,deployment]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_name
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,daemonset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_name
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,statefulset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_name
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,label_topology_kubernetes_io_region]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: region
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,label_topology_kubernetes_io_zone]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: zone
+    replacement: ${1}
+    action: replace
+  - action: labeldrop
+    regex: label_topology_kubernetes_io_region|label_topology_kubernetes_io_zone
+  # Override with label for AWS clusters if exists.
+  - source_labels: [app,label_giantswarm_io_machine_deployment]
+    regex: kube-state-metrics;(.+)
+    target_label: nodepool
+    replacement: ${1}
+    action: replace
+  # Override with label for Azure clusters if exists.
+  - source_labels: [app,label_giantswarm_io_machine_pool]
+    regex: kube-state-metrics;(.+)
+    target_label: nodepool
+    replacement: ${1}
+    action: replace
+  - action: labeldrop
+    regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
+# prometheus
+- job_name: test-installation-prometheus/prometheus-test-installation/0
+  honor_labels: true
+  scheme: http
+  metrics_path: /test-installation/metrics
+  static_configs:
+    - targets: ['localhost:9090']
+  relabel_configs:
+  - replacement: prometheus
+    target_label: app
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-1-vintage-mc.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-1-vintage-mc.golden
deleted file mode 100644
index 27ca8d66d..000000000
--- a/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-1-vintage-mc.golden
+++ /dev/null
@@ -1,1167 +0,0 @@
-- job_name: kubernetes-prometheus/kubernetes-apiserver-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_label_component]
-    regex: apiserver
-    action: keep
-  - source_labels: [__meta_kubernetes_endpoint_port_name]
-    regex: https
-    action: keep
-  - target_label: app
-    replacement: kubernetes
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-# falco-exporter
-- job_name: kubernetes-prometheus/falco-exporter-kubernetes/0
-  honor_labels: true
-  scheme: http
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - giantswarm
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name]
-    regex: falco-exporter
-    action: keep
-  - source_labels: [__meta_kubernetes_endpoints_label_app_kubernetes_io_name]
-    target_label: app
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# Add kubelet configuration
-- job_name: kubernetes-prometheus/kubelet-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: node
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - target_label: app
-    replacement: kubelet
-  - source_labels: [__address__]
-    target_label: instance
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/nodes/${1}:10250/proxy/metrics
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: node
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-  # drop uid label from kubelet
-  - action: labeldrop
-    regex: uid
-# Add scrape configuration for cadvisor
-- job_name: kubernetes-prometheus/cadvisor-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: node
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
-  - target_label: app
-    replacement: cadvisor
-  # Add node name.
-  - source_labels: [__meta_kubernetes_node_label_kubernetes_io_hostname]
-    target_label: node
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  # drop id and name labels from cAdvisor as they do not provide value but use a lot of RAM
-  - action: labeldrop
-    regex: id|name
-  # dropping explained here https://github.com/giantswarm/giantswarm/issues/26361
-  - source_labels: [__name__]
-    regex: container_(blkio_device_usage_total|network_transmit_errors_total|network_receive_errors_total|tasks_state|memory_failures_total|memory_max_usage_bytes|cpu_load_average_10s|memory_failcnt|cpu_system_seconds_total)
-    action: drop
-  - source_labels: [namespace]
-    regex: (kube-system|giantswarm.*|.*-prometheus|monitoring|flux-.*|kyverno|loki)
-    action: keep
-# calico-node
-- job_name: kubernetes-prometheus/calico-node-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: ${1}:9091
-    target_label: instance
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (calico-node.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9091/proxy/metrics
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
-    regex: kube-system;calico-node.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# Add etcd configuration
-- job_name: kubernetes-prometheus/etcd-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /etc/prometheus/secrets/etcd-certificates/ca
-    cert_file: /etc/prometheus/secrets/etcd-certificates/crt
-    key_file: /etc/prometheus/secrets/etcd-certificates/key
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (etcd)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
-    action: replace
-  - source_labels: [ __meta_kubernetes_pod_name ]
-    target_label: pod_name
-  - target_label: app
-    replacement: etcd
-  - source_labels: [__address__]
-    target_label: instance
-  # Add ip label.
-  - target_label: ip
-    source_labels: [__meta_kubernetes_node_address_InternalIP]
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-# kube-controller-manager
-- job_name: kubernetes-prometheus/kubernetes-controller-manager-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: 10257
-    target_label: __tmp_port
-  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    regex: true;(\d+)
-    replacement: $1
-    target_label: __tmp_port
-  - source_labels: [__address__, __tmp_port]
-    target_label: instance
-    regex: (.+);(.+)
-    replacement: $1:$2
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (k8s-controller-manager|kube-controller-manager)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
-    target_label: __metrics_path__
-    regex: (.+);(\d+)
-    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
-  - target_label: app
-    replacement: kube-controller-manager
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-# kube-scheduler
-- job_name: kubernetes-prometheus/kubernetes-scheduler-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: 10259
-    target_label: __tmp_port
-  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    regex: true;(\d+)
-    replacement: $1
-    target_label: __tmp_port
-  - source_labels: [__address__, __tmp_port]
-    target_label: instance
-    regex: (.+);(.+)
-    replacement: $1:$2
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (k8s-scheduler|kube-scheduler)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
-    target_label: __metrics_path__
-    regex: (.+);(\d+)
-    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
-  - target_label: app
-    replacement: kube-scheduler
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-# kube-proxy
-- job_name: kubernetes-prometheus/kube-proxy-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: $1:10249
-    target_label: instance
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (kube-proxy.*)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (kube-proxy.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:10249/proxy/metrics
-  - target_label: app
-    replacement: kube-proxy
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-# coredns
-- job_name: kubernetes-prometheus/coredns-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: coredns
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (coredns.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9153/proxy/metrics
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused coredns metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: coredns_dns_(response_size_bytes_bucket|request_size_bytes_bucket)
-    action: drop
-# cert-exporter
-- job_name: kubernetes-prometheus/cert-exporter-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - monitoring
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - source_labels: [__meta_kubernetes_service_label_app]
-    regex: cert-exporter
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (cert-exporter.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9005/proxy/metrics
-  - source_labels: [__meta_kubernetes_service_label_app]
-    target_label: app
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# node-exporter
-- job_name: kubernetes-prometheus/node-exporter-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (node-exporter.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:10300/proxy/metrics
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
-    regex: kube-system;node-exporter.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_pod_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: node_(filesystem_files|filesystem_readonly|nfs_requests_total|network_carrier|network_transmit_colls_total|network_carrier_changes_total|network_transmit_packets_total|network_carrier_down_changes_total|network_carrier_up_changes_total|network_iface_id|xfs_.+|ethtool_.+)
-    action: drop
-- job_name: kubernetes-prometheus/workload-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: keep
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_path is present, we use it as the metrics path
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_path]
-    action: replace
-    target_label: __metrics_path__
-    regex: (.+)
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port, we use it as the metrics port
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    target_label: __address__
-    regex: ([^:]+):(\d+);(\d+)
-    replacement: $1:$3
-    # if the protocol is empty, we set it to http by default, this allows to override the protocol for services using https like prometheus operator
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol]
-    action: replace
-    target_label: __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol
-    regex: (.*);
-    replacement: "http"
-  - source_labels: [__meta_kubernetes_pod_ip, __address__]
-    regex: (.*);([^:]+):(\d+)
-    replacement: $1:$3
-    target_label: instance
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol, __meta_kubernetes_pod_name, __address__, __metrics_path__]
-    regex: (.*);(.*);(.*);(.+:)(\d+);(.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/${1}/pods/${2}:${3}:${5}/proxy${6}
-    action: replace
-  - regex: (.*)
-    target_label: __address__
-    replacement: kubernetes.default:443
-    action: replace
-  - source_labels: [__meta_kubernetes_service_name]
-    regex: (.*)
-    target_label: app
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_app_label]
-    regex: (.+)
-    target_label: app
-    action: replace
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
-    action: drop
-  # drop unused kong metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kong_(upstream_target_health|latency_bucket|latency_count|latency_sum)
-    action: drop
-  # drop unused kube-state-metrics metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kube_(.+_annotations|secret_type|pod_status_qos_class|pod_tolerations|pod_status_scheduled|replicaset_metadata_generation|replicaset_status_observed_generation|replicaset_annotations|replicaset_status_fully_labeled_replicas|.+_metadata_resource_version)
-    action: drop
-  # drop unused promtail/loki metrics
-  - source_labels: [__name__]
-    regex: promtail_request_duration_seconds_bucket|loki_request_duration_seconds_bucket
-    action: drop
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-  # drop image_id label from kube-state-metrics
-  - source_labels: [app,image_id]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    replacement: ""
-    action: replace
-    target_label: image_id
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: deployment
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: daemonset
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: statefulset
-    action: replace
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_region]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: region
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_zone]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: zone
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_topology_kubernetes_io_region|label_topology_kubernetes_io_zone
-  # Override with label for AWS clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_deployment]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  # Override with label for Azure clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_pool]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
-# cert-operator (missing label) (versionned so it needs to be kept)
-- job_name: kubernetes-prometheus/cert-operator-kubernetes/0
-  honor_labels: true
-  scheme: http
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - giantswarm
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
-    regex: cert-operator
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
-    target_label: app
-  - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_version]
-    target_label: version
-  - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
-    regex: (.+)
-    target_label: __metrics_path__
-    replacement: $1
-    action: replace
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
-    regex: (.+)(?::\d+);(\d+)
-    target_label: __address__
-    replacement: $1:$2
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
-    regex: (https?)
