1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: prometheuses.monitoring.coreos.com
8spec:
9 group: monitoring.coreos.com
10 names:
11 categories:
12 - prometheus-operator
13 kind: Prometheus
14 listKind: PrometheusList
15 plural: prometheuses
16 shortNames:
17 - prom
18 singular: prometheus
19 scope: Namespaced
20 versions:
21 - additionalPrinterColumns:
22 - description: The version of Prometheus
23 jsonPath: .spec.version
24 name: Version
25 type: string
26 - description: The number of desired replicas
27 jsonPath: .spec.replicas
28 name: Desired
29 type: integer
30 - description: The number of ready replicas
31 jsonPath: .status.availableReplicas
32 name: Ready
33 type: integer
34 - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status
35 name: Reconciled
36 type: string
37 - jsonPath: .status.conditions[?(@.type == 'Available')].status
38 name: Available
39 type: string
40 - jsonPath: .metadata.creationTimestamp
41 name: Age
42 type: date
43 - description: Whether the resource reconciliation is paused or not
44 jsonPath: .status.paused
45 name: Paused
46 priority: 1
47 type: boolean
48 name: v1
49 schema:
50 openAPIV3Schema:
51 description: Prometheus defines a Prometheus deployment.
52 properties:
53 apiVersion:
54 description: |-
55 APIVersion defines the versioned schema of this representation of an object.
56 Servers should convert recognized schemas to the latest internal value, and
57 may reject unrecognized values.
58 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
59 type: string
60 kind:
61 description: |-
62 Kind is a string value representing the REST resource this object represents.
63 Servers may infer this from the endpoint the client submits requests to.
64 Cannot be updated.
65 In CamelCase.
66 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
67 type: string
68 metadata:
69 type: object
70 spec:
71 description: |-
72 Specification of the desired behavior of the Prometheus cluster. More info:
73 https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
74 properties:
75 additionalAlertManagerConfigs:
76 description: |-
77 AdditionalAlertManagerConfigs specifies a key of a Secret containing
78 additional Prometheus Alertmanager configurations. The Alertmanager
79 configurations are appended to the configuration generated by the
80 Prometheus Operator. They must be formatted according to the official
81 Prometheus documentation:
82
83
84 https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
85
86
87 The user is responsible for making sure that the configurations are valid
88
89
90 Note that using this feature may expose the possibility to break
91 upgrades of Prometheus. It is advised to review Prometheus release notes
92 to ensure that no incompatible AlertManager configs are going to break
93 Prometheus after the upgrade.
94 properties:
95 key:
96 description: The key of the secret to select from. Must be a
97 valid secret key.
98 type: string
99 name:
100 default: ""
101 description: |-
102 Name of the referent.
103 This field is effectively required, but due to backwards compatibility is
104 allowed to be empty. Instances of this type with an empty value here are
105 almost certainly wrong.
106 TODO: Add other useful fields. apiVersion, kind, uid?
107 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
108 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
109 type: string
110 optional:
111 description: Specify whether the Secret or its key must be defined
112 type: boolean
113 required:
114 - key
115 type: object
116 x-kubernetes-map-type: atomic
117 additionalAlertRelabelConfigs:
118 description: |-
119 AdditionalAlertRelabelConfigs specifies a key of a Secret containing
120 additional Prometheus alert relabel configurations. The alert relabel
121 configurations are appended to the configuration generated by the
122 Prometheus Operator. They must be formatted according to the official
123 Prometheus documentation:
124
125
126 https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs
127
128
129 The user is responsible for making sure that the configurations are valid
130
131
132 Note that using this feature may expose the possibility to break
133 upgrades of Prometheus. It is advised to review Prometheus release notes
134 to ensure that no incompatible alert relabel configs are going to break
135 Prometheus after the upgrade.
136 properties:
137 key:
138 description: The key of the secret to select from. Must be a
139 valid secret key.
140 type: string
141 name:
142 default: ""
143 description: |-
144 Name of the referent.
145 This field is effectively required, but due to backwards compatibility is
146 allowed to be empty. Instances of this type with an empty value here are
147 almost certainly wrong.
148 TODO: Add other useful fields. apiVersion, kind, uid?
149 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
150 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
151 type: string
152 optional:
153 description: Specify whether the Secret or its key must be defined
154 type: boolean
155 required:
156 - key
157 type: object
158 x-kubernetes-map-type: atomic
159 additionalArgs:
160 description: |-
161 AdditionalArgs allows setting additional arguments for the 'prometheus' container.
162
163
164 It is intended for e.g. activating hidden flags which are not supported by
165 the dedicated configuration options yet. The arguments are passed as-is to the
166 Prometheus container which may cause issues if they are invalid or not supported
167 by the given Prometheus version.
168
169
170 In case of an argument conflict (e.g. an argument which is already set by the
171 operator itself) or when providing an invalid argument, the reconciliation will
172 fail and an error will be logged.
173 items:
174 description: Argument as part of the AdditionalArgs list.
175 properties:
176 name:
177 description: Name of the argument, e.g. "scrape.discovery-reload-interval".
178 minLength: 1
179 type: string
180 value:
181 description: Argument value, e.g. 30s. Can be empty for name-only
182 arguments (e.g. --storage.tsdb.no-lockfile)
183 type: string
184 required:
185 - name
186 type: object
187 type: array
188 additionalScrapeConfigs:
189 description: |-
190 AdditionalScrapeConfigs allows specifying a key of a Secret containing
191 additional Prometheus scrape configurations. Scrape configurations
192 specified are appended to the configurations generated by the Prometheus
193 Operator. Job configurations specified must have the form as specified
194 in the official Prometheus documentation:
195 https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.
196 As scrape configs are appended, the user is responsible to make sure it
197 is valid. Note that using this feature may expose the possibility to
198 break upgrades of Prometheus. It is advised to review Prometheus release
199 notes to ensure that no incompatible scrape configs are going to break
200 Prometheus after the upgrade.
201 properties:
202 key:
203 description: The key of the secret to select from. Must be a
204 valid secret key.
205 type: string
206 name:
207 default: ""
208 description: |-
209 Name of the referent.
210 This field is effectively required, but due to backwards compatibility is
211 allowed to be empty. Instances of this type with an empty value here are
212 almost certainly wrong.
213 TODO: Add other useful fields. apiVersion, kind, uid?
214 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
215 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
216 type: string
217 optional:
218 description: Specify whether the Secret or its key must be defined
219 type: boolean
220 required:
221 - key
222 type: object
223 x-kubernetes-map-type: atomic
224 affinity:
225 description: Defines the Pods' affinity scheduling rules if specified.
226 properties:
227 nodeAffinity:
228 description: Describes node affinity scheduling rules for the
229 pod.
230 properties:
231 preferredDuringSchedulingIgnoredDuringExecution:
232 description: |-
233 The scheduler will prefer to schedule pods to nodes that satisfy
234 the affinity expressions specified by this field, but it may choose
235 a node that violates one or more of the expressions. The node that is
236 most preferred is the one with the greatest sum of weights, i.e.
237 for each node that meets all of the scheduling requirements (resource
238 request, requiredDuringScheduling affinity expressions, etc.),
239 compute a sum by iterating through the elements of this field and adding
240 "weight" to the sum if the node matches the corresponding matchExpressions; the
241 node(s) with the highest sum are the most preferred.
242 items:
243 description: |-
244 An empty preferred scheduling term matches all objects with implicit weight 0
245 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
246 properties:
247 preference:
248 description: A node selector term, associated with the
249 corresponding weight.
250 properties:
251 matchExpressions:
252 description: A list of node selector requirements
253 by node's labels.
254 items:
255 description: |-
256 A node selector requirement is a selector that contains values, a key, and an operator
257 that relates the key and values.
258 properties:
259 key:
260 description: The label key that the selector
261 applies to.
262 type: string
263 operator:
264 description: |-
265 Represents a key's relationship to a set of values.
266 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
267 type: string
268 values:
269 description: |-
270 An array of string values. If the operator is In or NotIn,
271 the values array must be non-empty. If the operator is Exists or DoesNotExist,
272 the values array must be empty. If the operator is Gt or Lt, the values
273 array must have a single element, which will be interpreted as an integer.
274 This array is replaced during a strategic merge patch.
275 items:
276 type: string
277 type: array
278 x-kubernetes-list-type: atomic
279 required:
280 - key
281 - operator
282 type: object
283 type: array
284 x-kubernetes-list-type: atomic
285 matchFields:
286 description: A list of node selector requirements
287 by node's fields.
288 items:
289 description: |-
290 A node selector requirement is a selector that contains values, a key, and an operator
291 that relates the key and values.
292 properties:
293 key:
294 description: The label key that the selector
295 applies to.
296 type: string
297 operator:
298 description: |-
299 Represents a key's relationship to a set of values.
300 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
301 type: string
302 values:
303 description: |-
304 An array of string values. If the operator is In or NotIn,
305 the values array must be non-empty. If the operator is Exists or DoesNotExist,
306 the values array must be empty. If the operator is Gt or Lt, the values
307 array must have a single element, which will be interpreted as an integer.
308 This array is replaced during a strategic merge patch.
309 items:
310 type: string
311 type: array
312 x-kubernetes-list-type: atomic
313 required:
314 - key
315 - operator
316 type: object
317 type: array
318 x-kubernetes-list-type: atomic
319 type: object
320 x-kubernetes-map-type: atomic
321 weight:
322 description: Weight associated with matching the corresponding
323 nodeSelectorTerm, in the range 1-100.
324 format: int32
325 type: integer
326 required:
327 - preference
328 - weight
329 type: object
330 type: array
331 x-kubernetes-list-type: atomic
332 requiredDuringSchedulingIgnoredDuringExecution:
333 description: |-
334 If the affinity requirements specified by this field are not met at
335 scheduling time, the pod will not be scheduled onto the node.
336 If the affinity requirements specified by this field cease to be met
337 at some point during pod execution (e.g. due to an update), the system
338 may or may not try to eventually evict the pod from its node.
339 properties:
340 nodeSelectorTerms:
341 description: Required. A list of node selector terms.
342 The terms are ORed.
343 items:
344 description: |-
345 A null or empty node selector term matches no objects. The requirements of
346 them are ANDed.
347 The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
348 properties:
349 matchExpressions:
350 description: A list of node selector requirements
351 by node's labels.
352 items:
353 description: |-
354 A node selector requirement is a selector that contains values, a key, and an operator
355 that relates the key and values.
356 properties:
357 key:
358 description: The label key that the selector
359 applies to.
360 type: string
361 operator:
362 description: |-
363 Represents a key's relationship to a set of values.
364 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
365 type: string
366 values:
367 description: |-
368 An array of string values. If the operator is In or NotIn,
369 the values array must be non-empty. If the operator is Exists or DoesNotExist,
370 the values array must be empty. If the operator is Gt or Lt, the values
371 array must have a single element, which will be interpreted as an integer.
372 This array is replaced during a strategic merge patch.
373 items:
374 type: string
375 type: array
376 x-kubernetes-list-type: atomic
377 required:
378 - key
379 - operator
380 type: object
381 type: array
382 x-kubernetes-list-type: atomic
383 matchFields:
384 description: A list of node selector requirements
385 by node's fields.
386 items:
387 description: |-
388 A node selector requirement is a selector that contains values, a key, and an operator
389 that relates the key and values.
390 properties:
391 key:
392 description: The label key that the selector
393 applies to.
394 type: string
395 operator:
396 description: |-
397 Represents a key's relationship to a set of values.
398 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
399 type: string
400 values:
401 description: |-
402 An array of string values. If the operator is In or NotIn,
403 the values array must be non-empty. If the operator is Exists or DoesNotExist,
404 the values array must be empty. If the operator is Gt or Lt, the values
405 array must have a single element, which will be interpreted as an integer.
406 This array is replaced during a strategic merge patch.
407 items:
408 type: string
409 type: array
410 x-kubernetes-list-type: atomic
411 required:
412 - key
413 - operator
414 type: object
415 type: array
416 x-kubernetes-list-type: atomic
417 type: object
418 x-kubernetes-map-type: atomic
419 type: array
420 x-kubernetes-list-type: atomic
421 required:
422 - nodeSelectorTerms
423 type: object
424 x-kubernetes-map-type: atomic
425 type: object
426 podAffinity:
427 description: Describes pod affinity scheduling rules (e.g. co-locate
428 this pod in the same node, zone, etc. as some other pod(s)).
429 properties:
430 preferredDuringSchedulingIgnoredDuringExecution:
431 description: |-
432 The scheduler will prefer to schedule pods to nodes that satisfy
433 the affinity expressions specified by this field, but it may choose
434 a node that violates one or more of the expressions. The node that is
435 most preferred is the one with the greatest sum of weights, i.e.
436 for each node that meets all of the scheduling requirements (resource
437 request, requiredDuringScheduling affinity expressions, etc.),
438 compute a sum by iterating through the elements of this field and adding
439 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
440 node(s) with the highest sum are the most preferred.
441 items:
442 description: The weights of all of the matched WeightedPodAffinityTerm
443 fields are added per-node to find the most preferred node(s)
444 properties:
445 podAffinityTerm:
446 description: Required. A pod affinity term, associated
447 with the corresponding weight.
448 properties:
449 labelSelector:
450 description: |-
451 A label query over a set of resources, in this case pods.
452 If it's null, this PodAffinityTerm matches with no Pods.
453 properties:
454 matchExpressions:
455 description: matchExpressions is a list of label
456 selector requirements. The requirements are
457 ANDed.
458 items:
459 description: |-
460 A label selector requirement is a selector that contains values, a key, and an operator that
461 relates the key and values.
462 properties:
463 key:
464 description: key is the label key that
465 the selector applies to.
466 type: string
467 operator:
468 description: |-
469 operator represents a key's relationship to a set of values.
470 Valid operators are In, NotIn, Exists and DoesNotExist.
471 type: string
472 values:
473 description: |-
474 values is an array of string values. If the operator is In or NotIn,
475 the values array must be non-empty. If the operator is Exists or DoesNotExist,
476 the values array must be empty. This array is replaced during a strategic
477 merge patch.
478 items:
479 type: string
480 type: array
481 x-kubernetes-list-type: atomic
482 required:
483 - key
484 - operator
485 type: object
486 type: array
487 x-kubernetes-list-type: atomic
488 matchLabels:
489 additionalProperties:
490 type: string
491 description: |-
492 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
493 map is equivalent to an element of matchExpressions, whose key field is "key", the
494 operator is "In", and the values array contains only "value". The requirements are ANDed.
495 type: object
496 type: object
497 x-kubernetes-map-type: atomic
498 matchLabelKeys:
499 description: |-
500 MatchLabelKeys is a set of pod label keys to select which pods will
501 be taken into consideration. The keys are used to lookup values from the
502 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
503 to select the group of existing pods which pods will be taken into consideration
504 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
505 pod labels will be ignored. The default value is empty.
506 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
507 Also, matchLabelKeys cannot be set when labelSelector isn't set.
508 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
509 items:
510 type: string
511 type: array
512 x-kubernetes-list-type: atomic
513 mismatchLabelKeys:
514 description: |-
515 MismatchLabelKeys is a set of pod label keys to select which pods will
516 be taken into consideration. The keys are used to lookup values from the
517 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
518 to select the group of existing pods which pods will be taken into consideration
519 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
520 pod labels will be ignored. The default value is empty.
521 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
522 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
523 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
524 items:
525 type: string
526 type: array
527 x-kubernetes-list-type: atomic
528 namespaceSelector:
529 description: |-
530 A label query over the set of namespaces that the term applies to.
531 The term is applied to the union of the namespaces selected by this field
532 and the ones listed in the namespaces field.
533 null selector and null or empty namespaces list means "this pod's namespace".
534 An empty selector ({}) matches all namespaces.
535 properties:
536 matchExpressions:
537 description: matchExpressions is a list of label
538 selector requirements. The requirements are
539 ANDed.
540 items:
541 description: |-
542 A label selector requirement is a selector that contains values, a key, and an operator that
543 relates the key and values.
544 properties:
545 key:
546 description: key is the label key that
547 the selector applies to.
548 type: string
549 operator:
550 description: |-
551 operator represents a key's relationship to a set of values.
552 Valid operators are In, NotIn, Exists and DoesNotExist.
553 type: string
554 values:
555 description: |-
556 values is an array of string values. If the operator is In or NotIn,
557 the values array must be non-empty. If the operator is Exists or DoesNotExist,
558 the values array must be empty. This array is replaced during a strategic
559 merge patch.
560 items:
561 type: string
562 type: array
563 x-kubernetes-list-type: atomic
564 required:
565 - key
566 - operator
567 type: object
568 type: array
569 x-kubernetes-list-type: atomic
570 matchLabels:
571 additionalProperties:
572 type: string
573 description: |-
574 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
575 map is equivalent to an element of matchExpressions, whose key field is "key", the
576 operator is "In", and the values array contains only "value". The requirements are ANDed.
577 type: object
578 type: object
579 x-kubernetes-map-type: atomic
580 namespaces:
581 description: |-
582 namespaces specifies a static list of namespace names that the term applies to.
583 The term is applied to the union of the namespaces listed in this field
584 and the ones selected by namespaceSelector.
585 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
586 items:
587 type: string
588 type: array
589 x-kubernetes-list-type: atomic
590 topologyKey:
591 description: |-
592 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
593 the labelSelector in the specified namespaces, where co-located is defined as running on a node
594 whose value of the label with key topologyKey matches that of any node on which any of the
595 selected pods is running.
596 Empty topologyKey is not allowed.
597 type: string
598 required:
599 - topologyKey
600 type: object
601 weight:
602 description: |-
603 weight associated with matching the corresponding podAffinityTerm,
604 in the range 1-100.
605 format: int32
606 type: integer
607 required:
608 - podAffinityTerm
609 - weight
610 type: object
611 type: array
612 x-kubernetes-list-type: atomic
613 requiredDuringSchedulingIgnoredDuringExecution:
614 description: |-
615 If the affinity requirements specified by this field are not met at
616 scheduling time, the pod will not be scheduled onto the node.
617 If the affinity requirements specified by this field cease to be met
618 at some point during pod execution (e.g. due to a pod label update), the
619 system may or may not try to eventually evict the pod from its node.
620 When there are multiple elements, the lists of nodes corresponding to each
621 podAffinityTerm are intersected, i.e. all terms must be satisfied.
622 items:
623 description: |-
624 Defines a set of pods (namely those matching the labelSelector
625 relative to the given namespace(s)) that this pod should be
626 co-located (affinity) or not co-located (anti-affinity) with,
627 where co-located is defined as running on a node whose value of
628 the label with key <topologyKey> matches that of any node on which
629 a pod of the set of pods is running
630 properties:
631 labelSelector:
632 description: |-
633 A label query over a set of resources, in this case pods.
634 If it's null, this PodAffinityTerm matches with no Pods.
635 properties:
636 matchExpressions:
637 description: matchExpressions is a list of label
638 selector requirements. The requirements are ANDed.
639 items:
640 description: |-
641 A label selector requirement is a selector that contains values, a key, and an operator that
642 relates the key and values.
643 properties:
644 key:
645 description: key is the label key that the
646 selector applies to.
647 type: string
648 operator:
649 description: |-
650 operator represents a key's relationship to a set of values.
651 Valid operators are In, NotIn, Exists and DoesNotExist.
652 type: string
653 values:
654 description: |-
655 values is an array of string values. If the operator is In or NotIn,
656 the values array must be non-empty. If the operator is Exists or DoesNotExist,
657 the values array must be empty. This array is replaced during a strategic
658 merge patch.
659 items:
660 type: string
661 type: array
662 x-kubernetes-list-type: atomic
663 required:
664 - key
665 - operator
666 type: object
667 type: array
668 x-kubernetes-list-type: atomic
669 matchLabels:
670 additionalProperties:
671 type: string
672 description: |-
673 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
674 map is equivalent to an element of matchExpressions, whose key field is "key", the
675 operator is "In", and the values array contains only "value". The requirements are ANDed.
676 type: object
677 type: object
678 x-kubernetes-map-type: atomic
679 matchLabelKeys:
680 description: |-
681 MatchLabelKeys is a set of pod label keys to select which pods will
682 be taken into consideration. The keys are used to lookup values from the
683 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
684 to select the group of existing pods which pods will be taken into consideration
685 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
686 pod labels will be ignored. The default value is empty.
687 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
688 Also, matchLabelKeys cannot be set when labelSelector isn't set.
689 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
690 items:
691 type: string
692 type: array
693 x-kubernetes-list-type: atomic
694 mismatchLabelKeys:
695 description: |-
696 MismatchLabelKeys is a set of pod label keys to select which pods will
697 be taken into consideration. The keys are used to lookup values from the
698 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
699 to select the group of existing pods which pods will be taken into consideration
700 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
701 pod labels will be ignored. The default value is empty.
702 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
703 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
704 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
705 items:
706 type: string
707 type: array
708 x-kubernetes-list-type: atomic
709 namespaceSelector:
710 description: |-
711 A label query over the set of namespaces that the term applies to.
712 The term is applied to the union of the namespaces selected by this field
713 and the ones listed in the namespaces field.
714 null selector and null or empty namespaces list means "this pod's namespace".
715 An empty selector ({}) matches all namespaces.
716 properties:
717 matchExpressions:
718 description: matchExpressions is a list of label
719 selector requirements. The requirements are ANDed.
720 items:
721 description: |-
722 A label selector requirement is a selector that contains values, a key, and an operator that
723 relates the key and values.
724 properties:
725 key:
726 description: key is the label key that the
727 selector applies to.
728 type: string
729 operator:
730 description: |-
731 operator represents a key's relationship to a set of values.
732 Valid operators are In, NotIn, Exists and DoesNotExist.
733 type: string
734 values:
735 description: |-
736 values is an array of string values. If the operator is In or NotIn,
737 the values array must be non-empty. If the operator is Exists or DoesNotExist,
738 the values array must be empty. This array is replaced during a strategic
739 merge patch.
740 items:
741 type: string
742 type: array
743 x-kubernetes-list-type: atomic
744 required:
745 - key
746 - operator
747 type: object
748 type: array
749 x-kubernetes-list-type: atomic
750 matchLabels:
751 additionalProperties:
752 type: string
753 description: |-
754 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
755 map is equivalent to an element of matchExpressions, whose key field is "key", the
756 operator is "In", and the values array contains only "value". The requirements are ANDed.
757 type: object
758 type: object
759 x-kubernetes-map-type: atomic
760 namespaces:
761 description: |-
762 namespaces specifies a static list of namespace names that the term applies to.
763 The term is applied to the union of the namespaces listed in this field
764 and the ones selected by namespaceSelector.
765 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
766 items:
767 type: string
768 type: array
769 x-kubernetes-list-type: atomic
770 topologyKey:
771 description: |-
772 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
773 the labelSelector in the specified namespaces, where co-located is defined as running on a node
774 whose value of the label with key topologyKey matches that of any node on which any of the
775 selected pods is running.
776 Empty topologyKey is not allowed.
777 type: string
778 required:
779 - topologyKey
780 type: object
781 type: array
782 x-kubernetes-list-type: atomic
783 type: object
784 podAntiAffinity:
785 description: Describes pod anti-affinity scheduling rules (e.g.
786 avoid putting this pod in the same node, zone, etc. as some
787 other pod(s)).
788 properties:
789 preferredDuringSchedulingIgnoredDuringExecution:
790 description: |-
791 The scheduler will prefer to schedule pods to nodes that satisfy
792 the anti-affinity expressions specified by this field, but it may choose
793 a node that violates one or more of the expressions. The node that is
794 most preferred is the one with the greatest sum of weights, i.e.
795 for each node that meets all of the scheduling requirements (resource
796 request, requiredDuringScheduling anti-affinity expressions, etc.),
797 compute a sum by iterating through the elements of this field and adding
798 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
799 node(s) with the highest sum are the most preferred.
800 items:
801 description: The weights of all of the matched WeightedPodAffinityTerm
802 fields are added per-node to find the most preferred node(s)
803 properties:
804 podAffinityTerm:
805 description: Required. A pod affinity term, associated
806 with the corresponding weight.
807 properties:
808 labelSelector:
809 description: |-
810 A label query over a set of resources, in this case pods.
811 If it's null, this PodAffinityTerm matches with no Pods.
812 properties:
813 matchExpressions:
814 description: matchExpressions is a list of label
815 selector requirements. The requirements are
816 ANDed.
817 items:
818 description: |-
819 A label selector requirement is a selector that contains values, a key, and an operator that
820 relates the key and values.
821 properties:
822 key:
823 description: key is the label key that
824 the selector applies to.
825 type: string
826 operator:
827 description: |-
828 operator represents a key's relationship to a set of values.
829 Valid operators are In, NotIn, Exists and DoesNotExist.
830 type: string
831 values:
832 description: |-
833 values is an array of string values. If the operator is In or NotIn,
834 the values array must be non-empty. If the operator is Exists or DoesNotExist,
835 the values array must be empty. This array is replaced during a strategic
836 merge patch.
837 items:
838 type: string
839 type: array
840 x-kubernetes-list-type: atomic
841 required:
842 - key
843 - operator
844 type: object
845 type: array
846 x-kubernetes-list-type: atomic
847 matchLabels:
848 additionalProperties:
849 type: string
850 description: |-
851 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
852 map is equivalent to an element of matchExpressions, whose key field is "key", the
853 operator is "In", and the values array contains only "value". The requirements are ANDed.
854 type: object
855 type: object
856 x-kubernetes-map-type: atomic
857 matchLabelKeys:
858 description: |-
859 MatchLabelKeys is a set of pod label keys to select which pods will
860 be taken into consideration. The keys are used to lookup values from the
861 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
862 to select the group of existing pods which pods will be taken into consideration
863 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
864 pod labels will be ignored. The default value is empty.
865 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
866 Also, matchLabelKeys cannot be set when labelSelector isn't set.
867 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
868 items:
869 type: string
870 type: array
871 x-kubernetes-list-type: atomic
872 mismatchLabelKeys:
873 description: |-
874 MismatchLabelKeys is a set of pod label keys to select which pods will
875 be taken into consideration. The keys are used to lookup values from the
876 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
877 to select the group of existing pods which pods will be taken into consideration
878 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
879 pod labels will be ignored. The default value is empty.
880 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
881 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
882 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
883 items:
884 type: string
885 type: array
886 x-kubernetes-list-type: atomic
887 namespaceSelector:
888 description: |-
889 A label query over the set of namespaces that the term applies to.
890 The term is applied to the union of the namespaces selected by this field
891 and the ones listed in the namespaces field.
892 null selector and null or empty namespaces list means "this pod's namespace".