-    target_label: __scheme__
-    replacement: $1
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# installation-specific configs from config repo
-- job_name: test1
-  static_configs:
-  - targets:
-    - 1.1.1.1:123
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: __param_target
-- job_name: test2
-  static_configs:
-  - targets:
-    - 8.8.8.8:123
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: __param_target
-# nginx-ingress-controller
-- job_name: kubernetes-prometheus/nginx-ingress-controller-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  - source_labels: [__meta_kubernetes_service_label_k8s_app]
-    regex: nginx-ingress-controller.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_ip]
-    target_label: instance
-    replacement: ${1}:10254
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - target_label: app
-    replacement: nginx-ingress-controller
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:10254/proxy/metrics
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
-    action: drop
-# prometheus
-- job_name: kubernetes-prometheus/prometheus-kubernetes/0
-  honor_labels: true
-  scheme: http
-  metrics_path: /kubernetes/metrics
-  static_configs:
-    - targets: ['localhost:9090']
-  relabel_configs:
-  - replacement: prometheus
-    target_label: app
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# cilium agent and cilium operator
-- job_name: kubernetes-prometheus/cilium-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - replacement: http
-    target_label: __scheme__
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (cilium-agent|cilium-operator)
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_port_number]
-    regex: (9090|6942)
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (.*)
-    target_label: app
-    replacement: $1
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: capa
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-3-aws-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/scrapeconfigs/test/capa/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/capa/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-4-azure-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-3-capz.golden
similarity index 99%
rename from service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/capa/case-3-capz.golden
index 8ffbd3369..ef3e48118 100644
--- a/service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-4-azure-v18.golden
+++ b/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-3-capz.golden
@@ -37,7 +37,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -90,7 +90,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -152,7 +152,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -234,7 +234,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -294,7 +294,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -377,7 +377,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -462,7 +462,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -538,7 +538,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -616,7 +616,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -694,7 +694,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -749,7 +749,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -848,7 +848,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -971,7 +971,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-5-eks-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/scrapeconfigs/test/capa/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/capa/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-2-aws-v16.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-5-gcp.golden
similarity index 93%
rename from service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/capa/case-5-gcp.golden
index c0763e2aa..62f505a62 100644
--- a/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-2-aws-v16.golden
+++ b/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-5-gcp.golden
@@ -1,9 +1,9 @@
-- job_name: alice-prometheus/kubernetes-apiserver-alice/0
+- job_name: gcp-sample-prometheus/kubernetes-apiserver-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: endpoints
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -25,13 +25,13 @@
     replacement: kubernetes
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -48,12 +48,12 @@
   - source_labels: [__meta_kubernetes_node_label_role]
     target_label: role
 # Add kubelet configuration
-- job_name: alice-prometheus/kubelet-alice/0
+- job_name: gcp-sample-prometheus/kubelet-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: node
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -70,7 +70,7 @@
   - source_labels: [__address__]
     target_label: instance
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_node_name]
     target_label: __metrics_path__
     replacement: /api/v1/nodes/${1}:10250/proxy/metrics
@@ -78,13 +78,13 @@
     target_label: node
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -109,12 +109,12 @@
   - action: labeldrop
     regex: uid
 # Add scrape configuration for cadvisor
-- job_name: alice-prometheus/cadvisor-alice/0
+- job_name: gcp-sample-prometheus/cadvisor-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: node
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -129,7 +129,7 @@
   - source_labels: [__address__]
     target_label: instance
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_node_name]
     target_label: __metrics_path__
     replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
@@ -140,13 +140,13 @@
     target_label: node
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -174,12 +174,12 @@
     regex: (kube-system|giantswarm.*|kong.*|kyverno)
     action: keep
 # calico-node
-- job_name: alice-prometheus/calico-node-alice/0
+- job_name: gcp-sample-prometheus/calico-node-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: pod
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -195,7 +195,7 @@
     replacement: ${1}:9091
     target_label: instance
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (calico-node.*)
     target_label: __metrics_path__
@@ -222,13 +222,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -242,7 +242,7 @@
   - target_label: customer
     replacement: pmo
 # Add etcd configuration
-- job_name: alice-prometheus/etcd-alice/0
+- job_name: gcp-sample-prometheus/etcd-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -250,7 +250,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -266,7 +266,7 @@
     regex: (etcd)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     target_label: __metrics_path__
     replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
@@ -282,13 +282,13 @@
     source_labels: [__meta_kubernetes_node_address_InternalIP]
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -305,7 +305,7 @@
   - source_labels: [__meta_kubernetes_node_label_role]
     target_label: role
 # kube-controller-manager
-- job_name: alice-prometheus/kubernetes-controller-manager-alice/0
+- job_name: gcp-sample-prometheus/kubernetes-controller-manager-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -313,7 +313,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -341,7 +341,7 @@
     regex: (k8s-controller-manager|kube-controller-manager)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
     target_label: __metrics_path__
     regex: (.+);(\d+)
@@ -365,13 +365,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -390,7 +390,7 @@
     regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
     action: drop
 # kube-scheduler
-- job_name: alice-prometheus/kubernetes-scheduler-alice/0
+- job_name: gcp-sample-prometheus/kubernetes-scheduler-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -398,7 +398,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -426,7 +426,7 @@
     regex: (k8s-scheduler|kube-scheduler)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
     target_label: __metrics_path__
     regex: (.+);(\d+)
@@ -450,13 +450,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -475,7 +475,7 @@
     regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
     action: drop
 # kube-proxy
-- job_name: alice-prometheus/kube-proxy-alice/0
+- job_name: gcp-sample-prometheus/kube-proxy-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -483,7 +483,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -502,7 +502,7 @@
     regex: (kube-proxy.*)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (kube-proxy.*)
     target_label: __metrics_path__
@@ -526,13 +526,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -551,7 +551,7 @@
     regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
     action: drop
 # coredns
-- job_name: alice-prometheus/coredns-alice/0
+- job_name: gcp-sample-prometheus/coredns-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -559,7 +559,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -577,7 +577,7 @@
     regex: coredns
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (coredns.*)
     target_label: __metrics_path__
@@ -604,13 +604,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -629,7 +629,7 @@
     regex: coredns_dns_(response_size_bytes_bucket|request_size_bytes_bucket)
     action: drop
 # cert-exporter
-- job_name: alice-prometheus/cert-exporter-alice/0
+- job_name: gcp-sample-prometheus/cert-exporter-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -637,7 +637,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -655,7 +655,7 @@
     regex: cert-exporter
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (cert-exporter.*)
     target_label: __metrics_path__
@@ -682,13 +682,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -702,12 +702,12 @@
   - target_label: customer
     replacement: pmo
 # node-exporter
-- job_name: alice-prometheus/node-exporter-alice/0
+- job_name: gcp-sample-prometheus/node-exporter-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: pod
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -720,7 +720,7 @@
     insecure_skip_verify: true
   relabel_configs:
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (node-exporter.*)
     target_label: __metrics_path__
@@ -737,13 +737,13 @@
     target_label: node
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -761,12 +761,12 @@
   - source_labels: [__name__]
     regex: node_(filesystem_files|filesystem_readonly|nfs_requests_total|network_carrier|network_transmit_colls_total|network_carrier_changes_total|network_transmit_packets_total|network_carrier_down_changes_total|network_carrier_up_changes_total|network_iface_id|xfs_.+|ethtool_.+)
     action: drop
-- job_name: alice-prometheus/workload-alice/0
+- job_name: gcp-sample-prometheus/workload-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: endpoints
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -809,7 +809,7 @@
     action: replace
   - regex: (.*)
     target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
     action: replace
   - source_labels: [__meta_kubernetes_service_name]
     regex: (.*)
@@ -836,13 +836,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -948,10 +948,10 @@
   - action: labeldrop
     regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
 # prometheus
-- job_name: alice-prometheus/prometheus-alice/0
+- job_name: gcp-sample-prometheus/prometheus-gcp-sample/0
   honor_labels: true
   scheme: http
-  metrics_path: /alice/metrics
+  metrics_path: /gcp-sample/metrics
   static_configs:
     - targets: ['localhost:9090']
   relabel_configs:
@@ -959,13 +959,13 @@
     target_label: app
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/capz/case-1-capa-mc.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capz/case-1-capa-mc.golden
new file mode 100644
index 000000000..b0235109a
--- /dev/null
+++ b/service/controller/resource/monitoring/scrapeconfigs/test/capz/case-1-capa-mc.golden
@@ -0,0 +1,980 @@
+- job_name: test-installation-prometheus/kubernetes-apiserver-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_service_label_component]
+    regex: apiserver
+    action: keep
+  - source_labels: [__meta_kubernetes_endpoint_port_name]
+    regex: https
+    action: keep
+  - target_label: app
+    replacement: kubernetes
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+# Add kubelet configuration
+- job_name: test-installation-prometheus/kubelet-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: node
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - target_label: app
+    replacement: kubelet
+  - source_labels: [__address__]
+    target_label: instance
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_node_name]
+    target_label: __metrics_path__
+    replacement: /api/v1/nodes/${1}:10250/proxy/metrics
+  - source_labels: [__meta_kubernetes_node_name]
+    target_label: node
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+  # drop uid label from kubelet
+  - action: labeldrop
+    regex: uid
+# Add scrape configuration for cadvisor
+- job_name: test-installation-prometheus/cadvisor-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: node
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: false
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: instance
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_node_name]
+    target_label: __metrics_path__
+    replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
+  - target_label: app
+    replacement: cadvisor
+  # Add node name.
+  - source_labels: [__meta_kubernetes_node_label_kubernetes_io_hostname]
+    target_label: node
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  metric_relabel_configs:
+  # drop id and name labels from cAdvisor as they do not provide value but use a lot of RAM
+  - action: labeldrop
+    regex: id|name
+  # dropping explained here https://github.com/giantswarm/giantswarm/issues/26361
+  - source_labels: [__name__]
+    regex: container_(blkio_device_usage_total|network_transmit_errors_total|network_receive_errors_total|tasks_state|memory_failures_total|memory_max_usage_bytes|cpu_load_average_10s|memory_failcnt|cpu_system_seconds_total)
+    action: drop
+  - source_labels: [namespace]
+    regex: (kube-system|giantswarm.*|kong.*|kyverno)
+    action: keep
+# calico-node
+- job_name: test-installation-prometheus/calico-node-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: false
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: ${1}:9091
+    target_label: instance
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (calico-node.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:9091/proxy/metrics
+  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
+    regex: kube-system;calico-node.*
+    action: keep
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: app
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+# Add etcd configuration
+- job_name: test-installation-prometheus/etcd-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: (etcd)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
+    action: replace
+  - source_labels: [ __meta_kubernetes_pod_name ]
+    target_label: pod_name
+  - target_label: app
+    replacement: etcd
+  - source_labels: [__address__]
+    target_label: instance
+  # Add ip label.