893 An empty selector ({}) matches all namespaces.
894 properties:
895 matchExpressions:
896 description: matchExpressions is a list of label
897 selector requirements. The requirements are
898 ANDed.
899 items:
900 description: |-
901 A label selector requirement is a selector that contains values, a key, and an operator that
902 relates the key and values.
903 properties:
904 key:
905 description: key is the label key that
906 the selector applies to.
907 type: string
908 operator:
909 description: |-
910 operator represents a key's relationship to a set of values.
911 Valid operators are In, NotIn, Exists and DoesNotExist.
912 type: string
913 values:
914 description: |-
915 values is an array of string values. If the operator is In or NotIn,
916 the values array must be non-empty. If the operator is Exists or DoesNotExist,
917 the values array must be empty. This array is replaced during a strategic
918 merge patch.
919 items:
920 type: string
921 type: array
922 x-kubernetes-list-type: atomic
923 required:
924 - key
925 - operator
926 type: object
927 type: array
928 x-kubernetes-list-type: atomic
929 matchLabels:
930 additionalProperties:
931 type: string
932 description: |-
933 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
934 map is equivalent to an element of matchExpressions, whose key field is "key", the
935 operator is "In", and the values array contains only "value". The requirements are ANDed.
936 type: object
937 type: object
938 x-kubernetes-map-type: atomic
939 namespaces:
940 description: |-
941 namespaces specifies a static list of namespace names that the term applies to.
942 The term is applied to the union of the namespaces listed in this field
943 and the ones selected by namespaceSelector.
944 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
945 items:
946 type: string
947 type: array
948 x-kubernetes-list-type: atomic
949 topologyKey:
950 description: |-
951 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
952 the labelSelector in the specified namespaces, where co-located is defined as running on a node
953 whose value of the label with key topologyKey matches that of any node on which any of the
954 selected pods is running.
955 Empty topologyKey is not allowed.
956 type: string
957 required:
958 - topologyKey
959 type: object
960 weight:
961 description: |-
962 weight associated with matching the corresponding podAffinityTerm,
963 in the range 1-100.
964 format: int32
965 type: integer
966 required:
967 - podAffinityTerm
968 - weight
969 type: object
970 type: array
971 x-kubernetes-list-type: atomic
972 requiredDuringSchedulingIgnoredDuringExecution:
973 description: |-
974 If the anti-affinity requirements specified by this field are not met at
975 scheduling time, the pod will not be scheduled onto the node.
976 If the anti-affinity requirements specified by this field cease to be met
977 at some point during pod execution (e.g. due to a pod label update), the
978 system may or may not try to eventually evict the pod from its node.
979 When there are multiple elements, the lists of nodes corresponding to each
980 podAffinityTerm are intersected, i.e. all terms must be satisfied.
981 items:
982 description: |-
983 Defines a set of pods (namely those matching the labelSelector
984 relative to the given namespace(s)) that this pod should be
985 co-located (affinity) or not co-located (anti-affinity) with,
986 where co-located is defined as running on a node whose value of
987 the label with key <topologyKey> matches that of any node on which
988 a pod of the set of pods is running
989 properties:
990 labelSelector:
991 description: |-
992 A label query over a set of resources, in this case pods.
993 If it's null, this PodAffinityTerm matches with no Pods.
994 properties:
995 matchExpressions:
996 description: matchExpressions is a list of label
997 selector requirements. The requirements are ANDed.
998 items:
999 description: |-
1000 A label selector requirement is a selector that contains values, a key, and an operator that
1001 relates the key and values.
1002 properties:
1003 key:
1004 description: key is the label key that the
1005 selector applies to.
1006 type: string
1007 operator:
1008 description: |-
1009 operator represents a key's relationship to a set of values.
1010 Valid operators are In, NotIn, Exists and DoesNotExist.
1011 type: string
1012 values:
1013 description: |-
1014 values is an array of string values. If the operator is In or NotIn,
1015 the values array must be non-empty. If the operator is Exists or DoesNotExist,
1016 the values array must be empty. This array is replaced during a strategic
1017 merge patch.
1018 items:
1019 type: string
1020 type: array
1021 x-kubernetes-list-type: atomic
1022 required:
1023 - key
1024 - operator
1025 type: object
1026 type: array
1027 x-kubernetes-list-type: atomic
1028 matchLabels:
1029 additionalProperties:
1030 type: string
1031 description: |-
1032 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
1033 map is equivalent to an element of matchExpressions, whose key field is "key", the
1034 operator is "In", and the values array contains only "value". The requirements are ANDed.
1035 type: object
1036 type: object
1037 x-kubernetes-map-type: atomic
1038 matchLabelKeys:
1039 description: |-
1040 MatchLabelKeys is a set of pod label keys to select which pods will
1041 be taken into consideration. The keys are used to lookup values from the
1042 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
1043 to select the group of existing pods which pods will be taken into consideration
1044 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
1045 pod labels will be ignored. The default value is empty.
1046 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
1047 Also, matchLabelKeys cannot be set when labelSelector isn't set.
1048 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
1049 items:
1050 type: string
1051 type: array
1052 x-kubernetes-list-type: atomic
1053 mismatchLabelKeys:
1054 description: |-
1055 MismatchLabelKeys is a set of pod label keys to select which pods will
1056 be taken into consideration. The keys are used to lookup values from the
1057 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
1058 to select the group of existing pods which pods will be taken into consideration
1059 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
1060 pod labels will be ignored. The default value is empty.
1061 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
1062 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
1063 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
1064 items:
1065 type: string
1066 type: array
1067 x-kubernetes-list-type: atomic
1068 namespaceSelector:
1069 description: |-
1070 A label query over the set of namespaces that the term applies to.
1071 The term is applied to the union of the namespaces selected by this field
1072 and the ones listed in the namespaces field.
1073 null selector and null or empty namespaces list means "this pod's namespace".
1074 An empty selector ({}) matches all namespaces.
1075 properties:
1076 matchExpressions:
1077 description: matchExpressions is a list of label
1078 selector requirements. The requirements are ANDed.
1079 items:
1080 description: |-
1081 A label selector requirement is a selector that contains values, a key, and an operator that
1082 relates the key and values.
1083 properties:
1084 key:
1085 description: key is the label key that the
1086 selector applies to.
1087 type: string
1088 operator:
1089 description: |-
1090 operator represents a key's relationship to a set of values.
1091 Valid operators are In, NotIn, Exists and DoesNotExist.
1092 type: string
1093 values:
1094 description: |-
1095 values is an array of string values. If the operator is In or NotIn,
1096 the values array must be non-empty. If the operator is Exists or DoesNotExist,
1097 the values array must be empty. This array is replaced during a strategic
1098 merge patch.
1099 items:
1100 type: string
1101 type: array
1102 x-kubernetes-list-type: atomic
1103 required:
1104 - key
1105 - operator
1106 type: object
1107 type: array
1108 x-kubernetes-list-type: atomic
1109 matchLabels:
1110 additionalProperties:
1111 type: string
1112 description: |-
1113 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
1114 map is equivalent to an element of matchExpressions, whose key field is "key", the
1115 operator is "In", and the values array contains only "value". The requirements are ANDed.
1116 type: object
1117 type: object
1118 x-kubernetes-map-type: atomic
1119 namespaces:
1120 description: |-
1121 namespaces specifies a static list of namespace names that the term applies to.
1122 The term is applied to the union of the namespaces listed in this field
1123 and the ones selected by namespaceSelector.
1124 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
1125 items:
1126 type: string
1127 type: array
1128 x-kubernetes-list-type: atomic
1129 topologyKey:
1130 description: |-
1131 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
1132 the labelSelector in the specified namespaces, where co-located is defined as running on a node
1133 whose value of the label with key topologyKey matches that of any node on which any of the
1134 selected pods is running.
1135 Empty topologyKey is not allowed.
1136 type: string
1137 required:
1138 - topologyKey
1139 type: object
1140 type: array
1141 x-kubernetes-list-type: atomic
1142 type: object
1143 type: object
1144 alerting:
1145 description: Defines the settings related to Alertmanager.
1146 properties:
1147 alertmanagers:
1148 description: AlertmanagerEndpoints Prometheus should fire alerts
1149 against.
1150 items:
1151 description: |-
1152 AlertmanagerEndpoints defines a selection of a single Endpoints object
1153 containing Alertmanager IPs to fire alerts against.
1154 properties:
1155 apiVersion:
1156 description: |-
1157 Version of the Alertmanager API that Prometheus uses to send alerts.
1158 It can be "v1" or "v2".
1159 type: string
1160 authorization:
1161 description: |-
1162 Authorization section for Alertmanager.
1163
1164
1165 Cannot be set at the same time as `basicAuth`, or `bearerTokenFile`.
1166 properties:
1167 credentials:
1168 description: Selects a key of a Secret in the namespace
1169 that contains the credentials for authentication.
1170 properties:
1171 key:
1172 description: The key of the secret to select from. Must
1173 be a valid secret key.
1174 type: string
1175 name:
1176 default: ""
1177 description: |-
1178 Name of the referent.
1179 This field is effectively required, but due to backwards compatibility is
1180 allowed to be empty. Instances of this type with an empty value here are
1181 almost certainly wrong.
1182 TODO: Add other useful fields. apiVersion, kind, uid?
1183 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1184 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1185 type: string
1186 optional:
1187 description: Specify whether the Secret or its key
1188 must be defined
1189 type: boolean
1190 required:
1191 - key
1192 type: object
1193 x-kubernetes-map-type: atomic
1194 type:
1195 description: |-
1196 Defines the authentication type. The value is case-insensitive.
1197
1198
1199 "Basic" is not a supported value.
1200
1201
1202 Default: "Bearer"
1203 type: string
1204 type: object
1205 basicAuth:
1206 description: |-
1207 BasicAuth configuration for Alertmanager.
1208
1209
1210 Cannot be set at the same time as `bearerTokenFile`, or `authorization`.
1211 properties:
1212 password:
1213 description: |-
1214 The secret in the service monitor namespace that contains the password
1215 for authentication.
1216 properties:
1217 key:
1218 description: The key of the secret to select from. Must
1219 be a valid secret key.
1220 type: string
1221 name:
1222 default: ""
1223 description: |-
1224 Name of the referent.
1225 This field is effectively required, but due to backwards compatibility is
1226 allowed to be empty. Instances of this type with an empty value here are
1227 almost certainly wrong.
1228 TODO: Add other useful fields. apiVersion, kind, uid?
1229 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1230 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1231 type: string
1232 optional:
1233 description: Specify whether the Secret or its key
1234 must be defined
1235 type: boolean
1236 required:
1237 - key
1238 type: object
1239 x-kubernetes-map-type: atomic
1240 username:
1241 description: |-
1242 The secret in the service monitor namespace that contains the username
1243 for authentication.
1244 properties:
1245 key:
1246 description: The key of the secret to select from. Must
1247 be a valid secret key.
1248 type: string
1249 name:
1250 default: ""
1251 description: |-
1252 Name of the referent.
1253 This field is effectively required, but due to backwards compatibility is
1254 allowed to be empty. Instances of this type with an empty value here are
1255 almost certainly wrong.
1256 TODO: Add other useful fields. apiVersion, kind, uid?
1257 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1258 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1259 type: string
1260 optional:
1261 description: Specify whether the Secret or its key
1262 must be defined
1263 type: boolean
1264 required:
1265 - key
1266 type: object
1267 x-kubernetes-map-type: atomic
1268 type: object
1269 bearerTokenFile:
1270 description: |-
1271 File to read bearer token for Alertmanager.
1272
1273
1274 Cannot be set at the same time as `basicAuth`, or `authorization`.
1275
1276
1277 *Deprecated: this will be removed in a future release. Prefer using `authorization`.*
1278 type: string
1279 enableHttp2:
1280 description: Whether to enable HTTP2.
1281 type: boolean
1282 name:
1283 description: Name of the Endpoints object in the namespace.
1284 type: string
1285 namespace:
1286 description: Namespace of the Endpoints object.
1287 type: string
1288 pathPrefix:
1289 description: Prefix for the HTTP path alerts are pushed
1290 to.
1291 type: string
1292 port:
1293 anyOf:
1294 - type: integer
1295 - type: string
1296 description: Port on which the Alertmanager API is exposed.
1297 x-kubernetes-int-or-string: true
1298 scheme:
1299 description: Scheme to use when firing alerts.
1300 type: string
1301 timeout:
1302 description: Timeout is a per-target Alertmanager timeout
1303 when pushing alerts.
1304 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
1305 type: string
1306 tlsConfig:
1307 description: TLS Config to use for Alertmanager.
1308 properties:
1309 ca:
1310 description: Certificate authority used when verifying
1311 server certificates.
1312 properties:
1313 configMap:
1314 description: ConfigMap containing data to use for
1315 the targets.
1316 properties:
1317 key:
1318 description: The key to select.
1319 type: string
1320 name:
1321 default: ""
1322 description: |-
1323 Name of the referent.
1324 This field is effectively required, but due to backwards compatibility is
1325 allowed to be empty. Instances of this type with an empty value here are
1326 almost certainly wrong.
1327 TODO: Add other useful fields. apiVersion, kind, uid?
1328 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1329 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1330 type: string
1331 optional:
1332 description: Specify whether the ConfigMap or
1333 its key must be defined
1334 type: boolean
1335 required:
1336 - key
1337 type: object
1338 x-kubernetes-map-type: atomic
1339 secret:
1340 description: Secret containing data to use for the
1341 targets.