+  - target_label: ip
+    source_labels: [__meta_kubernetes_node_address_InternalIP]
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+# kube-controller-manager
+- job_name: test-installation-prometheus/kubernetes-controller-manager-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: 10257
+    target_label: __tmp_port
+  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
+    action: replace
+    regex: true;(\d+)
+    replacement: $1
+    target_label: __tmp_port
+  - source_labels: [__address__, __tmp_port]
+    target_label: instance
+    regex: (.+);(.+)
+    replacement: $1:$2
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: (k8s-controller-manager|kube-controller-manager)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
+    target_label: __metrics_path__
+    regex: (.+);(\d+)
+    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
+  - target_label: app
+    replacement: kube-controller-manager
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+# kube-scheduler
+- job_name: test-installation-prometheus/kubernetes-scheduler-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: 10259
+    target_label: __tmp_port
+  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
+    action: replace
+    regex: true;(\d+)
+    replacement: $1
+    target_label: __tmp_port
+  - source_labels: [__address__, __tmp_port]
+    target_label: instance
+    regex: (.+);(.+)
+    replacement: $1:$2
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: (k8s-scheduler|kube-scheduler)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
+    target_label: __metrics_path__
+    regex: (.+);(\d+)
+    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
+  - target_label: app
+    replacement: kube-scheduler
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+# kube-proxy
+- job_name: test-installation-prometheus/kube-proxy-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: $1:10249
+    target_label: instance
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (kube-proxy.*)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (kube-proxy.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:10249/proxy/metrics
+  - target_label: app
+    replacement: kube-proxy
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+# coredns
+- job_name: test-installation-prometheus/coredns-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: instance
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: coredns
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (coredns.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:9153/proxy/metrics
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: app
+  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: drop
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused coredns metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: coredns_dns_(response_size_bytes_bucket|request_size_bytes_bucket)
+    action: drop
+# cert-exporter
+- job_name: test-installation-prometheus/cert-exporter-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: instance
+  - source_labels: [__meta_kubernetes_service_label_app]
+    regex: cert-exporter
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (cert-exporter.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:9005/proxy/metrics
+  - source_labels: [__meta_kubernetes_service_label_app]
+    target_label: app
+  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: drop
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+# node-exporter
+- job_name: test-installation-prometheus/node-exporter-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (node-exporter.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:10300/proxy/metrics
+  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
+    regex: kube-system;node-exporter.*
+    action: keep
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: app
+  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_pod_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: drop
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: node_(filesystem_files|filesystem_readonly|nfs_requests_total|network_carrier|network_transmit_colls_total|network_carrier_changes_total|network_transmit_packets_total|network_carrier_down_changes_total|network_carrier_up_changes_total|network_iface_id|xfs_.+|ethtool_.+)
+    action: drop
+- job_name: test-installation-prometheus/workload-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: keep
+    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_path is present, we use it as the metrics path
+  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_path]
+    action: replace
+    target_label: __metrics_path__
+    regex: (.+)
+    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port, we use it as the metrics port
+  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port]
+    action: replace
+    target_label: __address__
+    regex: ([^:]+):(\d+);(\d+)
+    replacement: $1:$3
+    # if the protocol is empty, we set it to http by default, this allows to override the protocol for services using https like prometheus operator
+  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol]
+    action: replace
+    target_label: __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol
+    regex: (.*);
+    replacement: "http"
+  - source_labels: [__meta_kubernetes_pod_ip, __address__]
+    regex: (.*);([^:]+):(\d+)
+    replacement: $1:$3
+    target_label: instance
+  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol, __meta_kubernetes_pod_name, __address__, __metrics_path__]
+    regex: (.*);(.*);(.*);(.+:)(\d+);(.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/${1}/pods/${2}:${3}:${5}/proxy${6}
+    action: replace
+  - regex: (.*)
+    target_label: __address__
+    replacement: master.test-installation:443
+    action: replace
+  - source_labels: [__meta_kubernetes_service_name]
+    regex: (.*)
+    target_label: app
+    action: replace
+  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_app_label]
+    regex: (.+)
+    target_label: app
+    action: replace
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
+    action: drop
+  # drop unused kong metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: kong_(upstream_target_health|latency_bucket|latency_count|latency_sum)
+    action: drop
+  # drop unused kube-state-metrics metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: kube_(.+_annotations|secret_type|pod_status_qos_class|pod_tolerations|pod_status_scheduled|replicaset_metadata_generation|replicaset_status_observed_generation|replicaset_annotations|replicaset_status_fully_labeled_replicas|.+_metadata_resource_version)
+    action: drop
+  # drop unused promtail/loki metrics
+  - source_labels: [__name__]
+    regex: promtail_request_duration_seconds_bucket|loki_request_duration_seconds_bucket
+    action: drop
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+  # drop image_id label from kube-state-metrics
+  - source_labels: [app,image_id]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    replacement: ""
+    action: replace
+    target_label: image_id
+  - source_labels: [app,deployment]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_type
+    replacement: deployment
+    action: replace
+  - source_labels: [app,daemonset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_type
+    replacement: daemonset
+    action: replace
+  - source_labels: [app,statefulset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_type
+    replacement: statefulset
+    action: replace
+  - source_labels: [app,deployment]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_name
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,daemonset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_name
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,statefulset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_name
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,label_topology_kubernetes_io_region]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: region
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,label_topology_kubernetes_io_zone]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: zone
+    replacement: ${1}
+    action: replace
+  - action: labeldrop
+    regex: label_topology_kubernetes_io_region|label_topology_kubernetes_io_zone
+  # Override with label for AWS clusters if exists.
+  - source_labels: [app,label_giantswarm_io_machine_deployment]
+    regex: kube-state-metrics;(.+)
+    target_label: nodepool
+    replacement: ${1}
+    action: replace
+  # Override with label for Azure clusters if exists.
+  - source_labels: [app,label_giantswarm_io_machine_pool]
+    regex: kube-state-metrics;(.+)
+    target_label: nodepool
+    replacement: ${1}
+    action: replace
+  - action: labeldrop
+    regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
+# prometheus
+- job_name: test-installation-prometheus/prometheus-test-installation/0
+  honor_labels: true
+  scheme: http
+  metrics_path: /test-installation/metrics
+  static_configs:
+    - targets: ['localhost:9090']
+  relabel_configs:
+  - replacement: prometheus
+    target_label: app
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-3-aws-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capz/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/capz/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-4-azure-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capz/case-3-capz.golden
similarity index 99%
rename from service/controller/resource/monitoring/scrapeconfigs/test/capa/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/capz/case-3-capz.golden
index 8ffbd3369..ef3e48118 100644
--- a/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-4-azure-v18.golden
+++ b/service/controller/resource/monitoring/scrapeconfigs/test/capz/case-3-capz.golden
@@ -37,7 +37,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -90,7 +90,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -152,7 +152,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -234,7 +234,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -294,7 +294,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -377,7 +377,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -462,7 +462,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -538,7 +538,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -616,7 +616,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -694,7 +694,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -749,7 +749,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -848,7 +848,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -971,7 +971,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-5-eks-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capz/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/capz/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-2-aws-v16.golden b/service/controller/resource/monitoring/scrapeconfigs/test/capz/case-5-gcp.golden
similarity index 93%
rename from service/controller/resource/monitoring/scrapeconfigs/test/capa/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/capz/case-5-gcp.golden
index c0763e2aa..62f505a62 100644
--- a/service/controller/resource/monitoring/scrapeconfigs/test/capa/case-2-aws-v16.golden
+++ b/service/controller/resource/monitoring/scrapeconfigs/test/capz/case-5-gcp.golden
@@ -1,9 +1,9 @@
-- job_name: alice-prometheus/kubernetes-apiserver-alice/0
+- job_name: gcp-sample-prometheus/kubernetes-apiserver-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: endpoints
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -25,13 +25,13 @@
     replacement: kubernetes
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -48,12 +48,12 @@
   - source_labels: [__meta_kubernetes_node_label_role]
     target_label: role
 # Add kubelet configuration
-- job_name: alice-prometheus/kubelet-alice/0
+- job_name: gcp-sample-prometheus/kubelet-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: node
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -70,7 +70,7 @@
   - source_labels: [__address__]
     target_label: instance
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_node_name]
     target_label: __metrics_path__
     replacement: /api/v1/nodes/${1}:10250/proxy/metrics
@@ -78,13 +78,13 @@
     target_label: node
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -109,12 +109,12 @@
   - action: labeldrop
     regex: uid
 # Add scrape configuration for cadvisor
-- job_name: alice-prometheus/cadvisor-alice/0
+- job_name: gcp-sample-prometheus/cadvisor-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: node
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -129,7 +129,7 @@
   - source_labels: [__address__]
     target_label: instance
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_node_name]
     target_label: __metrics_path__
     replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
@@ -140,13 +140,13 @@
     target_label: node
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -174,12 +174,12 @@
     regex: (kube-system|giantswarm.*|kong.*|kyverno)
     action: keep
 # calico-node
-- job_name: alice-prometheus/calico-node-alice/0
+- job_name: gcp-sample-prometheus/calico-node-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: pod
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -195,7 +195,7 @@
     replacement: ${1}:9091
     target_label: instance
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (calico-node.*)
     target_label: __metrics_path__
@@ -222,13 +222,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -242,7 +242,7 @@
   - target_label: customer
     replacement: pmo
 # Add etcd configuration
-- job_name: alice-prometheus/etcd-alice/0
+- job_name: gcp-sample-prometheus/etcd-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -250,7 +250,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -266,7 +266,7 @@
     regex: (etcd)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     target_label: __metrics_path__
     replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
@@ -282,13 +282,13 @@
     source_labels: [__meta_kubernetes_node_address_InternalIP]
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -305,7 +305,7 @@
   - source_labels: [__meta_kubernetes_node_label_role]
     target_label: role
 # kube-controller-manager
-- job_name: alice-prometheus/kubernetes-controller-manager-alice/0
+- job_name: gcp-sample-prometheus/kubernetes-controller-manager-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -313,7 +313,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -341,7 +341,7 @@
     regex: (k8s-controller-manager|kube-controller-manager)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
     target_label: __metrics_path__
     regex: (.+);(\d+)
@@ -365,13 +365,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -390,7 +390,7 @@
     regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
     action: drop
 # kube-scheduler
-- job_name: alice-prometheus/kubernetes-scheduler-alice/0
+- job_name: gcp-sample-prometheus/kubernetes-scheduler-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -398,7 +398,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -426,7 +426,7 @@
     regex: (k8s-scheduler|kube-scheduler)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
     target_label: __metrics_path__
     regex: (.+);(\d+)
@@ -450,13 +450,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -475,7 +475,7 @@
     regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
     action: drop
 # kube-proxy
-- job_name: alice-prometheus/kube-proxy-alice/0
+- job_name: gcp-sample-prometheus/kube-proxy-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -483,7 +483,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -502,7 +502,7 @@
     regex: (kube-proxy.*)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (kube-proxy.*)
     target_label: __metrics_path__
@@ -526,13 +526,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -551,7 +551,7 @@
     regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
     action: drop
 # coredns
-- job_name: alice-prometheus/coredns-alice/0
+- job_name: gcp-sample-prometheus/coredns-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -559,7 +559,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -577,7 +577,7 @@
     regex: coredns
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (coredns.*)
     target_label: __metrics_path__
@@ -604,13 +604,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -629,7 +629,7 @@
     regex: coredns_dns_(response_size_bytes_bucket|request_size_bytes_bucket)
     action: drop
 # cert-exporter
-- job_name: alice-prometheus/cert-exporter-alice/0
+- job_name: gcp-sample-prometheus/cert-exporter-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -637,7 +637,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -655,7 +655,7 @@
     regex: cert-exporter
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (cert-exporter.*)
     target_label: __metrics_path__
@@ -682,13 +682,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -702,12 +702,12 @@
   - target_label: customer
     replacement: pmo
 # node-exporter
-- job_name: alice-prometheus/node-exporter-alice/0
+- job_name: gcp-sample-prometheus/node-exporter-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: pod
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -720,7 +720,7 @@
     insecure_skip_verify: true
   relabel_configs:
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (node-exporter.*)
     target_label: __metrics_path__
@@ -737,13 +737,13 @@
     target_label: node
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -761,12 +761,12 @@
   - source_labels: [__name__]
     regex: node_(filesystem_files|filesystem_readonly|nfs_requests_total|network_carrier|network_transmit_colls_total|network_carrier_changes_total|network_transmit_packets_total|network_carrier_down_changes_total|network_carrier_up_changes_total|network_iface_id|xfs_.+|ethtool_.+)
     action: drop
-- job_name: alice-prometheus/workload-alice/0
+- job_name: gcp-sample-prometheus/workload-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: endpoints
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -809,7 +809,7 @@
     action: replace
   - regex: (.*)
     target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
     action: replace
   - source_labels: [__meta_kubernetes_service_name]
     regex: (.*)
@@ -836,13 +836,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -948,10 +948,10 @@
   - action: labeldrop
     regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
 # prometheus
-- job_name: alice-prometheus/prometheus-alice/0
+- job_name: gcp-sample-prometheus/prometheus-gcp-sample/0
   honor_labels: true
   scheme: http
-  metrics_path: /alice/metrics
+  metrics_path: /gcp-sample/metrics
   static_configs:
     - targets: ['localhost:9090']
   relabel_configs:
@@ -959,13 +959,13 @@
     target_label: app
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-1-capa-mc.golden b/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-1-capa-mc.golden
new file mode 100644
index 000000000..b0235109a
--- /dev/null
+++ b/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-1-capa-mc.golden
@@ -0,0 +1,980 @@
+- job_name: test-installation-prometheus/kubernetes-apiserver-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_service_label_component]
+    regex: apiserver
+    action: keep
+  - source_labels: [__meta_kubernetes_endpoint_port_name]
+    regex: https
+    action: keep
+  - target_label: app
+    replacement: kubernetes
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+# Add kubelet configuration
+- job_name: test-installation-prometheus/kubelet-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: node
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - target_label: app
+    replacement: kubelet
+  - source_labels: [__address__]
+    target_label: instance
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_node_name]
+    target_label: __metrics_path__
+    replacement: /api/v1/nodes/${1}:10250/proxy/metrics
+  - source_labels: [__meta_kubernetes_node_name]
+    target_label: node
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+  # drop uid label from kubelet
+  - action: labeldrop
+    regex: uid
+# Add scrape configuration for cadvisor
+- job_name: test-installation-prometheus/cadvisor-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: node
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: false
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: instance
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_node_name]
+    target_label: __metrics_path__
+    replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
+  - target_label: app
+    replacement: cadvisor
+  # Add node name.