1342 properties:
1343 key:
1344 description: The key of the secret to select
1345 from. Must be a valid secret key.
1346 type: string
1347 name:
1348 default: ""
1349 description: |-
1350 Name of the referent.
1351 This field is effectively required, but due to backwards compatibility is
1352 allowed to be empty. Instances of this type with an empty value here are
1353 almost certainly wrong.
1354 TODO: Add other useful fields. apiVersion, kind, uid?
1355 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1356 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1357 type: string
1358 optional:
1359 description: Specify whether the Secret or its
1360 key must be defined
1361 type: boolean
1362 required:
1363 - key
1364 type: object
1365 x-kubernetes-map-type: atomic
1366 type: object
1367 caFile:
1368 description: Path to the CA cert in the Prometheus container
1369 to use for the targets.
1370 type: string
1371 cert:
1372 description: Client certificate to present when doing
1373 client-authentication.
1374 properties:
1375 configMap:
1376 description: ConfigMap containing data to use for
1377 the targets.
1378 properties:
1379 key:
1380 description: The key to select.
1381 type: string
1382 name:
1383 default: ""
1384 description: |-
1385 Name of the referent.
1386 This field is effectively required, but due to backwards compatibility is
1387 allowed to be empty. Instances of this type with an empty value here are
1388 almost certainly wrong.
1389 TODO: Add other useful fields. apiVersion, kind, uid?
1390 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1391 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1392 type: string
1393 optional:
1394 description: Specify whether the ConfigMap or
1395 its key must be defined
1396 type: boolean
1397 required:
1398 - key
1399 type: object
1400 x-kubernetes-map-type: atomic
1401 secret:
1402 description: Secret containing data to use for the
1403 targets.
1404 properties:
1405 key:
1406 description: The key of the secret to select
1407 from. Must be a valid secret key.
1408 type: string
1409 name:
1410 default: ""
1411 description: |-
1412 Name of the referent.
1413 This field is effectively required, but due to backwards compatibility is
1414 allowed to be empty. Instances of this type with an empty value here are
1415 almost certainly wrong.
1416 TODO: Add other useful fields. apiVersion, kind, uid?
1417 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1418 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1419 type: string
1420 optional:
1421 description: Specify whether the Secret or its
1422 key must be defined
1423 type: boolean
1424 required:
1425 - key
1426 type: object
1427 x-kubernetes-map-type: atomic
1428 type: object
1429 certFile:
1430 description: Path to the client cert file in the Prometheus
1431 container for the targets.
1432 type: string
1433 insecureSkipVerify:
1434 description: Disable target certificate validation.
1435 type: boolean
1436 keyFile:
1437 description: Path to the client key file in the Prometheus
1438 container for the targets.
1439 type: string
1440 keySecret:
1441 description: Secret containing the client key file for
1442 the targets.
1443 properties:
1444 key:
1445 description: The key of the secret to select from. Must
1446 be a valid secret key.
1447 type: string
1448 name:
1449 default: ""
1450 description: |-
1451 Name of the referent.
1452 This field is effectively required, but due to backwards compatibility is
1453 allowed to be empty. Instances of this type with an empty value here are
1454 almost certainly wrong.
1455 TODO: Add other useful fields. apiVersion, kind, uid?
1456 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1457 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1458 type: string
1459 optional:
1460 description: Specify whether the Secret or its key
1461 must be defined
1462 type: boolean
1463 required:
1464 - key
1465 type: object
1466 x-kubernetes-map-type: atomic
1467 serverName:
1468 description: Used to verify the hostname for the targets.
1469 type: string
1470 type: object
1471 required:
1472 - name
1473 - namespace
1474 - port
1475 type: object
1476 type: array
1477 required:
1478 - alertmanagers
1479 type: object
1480 allowOverlappingBlocks:
1481 description: |-
1482 AllowOverlappingBlocks enables vertical compaction and vertical query
1483 merge in Prometheus.
1484
1485
1486 *Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.*
1487 type: boolean
1488 apiserverConfig:
1489 description: |-
1490 APIServerConfig allows specifying a host and auth methods to access the
1491 Kuberntees API server.
1492 If null, Prometheus is assumed to run inside of the cluster: it will
1493 discover the API servers automatically and use the Pod's CA certificate
1494 and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
1495 properties:
1496 authorization:
1497 description: |-
1498 Authorization section for the API server.
1499
1500
1501 Cannot be set at the same time as `basicAuth`, `bearerToken`, or
1502 `bearerTokenFile`.
1503 properties:
1504 credentials:
1505 description: Selects a key of a Secret in the namespace that
1506 contains the credentials for authentication.
1507 properties:
1508 key:
1509 description: The key of the secret to select from. Must
1510 be a valid secret key.
1511 type: string
1512 name:
1513 default: ""
1514 description: |-
1515 Name of the referent.
1516 This field is effectively required, but due to backwards compatibility is
1517 allowed to be empty. Instances of this type with an empty value here are
1518 almost certainly wrong.
1519 TODO: Add other useful fields. apiVersion, kind, uid?
1520 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1521 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1522 type: string
1523 optional:
1524 description: Specify whether the Secret or its key must
1525 be defined
1526 type: boolean
1527 required:
1528 - key
1529 type: object
1530 x-kubernetes-map-type: atomic
1531 credentialsFile:
1532 description: File to read a secret from, mutually exclusive
1533 with `credentials`.
1534 type: string
1535 type:
1536 description: |-
1537 Defines the authentication type. The value is case-insensitive.
1538
1539
1540 "Basic" is not a supported value.
1541
1542
1543 Default: "Bearer"
1544 type: string
1545 type: object
1546 basicAuth:
1547 description: |-
1548 BasicAuth configuration for the API server.
1549
1550
1551 Cannot be set at the same time as `authorization`, `bearerToken`, or
1552 `bearerTokenFile`.
1553 properties:
1554 password:
1555 description: |-
1556 The secret in the service monitor namespace that contains the password
1557 for authentication.
1558 properties:
1559 key:
1560 description: The key of the secret to select from. Must
1561 be a valid secret key.
1562 type: string
1563 name:
1564 default: ""
1565 description: |-
1566 Name of the referent.
1567 This field is effectively required, but due to backwards compatibility is
1568 allowed to be empty. Instances of this type with an empty value here are
1569 almost certainly wrong.
1570 TODO: Add other useful fields. apiVersion, kind, uid?
1571 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1572 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1573 type: string
1574 optional:
1575 description: Specify whether the Secret or its key must
1576 be defined
1577 type: boolean
1578 required:
1579 - key
1580 type: object
1581 x-kubernetes-map-type: atomic
1582 username:
1583 description: |-
1584 The secret in the service monitor namespace that contains the username
1585 for authentication.
1586 properties:
1587 key:
1588 description: The key of the secret to select from. Must
1589 be a valid secret key.
1590 type: string
1591 name:
1592 default: ""
1593 description: |-
1594 Name of the referent.
1595 This field is effectively required, but due to backwards compatibility is
1596 allowed to be empty. Instances of this type with an empty value here are
1597 almost certainly wrong.
1598 TODO: Add other useful fields. apiVersion, kind, uid?
1599 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1600 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1601 type: string
1602 optional:
1603 description: Specify whether the Secret or its key must
1604 be defined
1605 type: boolean
1606 required:
1607 - key
1608 type: object
1609 x-kubernetes-map-type: atomic
1610 type: object
1611 bearerToken:
1612 description: |-
1613 *Warning: this field shouldn't be used because the token value appears
1614 in clear-text. Prefer using `authorization`.*
1615
1616
1617 *Deprecated: this will be removed in a future release.*
1618 type: string
1619 bearerTokenFile:
1620 description: |-
1621 File to read bearer token for accessing apiserver.
1622
1623
1624 Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.
1625
1626
1627 *Deprecated: this will be removed in a future release. Prefer using `authorization`.*
1628 type: string
1629 host:
1630 description: |-
1631 Kubernetes API address consisting of a hostname or IP address followed
1632 by an optional port number.
1633 type: string
1634 tlsConfig:
1635 description: TLS Config to use for the API server.
1636 properties:
1637 ca:
1638 description: Certificate authority used when verifying server
1639 certificates.
1640 properties:
1641 configMap:
1642 description: ConfigMap containing data to use for the
1643 targets.
1644 properties:
1645 key:
1646 description: The key to select.
1647 type: string
1648 name:
1649 default: ""
1650 description: |-
1651 Name of the referent.
1652 This field is effectively required, but due to backwards compatibility is
1653 allowed to be empty. Instances of this type with an empty value here are
1654 almost certainly wrong.
1655 TODO: Add other useful fields. apiVersion, kind, uid?
1656 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1657 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1658 type: string
1659 optional:
1660 description: Specify whether the ConfigMap or its
1661 key must be defined
1662 type: boolean
1663 required:
1664 - key
1665 type: object
1666 x-kubernetes-map-type: atomic
1667 secret:
1668 description: Secret containing data to use for the targets.
1669 properties:
1670 key:
1671 description: The key of the secret to select from. Must
1672 be a valid secret key.
1673 type: string
1674 name:
1675 default: ""
1676 description: |-
1677 Name of the referent.
1678 This field is effectively required, but due to backwards compatibility is
1679 allowed to be empty. Instances of this type with an empty value here are
1680 almost certainly wrong.
1681 TODO: Add other useful fields. apiVersion, kind, uid?
1682 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1683 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1684 type: string
1685 optional:
1686 description: Specify whether the Secret or its key
1687 must be defined
1688 type: boolean
1689 required:
1690 - key
1691 type: object
1692 x-kubernetes-map-type: atomic
1693 type: object
1694 caFile:
1695 description: Path to the CA cert in the Prometheus container
1696 to use for the targets.
1697 type: string
1698 cert:
1699 description: Client certificate to present when doing client-authentication.
1700 properties:
1701 configMap:
1702 description: ConfigMap containing data to use for the
1703 targets.
1704 properties:
1705 key:
1706 description: The key to select.
1707 type: string
1708 name:
1709 default: ""
1710 description: |-
1711 Name of the referent.
1712 This field is effectively required, but due to backwards compatibility is
1713 allowed to be empty. Instances of this type with an empty value here are
1714 almost certainly wrong.
1715 TODO: Add other useful fields. apiVersion, kind, uid?
1716 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1717 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1718 type: string
1719 optional:
1720 description: Specify whether the ConfigMap or its
1721 key must be defined
1722 type: boolean
1723 required:
1724 - key
1725 type: object
1726 x-kubernetes-map-type: atomic
1727 secret:
1728 description: Secret containing data to use for the targets.
1729 properties:
1730 key:
1731 description: The key of the secret to select from. Must
1732 be a valid secret key.
1733 type: string
1734 name:
1735 default: ""
1736 description: |-
1737 Name of the referent.
1738 This field is effectively required, but due to backwards compatibility is
1739 allowed to be empty. Instances of this type with an empty value here are
1740 almost certainly wrong.
1741 TODO: Add other useful fields. apiVersion, kind, uid?
1742 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1743 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1744 type: string
1745 optional:
1746 description: Specify whether the Secret or its key
1747 must be defined
1748 type: boolean
1749 required:
1750 - key
1751 type: object
1752 x-kubernetes-map-type: atomic
1753 type: object
1754 certFile:
1755 description: Path to the client cert file in the Prometheus
1756 container for the targets.
1757 type: string
1758 insecureSkipVerify:
1759 description: Disable target certificate validation.
1760 type: boolean
1761 keyFile:
1762 description: Path to the client key file in the Prometheus
1763 container for the targets.
1764 type: string
1765 keySecret:
1766 description: Secret containing the client key file for the
1767 targets.
1768 properties:
1769 key:
1770 description: The key of the secret to select from. Must
1771 be a valid secret key.
1772 type: string
1773 name:
1774 default: ""
1775 description: |-
1776 Name of the referent.
1777 This field is effectively required, but due to backwards compatibility is
1778 allowed to be empty. Instances of this type with an empty value here are
1779 almost certainly wrong.
1780 TODO: Add other useful fields. apiVersion, kind, uid?
1781 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1782 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1783 type: string
1784 optional:
1785 description: Specify whether the Secret or its key must
1786 be defined
1787 type: boolean
1788 required:
1789 - key
1790 type: object
1791 x-kubernetes-map-type: atomic
1792 serverName:
1793 description: Used to verify the hostname for the targets.
1794 type: string
1795 type: object
1796 required:
1797 - host
1798 type: object
1799 arbitraryFSAccessThroughSMs:
1800 description: |-
1801 When true, ServiceMonitor, PodMonitor and Probe object are forbidden to
1802 reference arbitrary files on the file system of the 'prometheus'
1803 container.
1804 When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value
1805 (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a
1806 malicious target can get access to the Prometheus service account's
1807 token in the Prometheus' scrape request. Setting
1808 `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack.
1809 Users should instead provide the credentials using the
1810 `spec.bearerTokenSecret` field.
1811 properties:
1812 deny:
1813 type: boolean
1814 type: object
1815 baseImage:
1816 description: '*Deprecated: use ''spec.image'' instead.*'
1817 type: string
1818 bodySizeLimit:
1819 description: |-
1820 BodySizeLimit defines per-scrape on response body size.
1821 Only valid in Prometheus versions 2.45.0 and newer.
1822 pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$
1823 type: string
1824 configMaps:
1825 description: |-
1826 ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus
1827 object, which shall be mounted into the Prometheus Pods.