+  - source_labels: [__meta_kubernetes_node_label_kubernetes_io_hostname]
+    target_label: node
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  metric_relabel_configs:
+  # drop id and name labels from cAdvisor as they do not provide value but use a lot of RAM
+  - action: labeldrop
+    regex: id|name
+  # dropping explained here https://github.com/giantswarm/giantswarm/issues/26361
+  - source_labels: [__name__]
+    regex: container_(blkio_device_usage_total|network_transmit_errors_total|network_receive_errors_total|tasks_state|memory_failures_total|memory_max_usage_bytes|cpu_load_average_10s|memory_failcnt|cpu_system_seconds_total)
+    action: drop
+  - source_labels: [namespace]
+    regex: (kube-system|giantswarm.*|kong.*|kyverno)
+    action: keep
+# calico-node
+- job_name: test-installation-prometheus/calico-node-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: false
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: ${1}:9091
+    target_label: instance
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (calico-node.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:9091/proxy/metrics
+  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
+    regex: kube-system;calico-node.*
+    action: keep
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: app
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+# Add etcd configuration
+- job_name: test-installation-prometheus/etcd-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: (etcd)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
+    action: replace
+  - source_labels: [ __meta_kubernetes_pod_name ]
+    target_label: pod_name
+  - target_label: app
+    replacement: etcd
+  - source_labels: [__address__]
+    target_label: instance
+  # Add ip label.
+  - target_label: ip
+    source_labels: [__meta_kubernetes_node_address_InternalIP]
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+# kube-controller-manager
+- job_name: test-installation-prometheus/kubernetes-controller-manager-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: 10257
+    target_label: __tmp_port
+  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
+    action: replace
+    regex: true;(\d+)
+    replacement: $1
+    target_label: __tmp_port
+  - source_labels: [__address__, __tmp_port]
+    target_label: instance
+    regex: (.+);(.+)
+    replacement: $1:$2
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: (k8s-controller-manager|kube-controller-manager)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
+    target_label: __metrics_path__
+    regex: (.+);(\d+)
+    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
+  - target_label: app
+    replacement: kube-controller-manager
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+# kube-scheduler
+- job_name: test-installation-prometheus/kubernetes-scheduler-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: 10259
+    target_label: __tmp_port
+  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
+    action: replace
+    regex: true;(\d+)
+    replacement: $1
+    target_label: __tmp_port
+  - source_labels: [__address__, __tmp_port]
+    target_label: instance
+    regex: (.+);(.+)
+    replacement: $1:$2
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: (k8s-scheduler|kube-scheduler)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
+    target_label: __metrics_path__
+    regex: (.+);(\d+)
+    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
+  - target_label: app
+    replacement: kube-scheduler
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+# kube-proxy
+- job_name: test-installation-prometheus/kube-proxy-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    replacement: $1:10249
+    target_label: instance
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (kube-proxy.*)
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (kube-proxy.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:10249/proxy/metrics
+  - target_label: app
+    replacement: kube-proxy
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+# coredns
+- job_name: test-installation-prometheus/coredns-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: instance
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    regex: coredns
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (coredns.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:9153/proxy/metrics
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: app
+  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: drop
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused coredns metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: coredns_dns_(response_size_bytes_bucket|request_size_bytes_bucket)
+    action: drop
+# cert-exporter
+- job_name: test-installation-prometheus/cert-exporter-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    namespaces:
+      names:
+      - kube-system
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: instance
+  - source_labels: [__meta_kubernetes_service_label_app]
+    regex: cert-exporter
+    action: keep
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (cert-exporter.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:9005/proxy/metrics
+  - source_labels: [__meta_kubernetes_service_label_app]
+    target_label: app
+  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: drop
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+# node-exporter
+- job_name: test-installation-prometheus/node-exporter-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: pod
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - target_label: __address__
+    replacement: master.test-installation:443
+  - source_labels: [__meta_kubernetes_pod_name]
+    regex: (node-exporter.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/kube-system/pods/${1}:10300/proxy/metrics
+  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
+    regex: kube-system;node-exporter.*
+    action: keep
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: app
+  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_pod_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: drop
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: node_(filesystem_files|filesystem_readonly|nfs_requests_total|network_carrier|network_transmit_colls_total|network_carrier_changes_total|network_transmit_packets_total|network_carrier_down_changes_total|network_carrier_up_changes_total|network_iface_id|xfs_.+|ethtool_.+)
+    action: drop
+- job_name: test-installation-prometheus/workload-test-installation/0
+  honor_labels: true
+  scheme: https
+  kubernetes_sd_configs:
+  - role: endpoints
+    api_server: https://master.test-installation:443
+    tls_config:
+      ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+      cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+      key_file: /etc/prometheus/secrets/cluster-certificates/key
+      insecure_skip_verify: false
+  tls_config:
+    ca_file: /etc/prometheus/secrets/cluster-certificates/ca
+    cert_file: /etc/prometheus/secrets/cluster-certificates/crt
+    key_file: /etc/prometheus/secrets/cluster-certificates/key
+    insecure_skip_verify: true
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
+    regex: .*(true).*
+    action: keep
+    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_path is present, we use it as the metrics path
+  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_path]
+    action: replace
+    target_label: __metrics_path__
+    regex: (.+)
+    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port, we use it as the metrics port
+  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port]
+    action: replace
+    target_label: __address__
+    regex: ([^:]+):(\d+);(\d+)
+    replacement: $1:$3
+    # if the protocol is empty, we set it to http by default, this allows to override the protocol for services using https like prometheus operator
+  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol]
+    action: replace
+    target_label: __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol
+    regex: (.*);
+    replacement: "http"
+  - source_labels: [__meta_kubernetes_pod_ip, __address__]
+    regex: (.*);([^:]+):(\d+)
+    replacement: $1:$3
+    target_label: instance
+  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol, __meta_kubernetes_pod_name, __address__, __metrics_path__]
+    regex: (.*);(.*);(.*);(.+:)(\d+);(.*)
+    target_label: __metrics_path__
+    replacement: /api/v1/namespaces/${1}/pods/${2}:${3}:${5}/proxy${6}
+    action: replace
+  - regex: (.*)
+    target_label: __address__
+    replacement: master.test-installation:443
+    action: replace
+  - source_labels: [__meta_kubernetes_service_name]
+    regex: (.*)
+    target_label: app
+    action: replace
+  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_app_label]
+    regex: (.+)
+    target_label: app
+    action: replace
+  # Add namespace label.
+  - source_labels: [__meta_kubernetes_namespace]
+    target_label: namespace
+  # Add pod label.
+  - source_labels: [__meta_kubernetes_pod_name]
+    target_label: pod
+  # Add container label.
+  - source_labels: [__meta_kubernetes_pod_container_name]
+    target_label: container
+  # Add node label.
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    target_label: node
+  # Add role label.
+  - source_labels: [__meta_kubernetes_node_label_role]
+    target_label: role
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
+  metric_relabel_configs:
+  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
+    action: drop
+  # drop unused kong metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: kong_(upstream_target_health|latency_bucket|latency_count|latency_sum)
+    action: drop
+  # drop unused kube-state-metrics metrics with the highest cardinality as they increase Prometheus memory usage
+  - source_labels: [__name__]
+    regex: kube_(.+_annotations|secret_type|pod_status_qos_class|pod_tolerations|pod_status_scheduled|replicaset_metadata_generation|replicaset_status_observed_generation|replicaset_annotations|replicaset_status_fully_labeled_replicas|.+_metadata_resource_version)
+    action: drop
+  # drop unused promtail/loki metrics
+  - source_labels: [__name__]
+    regex: promtail_request_duration_seconds_bucket|loki_request_duration_seconds_bucket
+    action: drop
+  # drop unused rest client metrics
+  - source_labels: [__name__]
+    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
+    action: drop
+  # drop image_id label from kube-state-metrics
+  - source_labels: [app,image_id]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    replacement: ""
+    action: replace
+    target_label: image_id
+  - source_labels: [app,deployment]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_type
+    replacement: deployment
+    action: replace
+  - source_labels: [app,daemonset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_type
+    replacement: daemonset
+    action: replace
+  - source_labels: [app,statefulset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_type
+    replacement: statefulset
+    action: replace
+  - source_labels: [app,deployment]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_name
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,daemonset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_name
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,statefulset]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: workload_name
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,label_topology_kubernetes_io_region]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: region
+    replacement: ${1}
+    action: replace
+  - source_labels: [app,label_topology_kubernetes_io_zone]
+    separator: ;
+    regex: kube-state-metrics;(.+)
+    target_label: zone
+    replacement: ${1}
+    action: replace
+  - action: labeldrop
+    regex: label_topology_kubernetes_io_region|label_topology_kubernetes_io_zone
+  # Override with label for AWS clusters if exists.
+  - source_labels: [app,label_giantswarm_io_machine_deployment]
+    regex: kube-state-metrics;(.+)
+    target_label: nodepool
+    replacement: ${1}
+    action: replace
+  # Override with label for Azure clusters if exists.
+  - source_labels: [app,label_giantswarm_io_machine_pool]
+    regex: kube-state-metrics;(.+)
+    target_label: nodepool
+    replacement: ${1}
+    action: replace
+  - action: labeldrop
+    regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
+# prometheus
+- job_name: test-installation-prometheus/prometheus-test-installation/0
+  honor_labels: true
+  scheme: http
+  metrics_path: /test-installation/metrics
+  static_configs:
+    - targets: ['localhost:9090']
+  relabel_configs:
+  - replacement: prometheus
+    target_label: app
+  # Add cluster_id label.
+  - target_label: cluster_id
+    replacement: test-installation
+  # Add cluster_type label.
+  - target_label: cluster_type
+    replacement: workload_cluster
+  # Add provider label.
+  - target_label: provider
+    replacement: capa
+  # Add installation label.
+  - target_label: installation
+    replacement: test-installation
+  # Add priority label.
+  - target_label: service_priority
+    replacement: highest
+  # Add organization label.
+  - target_label: organization
+    replacement: my-organization
+  # Add customer label.
+  - target_label: customer
+    replacement: pmo
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-1-vintage-mc.golden b/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-1-vintage-mc.golden
deleted file mode 100644
index 52111b600..000000000
--- a/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-1-vintage-mc.golden
+++ /dev/null
@@ -1,1167 +0,0 @@
-- job_name: kubernetes-prometheus/kubernetes-apiserver-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_label_component]
-    regex: apiserver
-    action: keep
-  - source_labels: [__meta_kubernetes_endpoint_port_name]
-    regex: https
-    action: keep
-  - target_label: app
-    replacement: kubernetes
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-# falco-exporter
-- job_name: kubernetes-prometheus/falco-exporter-kubernetes/0
-  honor_labels: true
-  scheme: http
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - giantswarm
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name]
-    regex: falco-exporter
-    action: keep
-  - source_labels: [__meta_kubernetes_endpoints_label_app_kubernetes_io_name]
-    target_label: app
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# Add kubelet configuration
-- job_name: kubernetes-prometheus/kubelet-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: node
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - target_label: app
-    replacement: kubelet
-  - source_labels: [__address__]
-    target_label: instance
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/nodes/${1}:10250/proxy/metrics
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: node
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-  # drop uid label from kubelet
-  - action: labeldrop
-    regex: uid
-# Add scrape configuration for cadvisor
-- job_name: kubernetes-prometheus/cadvisor-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: node
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
-  - target_label: app
-    replacement: cadvisor
-  # Add node name.
-  - source_labels: [__meta_kubernetes_node_label_kubernetes_io_hostname]
-    target_label: node
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  # drop id and name labels from cAdvisor as they do not provide value but use a lot of RAM
-  - action: labeldrop
-    regex: id|name
-  # dropping explained here https://github.com/giantswarm/giantswarm/issues/26361
-  - source_labels: [__name__]
-    regex: container_(blkio_device_usage_total|network_transmit_errors_total|network_receive_errors_total|tasks_state|memory_failures_total|memory_max_usage_bytes|cpu_load_average_10s|memory_failcnt|cpu_system_seconds_total)
-    action: drop
-  - source_labels: [namespace]
-    regex: (kube-system|giantswarm.*|.*-prometheus|monitoring|flux-.*|kyverno|loki)
-    action: keep
-# calico-node
-- job_name: kubernetes-prometheus/calico-node-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: ${1}:9091
-    target_label: instance
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (calico-node.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9091/proxy/metrics
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
-    regex: kube-system;calico-node.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# Add etcd configuration
-- job_name: kubernetes-prometheus/etcd-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /etc/prometheus/secrets/etcd-certificates/ca
-    cert_file: /etc/prometheus/secrets/etcd-certificates/crt
-    key_file: /etc/prometheus/secrets/etcd-certificates/key
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (etcd)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
-    action: replace
-  - source_labels: [ __meta_kubernetes_pod_name ]
-    target_label: pod_name
-  - target_label: app
-    replacement: etcd
-  - source_labels: [__address__]
-    target_label: instance
-  # Add ip label.
-  - target_label: ip
-    source_labels: [__meta_kubernetes_node_address_InternalIP]
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-# kube-controller-manager
-- job_name: kubernetes-prometheus/kubernetes-controller-manager-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: 10257
-    target_label: __tmp_port
-  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    regex: true;(\d+)
-    replacement: $1
-    target_label: __tmp_port
-  - source_labels: [__address__, __tmp_port]
-    target_label: instance
-    regex: (.+);(.+)
-    replacement: $1:$2
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (k8s-controller-manager|kube-controller-manager)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
-    target_label: __metrics_path__
-    regex: (.+);(\d+)
-    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
-  - target_label: app
-    replacement: kube-controller-manager
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-# kube-scheduler
-- job_name: kubernetes-prometheus/kubernetes-scheduler-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: 10259
-    target_label: __tmp_port
-  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    regex: true;(\d+)
-    replacement: $1
-    target_label: __tmp_port
-  - source_labels: [__address__, __tmp_port]
-    target_label: instance
-    regex: (.+);(.+)
-    replacement: $1:$2
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (k8s-scheduler|kube-scheduler)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
-    target_label: __metrics_path__
-    regex: (.+);(\d+)
-    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
-  - target_label: app
-    replacement: kube-scheduler
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-# kube-proxy
-- job_name: kubernetes-prometheus/kube-proxy-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: $1:10249
-    target_label: instance
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (kube-proxy.*)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (kube-proxy.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:10249/proxy/metrics
-  - target_label: app
-    replacement: kube-proxy
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-# coredns
-- job_name: kubernetes-prometheus/coredns-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: coredns
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (coredns.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9153/proxy/metrics
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused coredns metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: coredns_dns_(response_size_bytes_bucket|request_size_bytes_bucket)
-    action: drop
-# cert-exporter
-- job_name: kubernetes-prometheus/cert-exporter-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - monitoring
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - source_labels: [__meta_kubernetes_service_label_app]
-    regex: cert-exporter
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (cert-exporter.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9005/proxy/metrics
-  - source_labels: [__meta_kubernetes_service_label_app]
-    target_label: app
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# node-exporter
-- job_name: kubernetes-prometheus/node-exporter-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (node-exporter.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:10300/proxy/metrics
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
-    regex: kube-system;node-exporter.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_pod_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: node_(filesystem_files|filesystem_readonly|nfs_requests_total|network_carrier|network_transmit_colls_total|network_carrier_changes_total|network_transmit_packets_total|network_carrier_down_changes_total|network_carrier_up_changes_total|network_iface_id|xfs_.+|ethtool_.+)
-    action: drop
-- job_name: kubernetes-prometheus/workload-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: keep
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_path is present, we use it as the metrics path
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_path]
-    action: replace
-    target_label: __metrics_path__
-    regex: (.+)
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port, we use it as the metrics port
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    target_label: __address__
-    regex: ([^:]+):(\d+);(\d+)
-    replacement: $1:$3
-    # if the protocol is empty, we set it to http by default, this allows to override the protocol for services using https like prometheus operator
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol]
-    action: replace
-    target_label: __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol
-    regex: (.*);
-    replacement: "http"
-  - source_labels: [__meta_kubernetes_pod_ip, __address__]
-    regex: (.*);([^:]+):(\d+)
-    replacement: $1:$3
-    target_label: instance
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol, __meta_kubernetes_pod_name, __address__, __metrics_path__]
-    regex: (.*);(.*);(.*);(.+:)(\d+);(.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/${1}/pods/${2}:${3}:${5}/proxy${6}
-    action: replace
-  - regex: (.*)
-    target_label: __address__
-    replacement: kubernetes.default:443
-    action: replace
-  - source_labels: [__meta_kubernetes_service_name]
-    regex: (.*)
-    target_label: app
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_app_label]
-    regex: (.+)
-    target_label: app
-    action: replace
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
-    action: drop
-  # drop unused kong metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kong_(upstream_target_health|latency_bucket|latency_count|latency_sum)
-    action: drop
-  # drop unused kube-state-metrics metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kube_(.+_annotations|secret_type|pod_status_qos_class|pod_tolerations|pod_status_scheduled|replicaset_metadata_generation|replicaset_status_observed_generation|replicaset_annotations|replicaset_status_fully_labeled_replicas|.+_metadata_resource_version)
-    action: drop
-  # drop unused promtail/loki metrics
-  - source_labels: [__name__]
-    regex: promtail_request_duration_seconds_bucket|loki_request_duration_seconds_bucket
-    action: drop
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-  # drop image_id label from kube-state-metrics
-  - source_labels: [app,image_id]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    replacement: ""
-    action: replace
-    target_label: image_id
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: deployment
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: daemonset
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: statefulset
-    action: replace
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_region]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: region
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_zone]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: zone
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_topology_kubernetes_io_region|label_topology_kubernetes_io_zone
-  # Override with label for AWS clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_deployment]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  # Override with label for Azure clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_pool]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
-# cert-operator (missing label) (versionned so it needs to be kept)
-- job_name: kubernetes-prometheus/cert-operator-kubernetes/0
-  honor_labels: true
-  scheme: http
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - giantswarm
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
-    regex: cert-operator
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
-    target_label: app
-  - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_version]
-    target_label: version
-  - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
-    regex: (.+)
-    target_label: __metrics_path__
-    replacement: $1
-    action: replace
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
-    regex: (.+)(?::\d+);(\d+)
-    target_label: __address__
-    replacement: $1:$2
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
-    regex: (https?)