1828 Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-<configmap-name>`.
1829 The ConfigMaps are mounted into /etc/prometheus/configmaps/<configmap-name> in the 'prometheus' container.
1830 items:
1831 type: string
1832 type: array
1833 containers:
1834 description: |-
1835 Containers allows injecting additional containers or modifying operator
1836 generated containers. This can be used to allow adding an authentication
1837 proxy to the Pods or to change the behavior of an operator generated
1838 container. Containers described here modify an operator generated
1839 container if they share the same name and modifications are done via a
1840 strategic merge patch.
1841
1842
1843 The names of containers managed by the operator are:
1844 * `prometheus`
1845 * `config-reloader`
1846 * `thanos-sidecar`
1847
1848
1849 Overriding containers is entirely outside the scope of what the
1850 maintainers will support and by doing so, you accept that this behaviour
1851 may break at any time without notice.
1852 items:
1853 description: A single application container that you want to run
1854 within a pod.
1855 properties:
1856 args:
1857 description: |-
1858 Arguments to the entrypoint.
1859 The container image's CMD is used if this is not provided.
1860 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
1861 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
1862 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
1863 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
1864 of whether the variable exists or not. Cannot be updated.
1865 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
1866 items:
1867 type: string
1868 type: array
1869 x-kubernetes-list-type: atomic
1870 command:
1871 description: |-
1872 Entrypoint array. Not executed within a shell.
1873 The container image's ENTRYPOINT is used if this is not provided.
1874 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
1875 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
1876 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
1877 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
1878 of whether the variable exists or not. Cannot be updated.
1879 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
1880 items:
1881 type: string
1882 type: array
1883 x-kubernetes-list-type: atomic
1884 env:
1885 description: |-
1886 List of environment variables to set in the container.
1887 Cannot be updated.
1888 items:
1889 description: EnvVar represents an environment variable present
1890 in a Container.
1891 properties:
1892 name:
1893 description: Name of the environment variable. Must be
1894 a C_IDENTIFIER.
1895 type: string
1896 value:
1897 description: |-
1898 Variable references $(VAR_NAME) are expanded
1899 using the previously defined environment variables in the container and
1900 any service environment variables. If a variable cannot be resolved,
1901 the reference in the input string will be unchanged. Double $$ are reduced
1902 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
1903 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
1904 Escaped references will never be expanded, regardless of whether the variable
1905 exists or not.
1906 Defaults to "".
1907 type: string
1908 valueFrom:
1909 description: Source for the environment variable's value.
1910 Cannot be used if value is not empty.
1911 properties:
1912 configMapKeyRef:
1913 description: Selects a key of a ConfigMap.
1914 properties:
1915 key:
1916 description: The key to select.
1917 type: string
1918 name:
1919 default: ""
1920 description: |-
1921 Name of the referent.
1922 This field is effectively required, but due to backwards compatibility is
1923 allowed to be empty. Instances of this type with an empty value here are
1924 almost certainly wrong.
1925 TODO: Add other useful fields. apiVersion, kind, uid?
1926 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1927 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1928 type: string
1929 optional:
1930 description: Specify whether the ConfigMap or
1931 its key must be defined
1932 type: boolean
1933 required:
1934 - key
1935 type: object
1936 x-kubernetes-map-type: atomic
1937 fieldRef:
1938 description: |-
1939 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
1940 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
1941 properties:
1942 apiVersion:
1943 description: Version of the schema the FieldPath
1944 is written in terms of, defaults to "v1".
1945 type: string
1946 fieldPath:
1947 description: Path of the field to select in the
1948 specified API version.
1949 type: string
1950 required:
1951 - fieldPath
1952 type: object
1953 x-kubernetes-map-type: atomic
1954 resourceFieldRef:
1955 description: |-
1956 Selects a resource of the container: only resources limits and requests
1957 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
1958 properties:
1959 containerName:
1960 description: 'Container name: required for volumes,
1961 optional for env vars'
1962 type: string
1963 divisor:
1964 anyOf:
1965 - type: integer
1966 - type: string
1967 description: Specifies the output format of the
1968 exposed resources, defaults to "1"
1969 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
1970 x-kubernetes-int-or-string: true
1971 resource:
1972 description: 'Required: resource to select'
1973 type: string
1974 required:
1975 - resource
1976 type: object
1977 x-kubernetes-map-type: atomic
1978 secretKeyRef:
1979 description: Selects a key of a secret in the pod's
1980 namespace
1981 properties:
1982 key:
1983 description: The key of the secret to select from. Must
1984 be a valid secret key.
1985 type: string
1986 name:
1987 default: ""
1988 description: |-
1989 Name of the referent.
1990 This field is effectively required, but due to backwards compatibility is
1991 allowed to be empty. Instances of this type with an empty value here are
1992 almost certainly wrong.
1993 TODO: Add other useful fields. apiVersion, kind, uid?
1994 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1995 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1996 type: string
1997 optional:
1998 description: Specify whether the Secret or its
1999 key must be defined
2000 type: boolean
2001 required:
2002 - key
2003 type: object
2004 x-kubernetes-map-type: atomic
2005 type: object
2006 required:
2007 - name
2008 type: object
2009 type: array
2010 x-kubernetes-list-map-keys:
2011 - name
2012 x-kubernetes-list-type: map
2013 envFrom:
2014 description: |-
2015 List of sources to populate environment variables in the container.
2016 The keys defined within a source must be a C_IDENTIFIER. All invalid keys
2017 will be reported as an event when the container is starting. When a key exists in multiple
2018 sources, the value associated with the last source will take precedence.
2019 Values defined by an Env with a duplicate key will take precedence.
2020 Cannot be updated.
2021 items:
2022 description: EnvFromSource represents the source of a set
2023 of ConfigMaps
2024 properties:
2025 configMapRef:
2026 description: The ConfigMap to select from
2027 properties:
2028 name:
2029 default: ""
2030 description: |-
2031 Name of the referent.
2032 This field is effectively required, but due to backwards compatibility is
2033 allowed to be empty. Instances of this type with an empty value here are
2034 almost certainly wrong.
2035 TODO: Add other useful fields. apiVersion, kind, uid?
2036 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2037 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
2038 type: string
2039 optional:
2040 description: Specify whether the ConfigMap must be
2041 defined
2042 type: boolean
2043 type: object
2044 x-kubernetes-map-type: atomic
2045 prefix:
2046 description: An optional identifier to prepend to each
2047 key in the ConfigMap. Must be a C_IDENTIFIER.
2048 type: string
2049 secretRef:
2050 description: The Secret to select from
2051 properties:
2052 name:
2053 default: ""
2054 description: |-
2055 Name of the referent.
2056 This field is effectively required, but due to backwards compatibility is
2057 allowed to be empty. Instances of this type with an empty value here are
2058 almost certainly wrong.
2059 TODO: Add other useful fields. apiVersion, kind, uid?
2060 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2061 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
2062 type: string
2063 optional:
2064 description: Specify whether the Secret must be defined
2065 type: boolean
2066 type: object
2067 x-kubernetes-map-type: atomic
2068 type: object
2069 type: array
2070 x-kubernetes-list-type: atomic
2071 image:
2072 description: |-
2073 Container image name.
2074 More info: https://kubernetes.io/docs/concepts/containers/images
2075 This field is optional to allow higher level config management to default or override
2076 container images in workload controllers like Deployments and StatefulSets.
2077 type: string
2078 imagePullPolicy:
2079 description: |-
2080 Image pull policy.
2081 One of Always, Never, IfNotPresent.
2082 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
2083 Cannot be updated.
2084 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
2085 type: string
2086 lifecycle:
2087 description: |-
2088 Actions that the management system should take in response to container lifecycle events.
2089 Cannot be updated.
2090 properties:
2091 postStart:
2092 description: |-
2093 PostStart is called immediately after a container is created. If the handler fails,
2094 the container is terminated and restarted according to its restart policy.
2095 Other management of the container blocks until the hook completes.
2096 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
2097 properties:
2098 exec:
2099 description: Exec specifies the action to take.
2100 properties:
2101 command:
2102 description: |-
2103 Command is the command line to execute inside the container, the working directory for the
2104 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
2105 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
2106 a shell, you need to explicitly call out to that shell.
2107 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
2108 items:
2109 type: string
2110 type: array
2111 x-kubernetes-list-type: atomic
2112 type: object
2113 httpGet:
2114 description: HTTPGet specifies the http request to perform.
2115 properties:
2116 host:
2117 description: |-
2118 Host name to connect to, defaults to the pod IP. You probably want to set
2119 "Host" in httpHeaders instead.
2120 type: string
2121 httpHeaders:
2122 description: Custom headers to set in the request.
2123 HTTP allows repeated headers.
2124 items:
2125 description: HTTPHeader describes a custom header
2126 to be used in HTTP probes
2127 properties:
2128 name:
2129 description: |-
2130 The header field name.
2131 This will be canonicalized upon output, so case-variant names will be understood as the same header.
2132 type: string
2133 value:
2134 description: The header field value
2135 type: string
2136 required:
2137 - name
2138 - value
2139 type: object
2140 type: array
2141 x-kubernetes-list-type: atomic
2142 path:
2143 description: Path to access on the HTTP server.
2144 type: string
2145 port:
2146 anyOf:
2147 - type: integer
2148 - type: string
2149 description: |-
2150 Name or number of the port to access on the container.
2151 Number must be in the range 1 to 65535.
2152 Name must be an IANA_SVC_NAME.
2153 x-kubernetes-int-or-string: true
2154 scheme:
2155 description: |-
2156 Scheme to use for connecting to the host.
2157 Defaults to HTTP.
2158 type: string
2159 required:
2160 - port
2161 type: object
2162 sleep:
2163 description: Sleep represents the duration that the
2164 container should sleep before being terminated.
2165 properties:
2166 seconds:
2167 description: Seconds is the number of seconds to
2168 sleep.
2169 format: int64
2170 type: integer
2171 required:
2172 - seconds
2173 type: object
2174 tcpSocket:
2175 description: |-
2176 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
2177 for the backward compatibility. There are no validation of this field and
2178 lifecycle hooks will fail in runtime when tcp handler is specified.
2179 properties:
2180 host:
2181 description: 'Optional: Host name to connect to,
2182 defaults to the pod IP.'
2183 type: string
2184 port:
2185 anyOf:
2186 - type: integer
2187 - type: string
2188 description: |-
2189 Number or name of the port to access on the container.
2190 Number must be in the range 1 to 65535.
2191 Name must be an IANA_SVC_NAME.
2192 x-kubernetes-int-or-string: true
2193 required:
2194 - port
2195 type: object
2196 type: object
2197 preStop:
2198 description: |-
2199 PreStop is called immediately before a container is terminated due to an
2200 API request or management event such as liveness/startup probe failure,
2201 preemption, resource contention, etc. The handler is not called if the
2202 container crashes or exits. The Pod's termination grace period countdown begins before the
2203 PreStop hook is executed. Regardless of the outcome of the handler, the
2204 container will eventually terminate within the Pod's termination grace
2205 period (unless delayed by finalizers). Other management of the container blocks until the hook completes
2206 or until the termination grace period is reached.
2207 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
2208 properties:
2209 exec:
2210 description: Exec specifies the action to take.
2211 properties:
2212 command:
2213 description: |-
2214 Command is the command line to execute inside the container, the working directory for the
2215 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
2216 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
2217 a shell, you need to explicitly call out to that shell.
2218 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
2219 items:
2220 type: string
2221 type: array
2222 x-kubernetes-list-type: atomic
2223 type: object
2224 httpGet:
2225 description: HTTPGet specifies the http request to perform.
2226 properties:
2227 host:
2228 description: |-
2229 Host name to connect to, defaults to the pod IP. You probably want to set
2230 "Host" in httpHeaders instead.
2231 type: string
2232 httpHeaders:
2233 description: Custom headers to set in the request.
2234 HTTP allows repeated headers.
2235 items:
2236 description: HTTPHeader describes a custom header
2237 to be used in HTTP probes
2238 properties:
2239 name:
2240 description: |-
2241 The header field name.
2242 This will be canonicalized upon output, so case-variant names will be understood as the same header.
2243 type: string
2244 value:
2245 description: The header field value
2246 type: string
2247 required:
2248 - name
2249 - value
2250 type: object
2251 type: array
2252 x-kubernetes-list-type: atomic
2253 path:
2254 description: Path to access on the HTTP server.
2255 type: string
2256 port:
2257 anyOf:
2258 - type: integer
2259 - type: string
2260 description: |-
2261 Name or number of the port to access on the container.
2262 Number must be in the range 1 to 65535.
2263 Name must be an IANA_SVC_NAME.
2264 x-kubernetes-int-or-string: true
2265 scheme:
2266 description: |-
2267 Scheme to use for connecting to the host.
2268 Defaults to HTTP.
2269 type: string
2270 required:
2271 - port
2272 type: object
2273 sleep:
2274 description: Sleep represents the duration that the
2275 container should sleep before being terminated.
2276 properties:
2277 seconds:
2278 description: Seconds is the number of seconds to
2279 sleep.
2280 format: int64
2281 type: integer
2282 required:
2283 - seconds
2284 type: object
2285 tcpSocket:
2286 description: |-
2287 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
2288 for the backward compatibility. There are no validation of this field and
2289 lifecycle hooks will fail in runtime when tcp handler is specified.
2290 properties:
2291 host:
2292 description: 'Optional: Host name to connect to,
2293 defaults to the pod IP.'