-    target_label: __scheme__
-    replacement: $1
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# installation-specific configs from config repo
-- job_name: test1
-  static_configs:
-  - targets:
-    - 1.1.1.1:123
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: __param_target
-- job_name: test2
-  static_configs:
-  - targets:
-    - 8.8.8.8:123
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: __param_target
-# nginx-ingress-controller
-- job_name: kubernetes-prometheus/nginx-ingress-controller-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  - source_labels: [__meta_kubernetes_service_label_k8s_app]
-    regex: nginx-ingress-controller.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_ip]
-    target_label: instance
-    replacement: ${1}:10254
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - target_label: app
-    replacement: nginx-ingress-controller
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:10254/proxy/metrics
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
-    action: drop
-# prometheus
-- job_name: kubernetes-prometheus/prometheus-kubernetes/0
-  honor_labels: true
-  scheme: http
-  metrics_path: /kubernetes/metrics
-  static_configs:
-    - targets: ['localhost:9090']
-  relabel_configs:
-  - replacement: prometheus
-    target_label: app
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# cilium agent and cilium operator
-- job_name: kubernetes-prometheus/cilium-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - replacement: http
-    target_label: __scheme__
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (cilium-agent|cilium-operator)
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_port_number]
-    regex: (9090|6942)
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (.*)
-    target_label: app
-    replacement: $1
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: gcp
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-3-aws-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-4-azure-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-3-capz.golden
similarity index 99%
rename from service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-3-capz.golden
index 8ffbd3369..ef3e48118 100644
--- a/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-4-azure-v18.golden
+++ b/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-3-capz.golden
@@ -37,7 +37,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -90,7 +90,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -152,7 +152,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -234,7 +234,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -294,7 +294,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -377,7 +377,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -462,7 +462,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -538,7 +538,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -616,7 +616,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -694,7 +694,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -749,7 +749,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -848,7 +848,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
@@ -971,7 +971,7 @@
     replacement: test-installation
   # Add priority label.
   - target_label: service_priority
-    replacement: medium
+    replacement: highest
   # Add organization label.
   - target_label: organization
     replacement: my-organization
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-5-eks-v18.golden b/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-2-aws-v16.golden b/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-5-gcp.golden
similarity index 93%
rename from service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-5-gcp.golden
index c0763e2aa..62f505a62 100644
--- a/service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-2-aws-v16.golden
+++ b/service/controller/resource/monitoring/scrapeconfigs/test/gcp/case-5-gcp.golden
@@ -1,9 +1,9 @@
-- job_name: alice-prometheus/kubernetes-apiserver-alice/0
+- job_name: gcp-sample-prometheus/kubernetes-apiserver-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: endpoints
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -25,13 +25,13 @@
     replacement: kubernetes
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -48,12 +48,12 @@
   - source_labels: [__meta_kubernetes_node_label_role]
     target_label: role
 # Add kubelet configuration
-- job_name: alice-prometheus/kubelet-alice/0
+- job_name: gcp-sample-prometheus/kubelet-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: node
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -70,7 +70,7 @@
   - source_labels: [__address__]
     target_label: instance
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_node_name]
     target_label: __metrics_path__
     replacement: /api/v1/nodes/${1}:10250/proxy/metrics
@@ -78,13 +78,13 @@
     target_label: node
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -109,12 +109,12 @@
   - action: labeldrop
     regex: uid
 # Add scrape configuration for cadvisor
-- job_name: alice-prometheus/cadvisor-alice/0
+- job_name: gcp-sample-prometheus/cadvisor-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: node
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -129,7 +129,7 @@
   - source_labels: [__address__]
     target_label: instance
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_node_name]
     target_label: __metrics_path__
     replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
@@ -140,13 +140,13 @@
     target_label: node
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -174,12 +174,12 @@
     regex: (kube-system|giantswarm.*|kong.*|kyverno)
     action: keep
 # calico-node
-- job_name: alice-prometheus/calico-node-alice/0
+- job_name: gcp-sample-prometheus/calico-node-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: pod
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -195,7 +195,7 @@
     replacement: ${1}:9091
     target_label: instance
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (calico-node.*)
     target_label: __metrics_path__
@@ -222,13 +222,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -242,7 +242,7 @@
   - target_label: customer
     replacement: pmo
 # Add etcd configuration
-- job_name: alice-prometheus/etcd-alice/0
+- job_name: gcp-sample-prometheus/etcd-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -250,7 +250,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -266,7 +266,7 @@
     regex: (etcd)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     target_label: __metrics_path__
     replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
@@ -282,13 +282,13 @@
     source_labels: [__meta_kubernetes_node_address_InternalIP]
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -305,7 +305,7 @@
   - source_labels: [__meta_kubernetes_node_label_role]
     target_label: role
 # kube-controller-manager
-- job_name: alice-prometheus/kubernetes-controller-manager-alice/0
+- job_name: gcp-sample-prometheus/kubernetes-controller-manager-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -313,7 +313,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -341,7 +341,7 @@
     regex: (k8s-controller-manager|kube-controller-manager)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
     target_label: __metrics_path__
     regex: (.+);(\d+)
@@ -365,13 +365,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -390,7 +390,7 @@
     regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
     action: drop
 # kube-scheduler
-- job_name: alice-prometheus/kubernetes-scheduler-alice/0
+- job_name: gcp-sample-prometheus/kubernetes-scheduler-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -398,7 +398,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -426,7 +426,7 @@
     regex: (k8s-scheduler|kube-scheduler)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
     target_label: __metrics_path__
     regex: (.+);(\d+)
@@ -450,13 +450,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -475,7 +475,7 @@
     regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
     action: drop
 # kube-proxy
-- job_name: alice-prometheus/kube-proxy-alice/0
+- job_name: gcp-sample-prometheus/kube-proxy-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -483,7 +483,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -502,7 +502,7 @@
     regex: (kube-proxy.*)
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (kube-proxy.*)
     target_label: __metrics_path__
@@ -526,13 +526,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -551,7 +551,7 @@
     regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
     action: drop
 # coredns
-- job_name: alice-prometheus/coredns-alice/0
+- job_name: gcp-sample-prometheus/coredns-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -559,7 +559,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -577,7 +577,7 @@
     regex: coredns
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (coredns.*)
     target_label: __metrics_path__
@@ -604,13 +604,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -629,7 +629,7 @@
     regex: coredns_dns_(response_size_bytes_bucket|request_size_bytes_bucket)
     action: drop
 # cert-exporter
-- job_name: alice-prometheus/cert-exporter-alice/0
+- job_name: gcp-sample-prometheus/cert-exporter-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
@@ -637,7 +637,7 @@
     namespaces:
       names:
       - kube-system
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -655,7 +655,7 @@
     regex: cert-exporter
     action: keep
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (cert-exporter.*)
     target_label: __metrics_path__
@@ -682,13 +682,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -702,12 +702,12 @@
   - target_label: customer
     replacement: pmo
 # node-exporter
-- job_name: alice-prometheus/node-exporter-alice/0
+- job_name: gcp-sample-prometheus/node-exporter-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: pod
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -720,7 +720,7 @@
     insecure_skip_verify: true
   relabel_configs:
   - target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (node-exporter.*)
     target_label: __metrics_path__
@@ -737,13 +737,13 @@
     target_label: node
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -761,12 +761,12 @@
   - source_labels: [__name__]
     regex: node_(filesystem_files|filesystem_readonly|nfs_requests_total|network_carrier|network_transmit_colls_total|network_carrier_changes_total|network_transmit_packets_total|network_carrier_down_changes_total|network_carrier_up_changes_total|network_iface_id|xfs_.+|ethtool_.+)
     action: drop
-- job_name: alice-prometheus/workload-alice/0
+- job_name: gcp-sample-prometheus/workload-gcp-sample/0
   honor_labels: true
   scheme: https
   kubernetes_sd_configs:
   - role: endpoints
-    api_server: https://master.alice:443
+    api_server: https://master.gcp-sample:443
     tls_config:
       ca_file: /etc/prometheus/secrets/cluster-certificates/ca
       cert_file: /etc/prometheus/secrets/cluster-certificates/crt
@@ -809,7 +809,7 @@
     action: replace
   - regex: (.*)
     target_label: __address__
-    replacement: master.alice:443
+    replacement: master.gcp-sample:443
     action: replace
   - source_labels: [__meta_kubernetes_service_name]
     regex: (.*)
@@ -836,13 +836,13 @@
     target_label: role
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
@@ -948,10 +948,10 @@
   - action: labeldrop
     regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
 # prometheus
-- job_name: alice-prometheus/prometheus-alice/0
+- job_name: gcp-sample-prometheus/prometheus-gcp-sample/0
   honor_labels: true
   scheme: http
-  metrics_path: /alice/metrics
+  metrics_path: /gcp-sample/metrics
   static_configs:
     - targets: ['localhost:9090']
   relabel_configs:
@@ -959,13 +959,13 @@
     target_label: app
   # Add cluster_id label.
   - target_label: cluster_id
-    replacement: alice
+    replacement: gcp-sample
   # Add cluster_type label.
   - target_label: cluster_type
     replacement: workload_cluster
   # Add provider label.
   - target_label: provider
-    replacement: capa
+    replacement: gcp
   # Add installation label.
   - target_label: installation
     replacement: test-installation
diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-1-vintage-mc.golden b/service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-1-vintage-mc.golden
deleted file mode 100644
index aa81e9c4b..000000000
--- a/service/controller/resource/monitoring/scrapeconfigs/test/openstack/case-1-vintage-mc.golden
+++ /dev/null
@@ -1,1167 +0,0 @@
-- job_name: kubernetes-prometheus/kubernetes-apiserver-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_label_component]
-    regex: apiserver
-    action: keep
-  - source_labels: [__meta_kubernetes_endpoint_port_name]
-    regex: https
-    action: keep
-  - target_label: app
-    replacement: kubernetes
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-# falco-exporter
-- job_name: kubernetes-prometheus/falco-exporter-kubernetes/0
-  honor_labels: true
-  scheme: http
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - giantswarm
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name]
-    regex: falco-exporter
-    action: keep
-  - source_labels: [__meta_kubernetes_endpoints_label_app_kubernetes_io_name]
-    target_label: app
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# Add kubelet configuration
-- job_name: kubernetes-prometheus/kubelet-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: node
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - target_label: app
-    replacement: kubelet
-  - source_labels: [__address__]
-    target_label: instance
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/nodes/${1}:10250/proxy/metrics
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: node
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-  # drop uid label from kubelet
-  - action: labeldrop
-    regex: uid
-# Add scrape configuration for cadvisor
-- job_name: kubernetes-prometheus/cadvisor-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: node
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_node_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
-  - target_label: app
-    replacement: cadvisor
-  # Add node name.
-  - source_labels: [__meta_kubernetes_node_label_kubernetes_io_hostname]
-    target_label: node
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  # drop id and name labels from cAdvisor as they do not provide value but use a lot of RAM
-  - action: labeldrop
-    regex: id|name
-  # dropping explained here https://github.com/giantswarm/giantswarm/issues/26361
-  - source_labels: [__name__]
-    regex: container_(blkio_device_usage_total|network_transmit_errors_total|network_receive_errors_total|tasks_state|memory_failures_total|memory_max_usage_bytes|cpu_load_average_10s|memory_failcnt|cpu_system_seconds_total)
-    action: drop
-  - source_labels: [namespace]
-    regex: (kube-system|giantswarm.*|.*-prometheus|monitoring|flux-.*|kyverno|loki)
-    action: keep
-# calico-node
-- job_name: kubernetes-prometheus/calico-node-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: ${1}:9091
-    target_label: instance
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (calico-node.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9091/proxy/metrics
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
-    regex: kube-system;calico-node.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# Add etcd configuration
-- job_name: kubernetes-prometheus/etcd-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /etc/prometheus/secrets/etcd-certificates/ca
-    cert_file: /etc/prometheus/secrets/etcd-certificates/crt
-    key_file: /etc/prometheus/secrets/etcd-certificates/key
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (etcd)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
-    action: replace
-  - source_labels: [ __meta_kubernetes_pod_name ]
-    target_label: pod_name
-  - target_label: app
-    replacement: etcd
-  - source_labels: [__address__]
-    target_label: instance
-  # Add ip label.
-  - target_label: ip
-    source_labels: [__meta_kubernetes_node_address_InternalIP]
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-# kube-controller-manager
-- job_name: kubernetes-prometheus/kubernetes-controller-manager-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: 10257
-    target_label: __tmp_port
-  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    regex: true;(\d+)
-    replacement: $1
-    target_label: __tmp_port
-  - source_labels: [__address__, __tmp_port]
-    target_label: instance
-    regex: (.+);(.+)
-    replacement: $1:$2
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (k8s-controller-manager|kube-controller-manager)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
-    target_label: __metrics_path__
-    regex: (.+);(\d+)
-    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
-  - target_label: app
-    replacement: kube-controller-manager
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-# kube-scheduler
-- job_name: kubernetes-prometheus/kubernetes-scheduler-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: 10259
-    target_label: __tmp_port
-  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring_port,__meta_kubernetes_pod_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    regex: true;(\d+)
-    replacement: $1
-    target_label: __tmp_port
-  - source_labels: [__address__, __tmp_port]
-    target_label: instance
-    regex: (.+);(.+)
-    replacement: $1:$2
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (k8s-scheduler|kube-scheduler)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
-    target_label: __metrics_path__
-    regex: (.+);(\d+)
-    replacement: /api/v1/namespaces/kube-system/pods/https:${1}:${2}/proxy/metrics
-  - target_label: app
-    replacement: kube-scheduler
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-# kube-proxy
-- job_name: kubernetes-prometheus/kube-proxy-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    replacement: $1:10249
-    target_label: instance
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (kube-proxy.*)
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (kube-proxy.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:10249/proxy/metrics
-  - target_label: app
-    replacement: kube-proxy
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-# coredns
-- job_name: kubernetes-prometheus/coredns-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: coredns
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (coredns.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9153/proxy/metrics
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused coredns metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: coredns_dns_(response_size_bytes_bucket|request_size_bytes_bucket)
-    action: drop
-# cert-exporter
-- job_name: kubernetes-prometheus/cert-exporter-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - monitoring
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: instance
-  - source_labels: [__meta_kubernetes_service_label_app]
-    regex: cert-exporter
-    action: keep
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (cert-exporter.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:9005/proxy/metrics
-  - source_labels: [__meta_kubernetes_service_label_app]
-    target_label: app
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# node-exporter
-- job_name: kubernetes-prometheus/node-exporter-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - source_labels: [__meta_kubernetes_pod_name]
-    regex: (node-exporter.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:10300/proxy/metrics
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_name]
-    regex: kube-system;node-exporter.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: app
-  - source_labels: [__meta_kubernetes_pod_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_pod_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: node_(filesystem_files|filesystem_readonly|nfs_requests_total|network_carrier|network_transmit_colls_total|network_carrier_changes_total|network_transmit_packets_total|network_carrier_down_changes_total|network_carrier_up_changes_total|network_iface_id|xfs_.+|ethtool_.+)
-    action: drop
-- job_name: kubernetes-prometheus/workload-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: keep
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_path is present, we use it as the metrics path
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_path]
-    action: replace
-    target_label: __metrics_path__
-    regex: (.+)
-    # if __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port, we use it as the metrics port
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_port]
-    action: replace
-    target_label: __address__
-    regex: ([^:]+):(\d+);(\d+)
-    replacement: $1:$3
-    # if the protocol is empty, we set it to http by default, this allows to override the protocol for services using https like prometheus operator
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol]
-    action: replace
-    target_label: __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol
-    regex: (.*);
-    replacement: "http"
-  - source_labels: [__meta_kubernetes_pod_ip, __address__]
-    regex: (.*);([^:]+):(\d+)
-    replacement: $1:$3
-    target_label: instance
-  - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_annotation_giantswarm_io_monitoring_protocol, __meta_kubernetes_pod_name, __address__, __metrics_path__]
-    regex: (.*);(.*);(.*);(.+:)(\d+);(.*)
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/${1}/pods/${2}:${3}:${5}/proxy${6}
-    action: replace
-  - regex: (.*)
-    target_label: __address__
-    replacement: kubernetes.default:443
-    action: replace
-  - source_labels: [__meta_kubernetes_service_name]
-    regex: (.*)
-    target_label: app
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotation_giantswarm_io_monitoring_app_label]
-    regex: (.+)
-    target_label: app
-    action: replace
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  metric_relabel_configs:
-  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
-    action: drop
-  # drop unused kong metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kong_(upstream_target_health|latency_bucket|latency_count|latency_sum)
-    action: drop
-  # drop unused kube-state-metrics metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: kube_(.+_annotations|secret_type|pod_status_qos_class|pod_tolerations|pod_status_scheduled|replicaset_metadata_generation|replicaset_status_observed_generation|replicaset_annotations|replicaset_status_fully_labeled_replicas|.+_metadata_resource_version)
-    action: drop
-  # drop unused promtail/loki metrics
-  - source_labels: [__name__]
-    regex: promtail_request_duration_seconds_bucket|loki_request_duration_seconds_bucket
-    action: drop
-  # drop unused rest client metrics
-  - source_labels: [__name__]
-    regex: rest_client_(rate_limiter_duration_seconds_bucket|request_size_bytes_bucket|response_size_bytes_bucket)
-    action: drop
-  # drop image_id label from kube-state-metrics
-  - source_labels: [app,image_id]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    replacement: ""
-    action: replace
-    target_label: image_id
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: deployment
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: daemonset
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_type
-    replacement: statefulset
-    action: replace
-  - source_labels: [app,deployment]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,daemonset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,statefulset]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: workload_name
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_region]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: region
-    replacement: ${1}
-    action: replace
-  - source_labels: [app,label_topology_kubernetes_io_zone]
-    separator: ;
-    regex: kube-state-metrics;(.+)
-    target_label: zone
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_topology_kubernetes_io_region|label_topology_kubernetes_io_zone
-  # Override with label for AWS clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_deployment]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  # Override with label for Azure clusters if exists.
-  - source_labels: [app,label_giantswarm_io_machine_pool]
-    regex: kube-state-metrics;(.+)
-    target_label: nodepool
-    replacement: ${1}
-    action: replace
-  - action: labeldrop
-    regex: label_giantswarm_io_machine_pool|label_giantswarm_io_machine_deployment
-# cert-operator (missing label) (versionned so it needs to be kept)
-- job_name: kubernetes-prometheus/cert-operator-kubernetes/0
-  honor_labels: true
-  scheme: http
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - giantswarm
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
-    regex: cert-operator
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
-    target_label: app
-  - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_version]
-    target_label: version
-  - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
-    regex: (.+)
-    target_label: __metrics_path__
-    replacement: $1
-    action: replace
-  - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
-    regex: (.+)(?::\d+);(\d+)
-    target_label: __address__
-    replacement: $1:$2
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
-    regex: (https?)
-    target_label: __scheme__
-    replacement: $1
-    action: replace
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# installation-specific configs from config repo
-- job_name: test1
-  static_configs:
-  - targets:
-    - 1.1.1.1:123
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: __param_target
-- job_name: test2
-  static_configs:
-  - targets:
-    - 8.8.8.8:123
-  relabel_configs:
-  - source_labels: [__address__]
-    target_label: __param_target
-# nginx-ingress-controller
-- job_name: kubernetes-prometheus/nginx-ingress-controller-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: endpoints
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  - source_labels: [__meta_kubernetes_service_label_k8s_app]
-    regex: nginx-ingress-controller.*
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_ip]
-    target_label: instance
-    replacement: ${1}:10254
-  - target_label: __address__
-    replacement: kubernetes.default:443
-  - target_label: app
-    replacement: nginx-ingress-controller
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: __metrics_path__
-    replacement: /api/v1/namespaces/kube-system/pods/${1}:10254/proxy/metrics
-  - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring]
-    regex: .*(true).*
-    action: drop
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  metric_relabel_configs:
-  # drop unused nginx metrics with the highest cardinality as they increase Prometheus memory usage
-  - source_labels: [__name__]
-    regex: nginx_ingress_controller_(bytes_sent_bucket|request_size_bucket|response_duration_seconds_bucket|response_size_bucket|request_duration_seconds_count|connect_duration_seconds_bucket|header_duration_seconds_bucket|bytes_sent_count|request_duration_seconds_sum|bytes_sent_sum|request_size_count|response_size_count|response_duration_seconds_sum|response_duration_seconds_count|ingress_upstream_latency_seconds|ingress_upstream_latency_seconds_sum|ingress_upstream_latency_seconds_count)
-    action: drop
-# prometheus
-- job_name: kubernetes-prometheus/prometheus-kubernetes/0
-  honor_labels: true
-  scheme: http
-  metrics_path: /kubernetes/metrics
-  static_configs:
-    - targets: ['localhost:9090']
-  relabel_configs:
-  - replacement: prometheus
-    target_label: app
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
-# cilium agent and cilium operator
-- job_name: kubernetes-prometheus/cilium-kubernetes/0
-  honor_labels: true
-  scheme: https
-  kubernetes_sd_configs:
-  - role: pod
-    namespaces:
-      names:
-      - kube-system
-  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-  tls_config:
-    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    insecure_skip_verify: true
-  relabel_configs:
-  - replacement: http
-    target_label: __scheme__
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (cilium-agent|cilium-operator)
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_port_number]
-    regex: (9090|6942)
-    action: keep
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    regex: (.*)
-    target_label: app
-    replacement: $1
-  # Add namespace label.
-  - source_labels: [__meta_kubernetes_namespace]
-    target_label: namespace
-  # Add pod label.
-  - source_labels: [__meta_kubernetes_pod_name]
-    target_label: pod
-  # Add container label.
-  - source_labels: [__meta_kubernetes_pod_container_name]
-    target_label: container
-  # Add node label.
-  - source_labels: [__meta_kubernetes_pod_node_name]
-    target_label: node
-  # Add role label.
-  - source_labels: [__meta_kubernetes_node_label_role]
-    target_label: role
-  # Add cluster_id label.
-  - target_label: cluster_id
-    replacement: kubernetes
-  # Add cluster_type label.
-  - target_label: cluster_type
-    replacement: management_cluster
-  # Add provider label.
-  - target_label: provider
-    replacement: openstack
-  # Add installation label.