2294 type: string
2295 port:
2296 anyOf:
2297 - type: integer
2298 - type: string
2299 description: |-
2300 Number or name of the port to access on the container.
2301 Number must be in the range 1 to 65535.
2302 Name must be an IANA_SVC_NAME.
2303 x-kubernetes-int-or-string: true
2304 required:
2305 - port
2306 type: object
2307 type: object
2308 type: object
2309 livenessProbe:
2310 description: |-
2311 Periodic probe of container liveness.
2312 Container will be restarted if the probe fails.
2313 Cannot be updated.
2314 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2315 properties:
2316 exec:
2317 description: Exec specifies the action to take.
2318 properties:
2319 command:
2320 description: |-
2321 Command is the command line to execute inside the container, the working directory for the
2322 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
2323 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
2324 a shell, you need to explicitly call out to that shell.
2325 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
2326 items:
2327 type: string
2328 type: array
2329 x-kubernetes-list-type: atomic
2330 type: object
2331 failureThreshold:
2332 description: |-
2333 Minimum consecutive failures for the probe to be considered failed after having succeeded.
2334 Defaults to 3. Minimum value is 1.
2335 format: int32
2336 type: integer
2337 grpc:
2338 description: GRPC specifies an action involving a GRPC port.
2339 properties:
2340 port:
2341 description: Port number of the gRPC service. Number
2342 must be in the range 1 to 65535.
2343 format: int32
2344 type: integer
2345 service:
2346 description: |-
2347 Service is the name of the service to place in the gRPC HealthCheckRequest
2348 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
2349
2350
2351 If this is not specified, the default behavior is defined by gRPC.
2352 type: string
2353 required:
2354 - port
2355 type: object
2356 httpGet:
2357 description: HTTPGet specifies the http request to perform.
2358 properties:
2359 host:
2360 description: |-
2361 Host name to connect to, defaults to the pod IP. You probably want to set
2362 "Host" in httpHeaders instead.
2363 type: string
2364 httpHeaders:
2365 description: Custom headers to set in the request. HTTP
2366 allows repeated headers.
2367 items:
2368 description: HTTPHeader describes a custom header
2369 to be used in HTTP probes
2370 properties:
2371 name:
2372 description: |-
2373 The header field name.
2374 This will be canonicalized upon output, so case-variant names will be understood as the same header.
2375 type: string
2376 value:
2377 description: The header field value
2378 type: string
2379 required:
2380 - name
2381 - value
2382 type: object
2383 type: array
2384 x-kubernetes-list-type: atomic
2385 path:
2386 description: Path to access on the HTTP server.
2387 type: string
2388 port:
2389 anyOf:
2390 - type: integer
2391 - type: string
2392 description: |-
2393 Name or number of the port to access on the container.
2394 Number must be in the range 1 to 65535.
2395 Name must be an IANA_SVC_NAME.
2396 x-kubernetes-int-or-string: true
2397 scheme:
2398 description: |-
2399 Scheme to use for connecting to the host.
2400 Defaults to HTTP.
2401 type: string
2402 required:
2403 - port
2404 type: object
2405 initialDelaySeconds:
2406 description: |-
2407 Number of seconds after the container has started before liveness probes are initiated.
2408 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2409 format: int32
2410 type: integer
2411 periodSeconds:
2412 description: |-
2413 How often (in seconds) to perform the probe.
2414 Default to 10 seconds. Minimum value is 1.
2415 format: int32
2416 type: integer
2417 successThreshold:
2418 description: |-
2419 Minimum consecutive successes for the probe to be considered successful after having failed.
2420 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
2421 format: int32
2422 type: integer
2423 tcpSocket:
2424 description: TCPSocket specifies an action involving a TCP
2425 port.
2426 properties:
2427 host:
2428 description: 'Optional: Host name to connect to, defaults
2429 to the pod IP.'
2430 type: string
2431 port:
2432 anyOf:
2433 - type: integer
2434 - type: string
2435 description: |-
2436 Number or name of the port to access on the container.
2437 Number must be in the range 1 to 65535.
2438 Name must be an IANA_SVC_NAME.
2439 x-kubernetes-int-or-string: true
2440 required:
2441 - port
2442 type: object
2443 terminationGracePeriodSeconds:
2444 description: |-
2445 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
2446 The grace period is the duration in seconds after the processes running in the pod are sent
2447 a termination signal and the time when the processes are forcibly halted with a kill signal.
2448 Set this value longer than the expected cleanup time for your process.
2449 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
2450 value overrides the value provided by the pod spec.
2451 Value must be non-negative integer. The value zero indicates stop immediately via
2452 the kill signal (no opportunity to shut down).
2453 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
2454 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
2455 format: int64
2456 type: integer
2457 timeoutSeconds:
2458 description: |-
2459 Number of seconds after which the probe times out.
2460 Defaults to 1 second. Minimum value is 1.
2461 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2462 format: int32
2463 type: integer
2464 type: object
2465 name:
2466 description: |-
2467 Name of the container specified as a DNS_LABEL.
2468 Each container in a pod must have a unique name (DNS_LABEL).
2469 Cannot be updated.
2470 type: string
2471 ports:
2472 description: |-
2473 List of ports to expose from the container. Not specifying a port here
2474 DOES NOT prevent that port from being exposed. Any port which is
2475 listening on the default "0.0.0.0" address inside a container will be
2476 accessible from the network.
2477 Modifying this array with strategic merge patch may corrupt the data.
2478 For more information See https://github.com/kubernetes/kubernetes/issues/108255.
2479 Cannot be updated.
2480 items:
2481 description: ContainerPort represents a network port in a
2482 single container.
2483 properties:
2484 containerPort:
2485 description: |-
2486 Number of port to expose on the pod's IP address.
2487 This must be a valid port number, 0 < x < 65536.
2488 format: int32
2489 type: integer
2490 hostIP:
2491 description: What host IP to bind the external port to.
2492 type: string
2493 hostPort:
2494 description: |-
2495 Number of port to expose on the host.
2496 If specified, this must be a valid port number, 0 < x < 65536.
2497 If HostNetwork is specified, this must match ContainerPort.
2498 Most containers do not need this.
2499 format: int32
2500 type: integer
2501 name:
2502 description: |-
2503 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
2504 named port in a pod must have a unique name. Name for the port that can be
2505 referred to by services.
2506 type: string
2507 protocol:
2508 default: TCP
2509 description: |-
2510 Protocol for port. Must be UDP, TCP, or SCTP.
2511 Defaults to "TCP".
2512 type: string
2513 required:
2514 - containerPort
2515 type: object
2516 type: array
2517 x-kubernetes-list-map-keys:
2518 - containerPort
2519 - protocol
2520 x-kubernetes-list-type: map
2521 readinessProbe:
2522 description: |-
2523 Periodic probe of container service readiness.
2524 Container will be removed from service endpoints if the probe fails.
2525 Cannot be updated.
2526 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2527 properties:
2528 exec:
2529 description: Exec specifies the action to take.
2530 properties:
2531 command:
2532 description: |-
2533 Command is the command line to execute inside the container, the working directory for the
2534 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
2535 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
2536 a shell, you need to explicitly call out to that shell.
2537 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
2538 items:
2539 type: string
2540 type: array
2541 x-kubernetes-list-type: atomic
2542 type: object
2543 failureThreshold:
2544 description: |-
2545 Minimum consecutive failures for the probe to be considered failed after having succeeded.
2546 Defaults to 3. Minimum value is 1.
2547 format: int32
2548 type: integer
2549 grpc:
2550 description: GRPC specifies an action involving a GRPC port.
2551 properties:
2552 port:
2553 description: Port number of the gRPC service. Number
2554 must be in the range 1 to 65535.
2555 format: int32
2556 type: integer
2557 service:
2558 description: |-
2559 Service is the name of the service to place in the gRPC HealthCheckRequest
2560 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
2561
2562
2563 If this is not specified, the default behavior is defined by gRPC.
2564 type: string
2565 required:
2566 - port
2567 type: object
2568 httpGet:
2569 description: HTTPGet specifies the http request to perform.
2570 properties:
2571 host:
2572 description: |-
2573 Host name to connect to, defaults to the pod IP. You probably want to set
2574 "Host" in httpHeaders instead.
2575 type: string
2576 httpHeaders:
2577 description: Custom headers to set in the request. HTTP
2578 allows repeated headers.
2579 items:
2580 description: HTTPHeader describes a custom header
2581 to be used in HTTP probes
2582 properties:
2583 name:
2584 description: |-
2585 The header field name.
2586 This will be canonicalized upon output, so case-variant names will be understood as the same header.
2587 type: string
2588 value:
2589 description: The header field value
2590 type: string
2591 required:
2592 - name
2593 - value
2594 type: object
2595 type: array
2596 x-kubernetes-list-type: atomic
2597 path:
2598 description: Path to access on the HTTP server.
2599 type: string
2600 port:
2601 anyOf:
2602 - type: integer
2603 - type: string
2604 description: |-
2605 Name or number of the port to access on the container.
2606 Number must be in the range 1 to 65535.
2607 Name must be an IANA_SVC_NAME.
2608 x-kubernetes-int-or-string: true
2609 scheme:
2610 description: |-
2611 Scheme to use for connecting to the host.
2612 Defaults to HTTP.
2613 type: string
2614 required:
2615 - port
2616 type: object
2617 initialDelaySeconds:
2618 description: |-
2619 Number of seconds after the container has started before liveness probes are initiated.
2620 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2621 format: int32
2622 type: integer
2623 periodSeconds:
2624 description: |-
2625 How often (in seconds) to perform the probe.
2626 Default to 10 seconds. Minimum value is 1.
2627 format: int32
2628 type: integer
2629 successThreshold:
2630 description: |-
2631 Minimum consecutive successes for the probe to be considered successful after having failed.
2632 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
2633 format: int32
2634 type: integer
2635 tcpSocket:
2636 description: TCPSocket specifies an action involving a TCP
2637 port.
2638 properties:
2639 host:
2640 description: 'Optional: Host name to connect to, defaults
2641 to the pod IP.'
2642 type: string
2643 port:
2644 anyOf:
2645 - type: integer
2646 - type: string
2647 description: |-
2648 Number or name of the port to access on the container.
2649 Number must be in the range 1 to 65535.
2650 Name must be an IANA_SVC_NAME.
2651 x-kubernetes-int-or-string: true
2652 required:
2653 - port
2654 type: object
2655 terminationGracePeriodSeconds:
2656 description: |-
2657 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
2658 The grace period is the duration in seconds after the processes running in the pod are sent
2659 a termination signal and the time when the processes are forcibly halted with a kill signal.
2660 Set this value longer than the expected cleanup time for your process.
2661 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
2662 value overrides the value provided by the pod spec.
2663 Value must be non-negative integer. The value zero indicates stop immediately via
2664 the kill signal (no opportunity to shut down).
2665 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
2666 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
2667 format: int64
2668 type: integer
2669 timeoutSeconds:
2670 description: |-
2671 Number of seconds after which the probe times out.
2672 Defaults to 1 second. Minimum value is 1.
2673 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2674 format: int32
2675 type: integer
2676 type: object
2677 resizePolicy:
2678 description: Resources resize policy for the container.
2679 items:
2680 description: ContainerResizePolicy represents resource resize
2681 policy for the container.
2682 properties:
2683 resourceName:
2684 description: |-
2685 Name of the resource to which this resource resize policy applies.
2686 Supported values: cpu, memory.
2687 type: string
2688 restartPolicy:
2689 description: |-
2690 Restart policy to apply when specified resource is resized.
2691 If not specified, it defaults to NotRequired.
2692 type: string
2693 required:
2694 - resourceName
2695 - restartPolicy
2696 type: object
2697 type: array
2698 x-kubernetes-list-type: atomic
2699 resources:
2700 description: |-
2701 Compute Resources required by this container.
2702 Cannot be updated.
2703 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
2704 properties:
2705 claims:
2706 description: |-
2707 Claims lists the names of resources, defined in spec.resourceClaims,
2708 that are used by this container.
2709
2710
2711 This is an alpha field and requires enabling the
2712 DynamicResourceAllocation feature gate.
2713
2714
2715 This field is immutable. It can only be set for containers.
2716 items:
2717 description: ResourceClaim references one entry in PodSpec.ResourceClaims.
2718 properties:
2719 name:
2720 description: |-
2721 Name must match the name of one entry in pod.spec.resourceClaims of
2722 the Pod where this field is used. It makes that resource available
2723 inside a container.
2724 type: string
2725 required:
2726 - name
2727 type: object
2728 type: array
2729 x-kubernetes-list-map-keys:
2730 - name
2731 x-kubernetes-list-type: map
2732 limits:
2733 additionalProperties:
2734 anyOf:
2735 - type: integer
2736 - type: string
2737 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2738 x-kubernetes-int-or-string: true
2739 description: |-
2740 Limits describes the maximum amount of compute resources allowed.
2741 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
2742 type: object
2743 requests:
2744 additionalProperties:
2745 anyOf:
2746 - type: integer
2747 - type: string
2748 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2749 x-kubernetes-int-or-string: true
2750 description: |-
2751 Requests describes the minimum amount of compute resources required.
2752 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
2753 otherwise to an implementation-defined value. Requests cannot exceed Limits.
2754 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
2755 type: object
2756 type: object
2757 restartPolicy:
2758 description: |-
2759 RestartPolicy defines the restart behavior of individual containers in a pod.
2760 This field may only be set for init containers, and the only allowed value is "Always".
2761 For non-init containers or when this field is not specified,
2762 the restart behavior is defined by the Pod's restart policy and the container type.
2763 Setting the RestartPolicy as "Always" for the init container will have the following effect:
2764 this init container will be continually restarted on
2765 exit until all regular containers have terminated. Once all regular
2766 containers have completed, all init containers with restartPolicy "Always"
2767 will be shut down. This lifecycle differs from normal init containers and
2768 is often referred to as a "sidecar" container. Although this init
2769 container still starts in the init container sequence, it does not wait
2770 for the container to complete before proceeding to the next init
2771 container. Instead, the next init container starts immediately after this
2772 init container is started, or after any startupProbe has successfully
2773 completed.
2774 type: string
2775 securityContext:
2776 description: |-
2777 SecurityContext defines the security options the container should be run with.
2778 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
2779 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
2780 properties:
2781 allowPrivilegeEscalation:
2782 description: |-
2783 AllowPrivilegeEscalation controls whether a process can gain more
2784 privileges than its parent process. This bool directly controls if
2785 the no_new_privs flag will be set on the container process.
2786 AllowPrivilegeEscalation is true always when the container is:
2787 1) run as Privileged
2788 2) has CAP_SYS_ADMIN
2789 Note that this field cannot be set when spec.os.name is windows.
2790 type: boolean
2791 appArmorProfile:
2792 description: |-
2793 appArmorProfile is the AppArmor options to use by this container. If set, this profile
2794 overrides the pod's appArmorProfile.
2795 Note that this field cannot be set when spec.os.name is windows.
2796 properties:
2797 localhostProfile:
2798 description: |-
2799 localhostProfile indicates a profile loaded on the node that should be used.
2800 The profile must be preconfigured on the node to work.
2801 Must match the loaded name of the profile.
2802 Must be set if and only if type is "Localhost".
2803 type: string
2804 type:
2805 description: |-
2806 type indicates which kind of AppArmor profile will be applied.
2807 Valid options are:
2808 Localhost - a profile pre-loaded on the node.
2809 RuntimeDefault - the container runtime's default profile.
2810 Unconfined - no AppArmor enforcement.
2811 type: string
2812 required:
2813 - type
2814 type: object
2815 capabilities:
2816 description: |-
2817 The capabilities to add/drop when running containers.
2818 Defaults to the default set of capabilities granted by the container runtime.
2819 Note that this field cannot be set when spec.os.name is windows.
2820 properties:
2821 add:
2822 description: Added capabilities
2823 items:
2824 description: Capability represent POSIX capabilities
2825 type
2826 type: string
2827 type: array
2828 x-kubernetes-list-type: atomic
2829 drop:
2830 description: Removed capabilities
2831 items:
2832 description: Capability represent POSIX capabilities
2833 type
2834 type: string
2835 type: array
2836 x-kubernetes-list-type: atomic
2837 type: object
2838 privileged:
2839 description: |-
2840 Run container in privileged mode.
2841 Processes in privileged containers are essentially equivalent to root on the host.
2842 Defaults to false.
2843 Note that this field cannot be set when spec.os.name is windows.
2844 type: boolean
2845 procMount:
2846 description: |-
2847 procMount denotes the type of proc mount to use for the containers.
2848 The default is DefaultProcMount which uses the container runtime defaults for
2849 readonly paths and masked paths.
2850 This requires the ProcMountType feature flag to be enabled.
2851 Note that this field cannot be set when spec.os.name is windows.
2852 type: string
2853 readOnlyRootFilesystem:
2854 description: |-
2855 Whether this container has a read-only root filesystem.
2856 Default is false.
2857 Note that this field cannot be set when spec.os.name is windows.
2858 type: boolean
2859 runAsGroup:
2860 description: |-
2861 The GID to run the entrypoint of the container process.
2862 Uses runtime default if unset.
2863 May also be set in PodSecurityContext. If set in both SecurityContext and
2864 PodSecurityContext, the value specified in SecurityContext takes precedence.
2865 Note that this field cannot be set when spec.os.name is windows.
2866 format: int64
2867 type: integer
2868 runAsNonRoot:
2869 description: |-
2870 Indicates that the container must run as a non-root user.
2871 If true, the Kubelet will validate the image at runtime to ensure that it
2872 does not run as UID 0 (root) and fail to start the container if it does.
2873 If unset or false, no such validation will be performed.
2874 May also be set in PodSecurityContext. If set in both SecurityContext and
2875 PodSecurityContext, the value specified in SecurityContext takes precedence.
2876 type: boolean
2877 runAsUser:
2878 description: |-
2879 The UID to run the entrypoint of the container process.
2880 Defaults to user specified in image metadata if unspecified.
2881 May also be set in PodSecurityContext. If set in both SecurityContext and
2882 PodSecurityContext, the value specified in SecurityContext takes precedence.
2883 Note that this field cannot be set when spec.os.name is windows.
2884 format: int64
2885 type: integer
2886 seLinuxOptions:
2887 description: |-
2888 The SELinux context to be applied to the container.
2889 If unspecified, the container runtime will allocate a random SELinux context for each
2890 container. May also be set in PodSecurityContext. If set in both SecurityContext and
2891 PodSecurityContext, the value specified in SecurityContext takes precedence.
2892 Note that this field cannot be set when spec.os.name is windows.
2893 properties:
2894 level:
2895 description: Level is SELinux level label that applies
2896 to the container.
2897 type: string
2898 role:
2899 description: Role is a SELinux role label that applies
2900 to the container.
2901 type: string
2902 type:
2903 description: Type is a SELinux type label that applies
2904 to the container.
2905 type: string
2906 user:
2907 description: User is a SELinux user label that applies
2908 to the container.
2909 type: string
2910 type: object
2911 seccompProfile:
2912 description: |-
2913 The seccomp options to use by this container. If seccomp options are
2914 provided at both the pod & container level, the container options
2915 override the pod options.
2916 Note that this field cannot be set when spec.os.name is windows.
2917 properties:
2918 localhostProfile:
2919 description: |-
2920 localhostProfile indicates a profile defined in a file on the node should be used.
2921 The profile must be preconfigured on the node to work.
2922 Must be a descending path, relative to the kubelet's configured seccomp profile location.
2923 Must be set if type is "Localhost". Must NOT be set for any other type.
2924 type: string
2925 type:
2926 description: |-
2927 type indicates which kind of seccomp profile will be applied.
2928 Valid options are:
2929
2930
2931 Localhost - a profile defined in a file on the node should be used.
2932 RuntimeDefault - the container runtime default profile should be used.
2933 Unconfined - no profile should be applied.
2934 type: string
2935 required:
2936 - type
2937 type: object
2938 windowsOptions:
2939 description: |-
2940 The Windows specific settings applied to all containers.
2941 If unspecified, the options from the PodSecurityContext will be used.
2942 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
2943 Note that this field cannot be set when spec.os.name is linux.
2944 properties:
2945 gmsaCredentialSpec:
2946 description: |-
2947 GMSACredentialSpec is where the GMSA admission webhook
2948 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
2949 GMSA credential spec named by the GMSACredentialSpecName field.
2950 type: string
2951 gmsaCredentialSpecName:
2952 description: GMSACredentialSpecName is the name of the
2953 GMSA credential spec to use.
2954 type: string
2955 hostProcess:
2956 description: |-
2957 HostProcess determines if a container should be run as a 'Host Process' container.
2958 All of a Pod's containers must have the same effective HostProcess value
2959 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
2960 In addition, if HostProcess is true then HostNetwork must also be set to true.
2961 type: boolean
2962 runAsUserName:
2963 description: |-
2964 The UserName in Windows to run the entrypoint of the container process.
2965 Defaults to the user specified in image metadata if unspecified.
2966 May also be set in PodSecurityContext. If set in both SecurityContext and
2967 PodSecurityContext, the value specified in SecurityContext takes precedence.
2968 type: string
2969 type: object
2970 type: object
2971 startupProbe:
2972 description: |-
2973 StartupProbe indicates that the Pod has successfully initialized.
2974 If specified, no other probes are executed until this completes successfully.
2975 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
2976 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
2977 when it might take a long time to load data or warm a cache, than during steady-state operation.
2978 This cannot be updated.
2979 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2980 properties:
2981 exec:
2982 description: Exec specifies the action to take.
2983 properties:
2984 command:
2985 description: |-
2986 Command is the command line to execute inside the container, the working directory for the
2987 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
2988 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
2989 a shell, you need to explicitly call out to that shell.
2990 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
2991 items:
2992 type: string
2993 type: array
2994 x-kubernetes-list-type: atomic
2995 type: object
2996 failureThreshold:
2997 description: |-
2998 Minimum consecutive failures for the probe to be considered failed after having succeeded.
2999 Defaults to 3. Minimum value is 1.
3000 format: int32
3001 type: integer
3002 grpc:
3003 description: GRPC specifies an action involving a GRPC port.
3004 properties:
3005 port:
3006 description: Port number of the gRPC service. Number
3007 must be in the range 1 to 65535.
3008 format: int32
3009 type: integer
3010 service:
3011 description: |-
3012 Service is the name of the service to place in the gRPC HealthCheckRequest
3013 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
3014
3015
3016 If this is not specified, the default behavior is defined by gRPC.
3017 type: string
3018 required:
3019 - port
3020 type: object
3021 httpGet:
3022 description: HTTPGet specifies the http request to perform.
3023 properties:
3024 host:
3025 description: |-
3026 Host name to connect to, defaults to the pod IP. You probably want to set
3027 "Host" in httpHeaders instead.
3028 type: string
3029 httpHeaders:
3030 description: Custom headers to set in the request. HTTP
3031 allows repeated headers.
3032 items:
3033 description: HTTPHeader describes a custom header
3034 to be used in HTTP probes
3035 properties:
3036 name:
3037 description: |-
3038 The header field name.
3039 This will be canonicalized upon output, so case-variant names will be understood as the same header.
3040 type: string
3041 value:
3042 description: The header field value
3043 type: string
3044 required:
3045 - name
3046 - value
3047 type: object
3048 type: array
3049 x-kubernetes-list-type: atomic
3050 path:
3051 description: Path to access on the HTTP server.
3052 type: string
3053 port:
3054 anyOf:
3055 - type: integer
3056 - type: string
3057 description: |-
3058 Name or number of the port to access on the container.
3059 Number must be in the range 1 to 65535.
3060 Name must be an IANA_SVC_NAME.
3061 x-kubernetes-int-or-string: true
3062 scheme:
3063 description: |-
3064 Scheme to use for connecting to the host.
3065 Defaults to HTTP.
3066 type: string
3067 required:
3068 - port
3069 type: object
3070 initialDelaySeconds:
3071 description: |-
3072 Number of seconds after the container has started before liveness probes are initiated.
3073 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3074 format: int32
3075 type: integer
3076 periodSeconds:
3077 description: |-
3078 How often (in seconds) to perform the probe.
3079 Default to 10 seconds. Minimum value is 1.
3080 format: int32
3081 type: integer
3082 successThreshold:
3083 description: |-
3084 Minimum consecutive successes for the probe to be considered successful after having failed.
3085 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
3086 format: int32
3087 type: integer
3088 tcpSocket:
3089 description: TCPSocket specifies an action involving a TCP
3090 port.
3091 properties:
3092 host:
3093 description: 'Optional: Host name to connect to, defaults
3094 to the pod IP.'
3095 type: string
3096 port:
3097 anyOf:
3098 - type: integer
3099 - type: string
3100 description: |-
3101 Number or name of the port to access on the container.
3102 Number must be in the range 1 to 65535.
3103 Name must be an IANA_SVC_NAME.
3104 x-kubernetes-int-or-string: true
3105 required:
3106 - port
3107 type: object
3108 terminationGracePeriodSeconds:
3109 description: |-
3110 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
3111 The grace period is the duration in seconds after the processes running in the pod are sent
3112 a termination signal and the time when the processes are forcibly halted with a kill signal.
3113 Set this value longer than the expected cleanup time for your process.
3114 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
3115 value overrides the value provided by the pod spec.
3116 Value must be non-negative integer. The value zero indicates stop immediately via
3117 the kill signal (no opportunity to shut down).
3118 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
3119 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
3120 format: int64
3121 type: integer
3122 timeoutSeconds:
3123 description: |-
3124 Number of seconds after which the probe times out.
3125 Defaults to 1 second. Minimum value is 1.
3126 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3127 format: int32
3128 type: integer
3129 type: object
3130 stdin:
3131 description: |-
3132 Whether this container should allocate a buffer for stdin in the container runtime. If this
3133 is not set, reads from stdin in the container will always result in EOF.
3134 Default is false.
3135 type: boolean
3136 stdinOnce:
3137 description: |-
3138 Whether the container runtime should close the stdin channel after it has been opened by
3139 a single attach. When stdin is true the stdin stream will remain open across multiple attach
3140 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
3141 first client attaches to stdin, and then remains open and accepts data until the client disconnects,
3142 at which time stdin is closed and remains closed until the container is restarted. If this
3143 flag is false, a container processes that reads from stdin will never receive an EOF.
3144 Default is false
3145 type: boolean
3146 terminationMessagePath:
3147 description: |-
3148 Optional: Path at which the file to which the container's termination message
3149 will be written is mounted into the container's filesystem.