-  - target_label: installation
-    replacement: test-installation
-  # Add priority label.
-  - target_label: service_priority
-    replacement: highest
-  # Add organization label.
-  - target_label: organization
-    replacement: my-organization
-  # Add customer label.
-  - target_label: customer
-    replacement: pmo
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/resource_test.go b/service/controller/resource/monitoring/verticalpodautoscaler/resource_test.go
index 1b3b052e2..cc3637a94 100644
--- a/service/controller/resource/monitoring/verticalpodautoscaler/resource_test.go
+++ b/service/controller/resource/monitoring/verticalpodautoscaler/resource_test.go
@@ -21,11 +21,7 @@ import (
 var update = flag.Bool("update", false, "update the output file")
 
 func TestVerticalPodAutoScaler(t *testing.T) {
-	outputDir, err := filepath.Abs("./test")
-	if err != nil {
-		t.Fatal(err)
-	}
-
+	var err error
 	var logger micrologger.Logger
 	{
 		c := micrologger.Config{}
@@ -59,31 +55,40 @@ func TestVerticalPodAutoScaler(t *testing.T) {
 			t.Fatal(err)
 		}
 	}
-
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			c := Config{
-				Logger:    logger,
-				K8sClient: k8sClient,
-				VpaClient: vpa_clientsetfake.NewSimpleClientset(),
-			}
-			r, err := New(c)
-			if err != nil {
-				return nil, err
-			}
-			return r.getObject(context.Background(), v)
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
+	testFunc := func(v interface{}) (interface{}, error) {
+		c := Config{
+			Logger:    logger,
+			K8sClient: k8sClient,
+			VpaClient: vpa_clientsetfake.NewSimpleClientset(),
+		}
+		r, err := New(c)
+		if err != nil {
+			return nil, err
+		}
+		return r.getObject(context.Background(), v)
 	}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc:  testFunc,
+			Update:    *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-1-capa-mc.golden b/service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..79afdd829
--- /dev/null
+++ b/service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-1-capa-mc.golden
@@ -0,0 +1,28 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: test-installation
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: test-installation
+  name: prometheus
+  namespace: test-installation-prometheus
+spec:
+  resourcePolicy:
+    containerPolicies:
+    - containerName: prometheus
+      controlledValues: RequestsAndLimits
+      maxAllowed:
+        cpu: "4"
+        memory: "13743895347"
+      minAllowed:
+        cpu: 100m
+        memory: "1073741824"
+      mode: Auto
+  targetRef:
+    apiVersion: apps/v1
+    kind: StatefulSet
+    name: prometheus-test-installation
+  updatePolicy:
+    updateMode: Auto
+status: {}
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/test/case-3-aws-v18.golden b/service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/monitoring/verticalpodautoscaler/test/case-3-aws-v18.golden
rename to service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-2-capa.golden
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/test/case-4-azure-v18.golden b/service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/monitoring/verticalpodautoscaler/test/case-4-azure-v18.golden
rename to service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-3-capz.golden
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/test/case-5-eks-v18.golden b/service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/monitoring/verticalpodautoscaler/test/case-5-eks-v18.golden
rename to service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-4-eks.golden
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-5-gcp.golden b/service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-5-gcp.golden
new file mode 100644
index 000000000..c30c47b2c
--- /dev/null
+++ b/service/controller/resource/monitoring/verticalpodautoscaler/test/capi/case-5-gcp.golden
@@ -0,0 +1,28 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: gcp-sample
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: gcp-sample
+  name: prometheus
+  namespace: gcp-sample-prometheus
+spec:
+  resourcePolicy:
+    containerPolicies:
+    - containerName: prometheus
+      controlledValues: RequestsAndLimits
+      maxAllowed:
+        cpu: "4"
+        memory: "13743895347"
+      minAllowed:
+        cpu: 100m
+        memory: "1073741824"
+      mode: Auto
+  targetRef:
+    apiVersion: apps/v1
+    kind: StatefulSet
+    name: prometheus-gcp-sample
+  updatePolicy:
+    updateMode: Auto
+status: {}
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/test/case-1-vintage-mc.golden b/service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/monitoring/verticalpodautoscaler/test/case-1-vintage-mc.golden
rename to service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/test/case-2-aws-v16.golden b/service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/monitoring/verticalpodautoscaler/test/case-2-aws-v16.golden
rename to service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-3-aws-v18.golden b/service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..c4ab9cc9a
--- /dev/null
+++ b/service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-3-aws-v18.golden
@@ -0,0 +1,28 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: baz
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: baz
+  name: prometheus
+  namespace: baz-prometheus
+spec:
+  resourcePolicy:
+    containerPolicies:
+    - containerName: prometheus
+      controlledValues: RequestsAndLimits
+      maxAllowed:
+        cpu: "4"
+        memory: "13743895347"
+      minAllowed:
+        cpu: 100m
+        memory: "1073741824"
+      mode: Auto
+  targetRef:
+    apiVersion: apps/v1
+    kind: StatefulSet
+    name: prometheus-baz
+  updatePolicy:
+    updateMode: Auto
+status: {}
diff --git a/service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-4-azure-v18.golden b/service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..b0e3f0851
--- /dev/null
+++ b/service/controller/resource/monitoring/verticalpodautoscaler/test/vintage/case-4-azure-v18.golden
@@ -0,0 +1,28 @@
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: foo
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: foo
+  name: prometheus
+  namespace: foo-prometheus
+spec:
+  resourcePolicy:
+    containerPolicies:
+    - containerName: prometheus
+      controlledValues: RequestsAndLimits
+      maxAllowed:
+        cpu: "4"
+        memory: "13743895347"
+      minAllowed:
+        cpu: 100m
+        memory: "1073741824"
+      mode: Auto
+  targetRef:
+    apiVersion: apps/v1
+    kind: StatefulSet
+    name: prometheus-foo
+  updatePolicy:
+    updateMode: Auto
+status: {}
diff --git a/service/controller/resource/namespace/resource_test.go b/service/controller/resource/namespace/resource_test.go
index b6f6762eb..ee669f29c 100644
--- a/service/controller/resource/namespace/resource_test.go
+++ b/service/controller/resource/namespace/resource_test.go
@@ -9,29 +9,34 @@ import (
 	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/unittest"
 )
 
-var update = flag.Bool("update", false, "update the ouput file")
+var update = flag.Bool("update", false, "update the output file")
 
 func TestNamespace(t *testing.T) {
-	outputDir, err := filepath.Abs("./test")
-	if err != nil {
-		t.Fatal(err)
+	testFunc := func(v interface{}) (interface{}, error) {
+		return toNamespace(context.Background(), v)
 	}
 
-	c := unittest.Config{
-		OutputDir: outputDir,
-		T:         t,
-		TestFunc: func(v interface{}) (interface{}, error) {
-			return toNamespace(context.Background(), v)
-		},
-		Update: *update,
-	}
-	runner, err := unittest.NewRunner(c)
-	if err != nil {
-		t.Fatal(err)
-	}
+	for _, flavor := range unittest.ProviderFlavors {
+		outputDir, err := filepath.Abs("./test/" + flavor)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		c := unittest.Config{
+			Flavor:    flavor,
+			OutputDir: outputDir,
+			T:         t,
+			TestFunc:  testFunc,
+			Update:    *update,
+		}
+		runner, err := unittest.NewRunner(c)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	err = runner.Run()
-	if err != nil {
-		t.Fatal(err)
+		err = runner.Run()
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 }
diff --git a/service/controller/resource/namespace/test/capi/case-1-capa-mc.golden b/service/controller/resource/namespace/test/capi/case-1-capa-mc.golden
new file mode 100644
index 000000000..c3ad71cd8
--- /dev/null
+++ b/service/controller/resource/namespace/test/capi/case-1-capa-mc.golden
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: test-installation
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: test-installation
+  name: test-installation-prometheus
+spec: {}
+status: {}
diff --git a/service/controller/resource/namespace/test/case-3-aws-v18.golden b/service/controller/resource/namespace/test/capi/case-2-capa.golden
similarity index 100%
rename from service/controller/resource/namespace/test/case-3-aws-v18.golden
rename to service/controller/resource/namespace/test/capi/case-2-capa.golden
diff --git a/service/controller/resource/namespace/test/case-4-azure-v18.golden b/service/controller/resource/namespace/test/capi/case-3-capz.golden
similarity index 100%
rename from service/controller/resource/namespace/test/case-4-azure-v18.golden
rename to service/controller/resource/namespace/test/capi/case-3-capz.golden
diff --git a/service/controller/resource/namespace/test/case-5-eks-v18.golden b/service/controller/resource/namespace/test/capi/case-4-eks.golden
similarity index 100%
rename from service/controller/resource/namespace/test/case-5-eks-v18.golden
rename to service/controller/resource/namespace/test/capi/case-4-eks.golden
diff --git a/service/controller/resource/namespace/test/capi/case-5-gcp.golden b/service/controller/resource/namespace/test/capi/case-5-gcp.golden
new file mode 100644
index 000000000..106a233e6
--- /dev/null
+++ b/service/controller/resource/namespace/test/capi/case-5-gcp.golden
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: gcp-sample
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: gcp-sample
+  name: gcp-sample-prometheus
+spec: {}
+status: {}
diff --git a/service/controller/resource/namespace/test/case-1-vintage-mc.golden b/service/controller/resource/namespace/test/vintage/case-1-vintage-mc.golden
similarity index 100%
rename from service/controller/resource/namespace/test/case-1-vintage-mc.golden
rename to service/controller/resource/namespace/test/vintage/case-1-vintage-mc.golden
diff --git a/service/controller/resource/namespace/test/case-2-aws-v16.golden b/service/controller/resource/namespace/test/vintage/case-2-aws-v16.golden
similarity index 100%
rename from service/controller/resource/namespace/test/case-2-aws-v16.golden
rename to service/controller/resource/namespace/test/vintage/case-2-aws-v16.golden
diff --git a/service/controller/resource/namespace/test/vintage/case-3-aws-v18.golden b/service/controller/resource/namespace/test/vintage/case-3-aws-v18.golden
new file mode 100644
index 000000000..a12107380
--- /dev/null
+++ b/service/controller/resource/namespace/test/vintage/case-3-aws-v18.golden
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: baz
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: baz
+  name: baz-prometheus
+spec: {}
+status: {}
diff --git a/service/controller/resource/namespace/test/vintage/case-4-azure-v18.golden b/service/controller/resource/namespace/test/vintage/case-4-azure-v18.golden
new file mode 100644
index 000000000..0d0fb150e
--- /dev/null
+++ b/service/controller/resource/namespace/test/vintage/case-4-azure-v18.golden
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: foo
+    app.kubernetes.io/managed-by: prometheus-meta-operator
+    app.kubernetes.io/name: prometheus
+    giantswarm.io/cluster: foo
+  name: foo-prometheus
+spec: {}
+status: {}