3150 Message written is intended to be brief final status, such as an assertion failure message.
3151 Will be truncated by the node if greater than 4096 bytes. The total message length across
3152 all containers will be limited to 12kb.
3153 Defaults to /dev/termination-log.
3154 Cannot be updated.
3155 type: string
3156 terminationMessagePolicy:
3157 description: |-
3158 Indicate how the termination message should be populated. File will use the contents of
3159 terminationMessagePath to populate the container status message on both success and failure.
3160 FallbackToLogsOnError will use the last chunk of container log output if the termination
3161 message file is empty and the container exited with an error.
3162 The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
3163 Defaults to File.
3164 Cannot be updated.
3165 type: string
3166 tty:
3167 description: |-
3168 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
3169 Default is false.
3170 type: boolean
3171 volumeDevices:
3172 description: volumeDevices is the list of block devices to be
3173 used by the container.
3174 items:
3175 description: volumeDevice describes a mapping of a raw block
3176 device within a container.
3177 properties:
3178 devicePath:
3179 description: devicePath is the path inside of the container
3180 that the device will be mapped to.
3181 type: string
3182 name:
3183 description: name must match the name of a persistentVolumeClaim
3184 in the pod
3185 type: string
3186 required:
3187 - devicePath
3188 - name
3189 type: object
3190 type: array
3191 x-kubernetes-list-map-keys:
3192 - devicePath
3193 x-kubernetes-list-type: map
3194 volumeMounts:
3195 description: |-
3196 Pod volumes to mount into the container's filesystem.
3197 Cannot be updated.
3198 items:
3199 description: VolumeMount describes a mounting of a Volume
3200 within a container.
3201 properties:
3202 mountPath:
3203 description: |-
3204 Path within the container at which the volume should be mounted. Must
3205 not contain ':'.
3206 type: string
3207 mountPropagation:
3208 description: |-
3209 mountPropagation determines how mounts are propagated from the host
3210 to container and the other way around.
3211 When not set, MountPropagationNone is used.
3212 This field is beta in 1.10.
3213 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
3214 (which defaults to None).
3215 type: string
3216 name:
3217 description: This must match the Name of a Volume.
3218 type: string
3219 readOnly:
3220 description: |-
3221 Mounted read-only if true, read-write otherwise (false or unspecified).
3222 Defaults to false.
3223 type: boolean
3224 recursiveReadOnly:
3225 description: |-
3226 RecursiveReadOnly specifies whether read-only mounts should be handled
3227 recursively.
3228
3229
3230 If ReadOnly is false, this field has no meaning and must be unspecified.
3231
3232
3233 If ReadOnly is true, and this field is set to Disabled, the mount is not made
3234 recursively read-only. If this field is set to IfPossible, the mount is made
3235 recursively read-only, if it is supported by the container runtime. If this
3236 field is set to Enabled, the mount is made recursively read-only if it is
3237 supported by the container runtime, otherwise the pod will not be started and
3238 an error will be generated to indicate the reason.
3239
3240
3241 If this field is set to IfPossible or Enabled, MountPropagation must be set to
3242 None (or be unspecified, which defaults to None).
3243
3244
3245 If this field is not specified, it is treated as an equivalent of Disabled.
3246 type: string
3247 subPath:
3248 description: |-
3249 Path within the volume from which the container's volume should be mounted.
3250 Defaults to "" (volume's root).
3251 type: string
3252 subPathExpr:
3253 description: |-
3254 Expanded path within the volume from which the container's volume should be mounted.
3255 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
3256 Defaults to "" (volume's root).
3257 SubPathExpr and SubPath are mutually exclusive.
3258 type: string
3259 required:
3260 - mountPath
3261 - name
3262 type: object
3263 type: array
3264 x-kubernetes-list-map-keys:
3265 - mountPath
3266 x-kubernetes-list-type: map
3267 workingDir:
3268 description: |-
3269 Container's working directory.
3270 If not specified, the container runtime's default will be used, which
3271 might be configured in the container image.
3272 Cannot be updated.
3273 type: string
3274 required:
3275 - name
3276 type: object
3277 type: array
3278 disableCompaction:
3279 description: When true, the Prometheus compaction is disabled.
3280 type: boolean
3281 enableAdminAPI:
3282 description: |-
3283 Enables access to the Prometheus web admin API.
3284
3285
3286 WARNING: Enabling the admin APIs enables mutating endpoints, to delete data,
3287 shutdown Prometheus, and more. Enabling this should be done with care and the
3288 user is advised to add additional authentication authorization via a proxy to
3289 ensure only clients authorized to perform these actions can do so.
3290
3291
3292 For more information:
3293 https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
3294 type: boolean
3295 enableFeatures:
3296 description: |-
3297 Enable access to Prometheus feature flags. By default, no features are enabled.
3298
3299
3300 Enabling features which are disabled by default is entirely outside the
3301 scope of what the maintainers will support and by doing so, you accept
3302 that this behaviour may break at any time without notice.
3303
3304
3305 For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/
3306 items:
3307 type: string
3308 type: array
3309 enableRemoteWriteReceiver:
3310 description: |-
3311 Enable Prometheus to be used as a receiver for the Prometheus remote
3312 write protocol.
3313
3314
3315 WARNING: This is not considered an efficient way of ingesting samples.
3316 Use it with caution for specific low-volume use cases.
3317 It is not suitable for replacing the ingestion via scraping and turning
3318 Prometheus into a push-based metrics collection system.
3319 For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver
3320
3321
3322 It requires Prometheus >= v2.33.0.
3323 type: boolean
3324 enforcedBodySizeLimit:
3325 description: |-
3326 When defined, enforcedBodySizeLimit specifies a global limit on the size
3327 of uncompressed response body that will be accepted by Prometheus.
3328 Targets responding with a body larger than this many bytes will cause
3329 the scrape to fail.
3330
3331
3332 It requires Prometheus >= v2.28.0.
3333 pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$
3334 type: string
3335 enforcedKeepDroppedTargets:
3336 description: |-
3337 When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets
3338 dropped by relabeling that will be kept in memory. The value overrides
3339 any `spec.keepDroppedTargets` set by
3340 ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is
3341 greater than zero and less than `spec.enforcedKeepDroppedTargets`.
3342
3343
3344 It requires Prometheus >= v2.47.0.
3345 format: int64
3346 type: integer
3347 enforcedLabelLimit:
3348 description: |-
3349 When defined, enforcedLabelLimit specifies a global limit on the number
3350 of labels per sample. The value overrides any `spec.labelLimit` set by
3351 ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is
3352 greater than zero and less than `spec.enforcedLabelLimit`.
3353
3354
3355 It requires Prometheus >= v2.27.0.
3356 format: int64
3357 type: integer
3358 enforcedLabelNameLengthLimit:
3359 description: |-
3360 When defined, enforcedLabelNameLengthLimit specifies a global limit on the length
3361 of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by
3362 ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is
3363 greater than zero and less than `spec.enforcedLabelNameLengthLimit`.
3364
3365
3366 It requires Prometheus >= v2.27.0.
3367 format: int64
3368 type: integer
3369 enforcedLabelValueLengthLimit:
3370 description: |-
3371 When not null, enforcedLabelValueLengthLimit defines a global limit on the length
3372 of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by
3373 ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is
3374 greater than zero and less than `spec.enforcedLabelValueLengthLimit`.
3375
3376
3377 It requires Prometheus >= v2.27.0.
3378 format: int64
3379 type: integer
3380 enforcedNamespaceLabel:
3381 description: |-
3382 When not empty, a label will be added to
3383
3384
3385 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.
3386 2. All metrics generated from recording rules defined in `PrometheusRule` objects.
3387 3. All alerts generated from alerting rules defined in `PrometheusRule` objects.
3388 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.
3389
3390
3391 The label will not added for objects referenced in `spec.excludedFromEnforcement`.
3392
3393
3394 The label's name is this field's value.
3395 The label's value is the namespace of the `ServiceMonitor`,
3396 `PodMonitor`, `Probe` or `PrometheusRule` object.
3397 type: string
3398 enforcedSampleLimit:
3399 description: |-
3400 When defined, enforcedSampleLimit specifies a global limit on the number
3401 of scraped samples that will be accepted. This overrides any
3402 `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects
3403 unless `spec.sampleLimit` is greater than zero and less than than
3404 `spec.enforcedSampleLimit`.
3405
3406
3407 It is meant to be used by admins to keep the overall number of
3408 samples/series under a desired limit.
3409 format: int64
3410 type: integer
3411 enforcedTargetLimit:
3412 description: |-
3413 When defined, enforcedTargetLimit specifies a global limit on the number
3414 of scraped targets. The value overrides any `spec.targetLimit` set by
3415 ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is
3416 greater than zero and less than `spec.enforcedTargetLimit`.
3417
3418
3419 It is meant to be used by admins to to keep the overall number of
3420 targets under a desired limit.
3421 format: int64
3422 type: integer
3423 evaluationInterval:
3424 default: 30s
3425 description: |-
3426 Interval between rule evaluations.
3427 Default: "30s"
3428 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
3429 type: string
3430 excludedFromEnforcement:
3431 description: |-
3432 List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects
3433 to be excluded from enforcing a namespace label of origin.
3434
3435
3436 It is only applicable if `spec.enforcedNamespaceLabel` set to true.
3437 items:
3438 description: ObjectReference references a PodMonitor, ServiceMonitor,
3439 Probe or PrometheusRule object.
3440 properties:
3441 group:
3442 default: monitoring.coreos.com
3443 description: Group of the referent. When not specified, it defaults
3444 to `monitoring.coreos.com`
3445 enum:
3446 - monitoring.coreos.com
3447 type: string
3448 name:
3449 description: Name of the referent. When not set, all resources
3450 in the namespace are matched.
3451 type: string
3452 namespace:
3453 description: |-
3454 Namespace of the referent.
3455 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
3456 minLength: 1
3457 type: string
3458 resource:
3459 description: Resource of the referent.
3460 enum:
3461 - prometheusrules
3462 - servicemonitors
3463 - podmonitors
3464 - probes
3465 - scrapeconfigs
3466 type: string
3467 required:
3468 - namespace
3469 - resource
3470 type: object
3471 type: array
3472 exemplars:
3473 description: |-
3474 Exemplars related settings that are runtime reloadable.
3475 It requires to enable the `exemplar-storage` feature flag to be effective.
3476 properties:
3477 maxSize:
3478 description: |-
3479 Maximum number of exemplars stored in memory for all series.
3480
3481
3482 exemplar-storage itself must be enabled using the `spec.enableFeature`
3483 option for exemplars to be scraped in the first place.
3484
3485
3486 If not set, Prometheus uses its default value. A value of zero or less
3487 than zero disables the storage.
3488 format: int64
3489 type: integer
3490 type: object
3491 externalLabels:
3492 additionalProperties:
3493 type: string
3494 description: |-
3495 The labels to add to any time series or alerts when communicating with
3496 external systems (federation, remote storage, Alertmanager).
3497 Labels defined by `spec.replicaExternalLabelName` and
3498 `spec.prometheusExternalLabelName` take precedence over this list.
3499 type: object
3500 externalUrl:
3501 description: |-
3502 The external URL under which the Prometheus service is externally
3503 available. This is necessary to generate correct URLs (for instance if
3504 Prometheus is accessible behind an Ingress resource).
3505 type: string
3506 hostAliases:
3507 description: |-
3508 Optional list of hosts and IPs that will be injected into the Pod's
3509 hosts file if specified.
3510 items:
3511 description: |-
3512 HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
3513 pod's hosts file.
3514 properties:
3515 hostnames:
3516 description: Hostnames for the above IP address.
3517 items:
3518 type: string
3519 type: array
3520 ip:
3521 description: IP address of the host file entry.
3522 type: string
3523 required:
3524 - hostnames
3525 - ip
3526 type: object
3527 type: array
3528 x-kubernetes-list-map-keys:
3529 - ip
3530 x-kubernetes-list-type: map
3531 hostNetwork:
3532 description: |-
3533 Use the host's network namespace if true.
3534
3535
3536 Make sure to understand the security implications if you want to enable
3537 it (https://kubernetes.io/docs/concepts/configuration/overview/).
3538
3539
3540 When hostNetwork is enabled, this will set the DNS policy to
3541 `ClusterFirstWithHostNet` automatically.
3542 type: boolean
3543 ignoreNamespaceSelectors:
3544 description: |-
3545 When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor
3546 and Probe objects will be ignored. They will only discover targets
3547 within the namespace of the PodMonitor, ServiceMonitor and Probe
3548 objec.
3549 type: boolean
3550 image:
3551 description: |-
3552 Container image name for Prometheus. If specified, it takes precedence
3553 over the `spec.baseImage`, `spec.tag` and `spec.sha` fields.
3554
3555
3556 Specifying `spec.version` is still necessary to ensure the Prometheus
3557 Operator knows which version of Prometheus is being configured.
3558
3559
3560 If neither `spec.image` nor `spec.baseImage` are defined, the operator
3561 will use the latest upstream version of Prometheus available at the time
3562 when the operator was released.
3563 type: string
3564 imagePullPolicy:
3565 description: |-
3566 Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers.
3567 See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.
3568 enum:
3569 - ""
3570 - Always
3571 - Never
3572 - IfNotPresent
3573 type: string
3574 imagePullSecrets:
3575 description: |-
3576 An optional list of references to Secrets in the same namespace
3577 to use for pulling images from registries.
3578 See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
3579 items:
3580 description: |-
3581 LocalObjectReference contains enough information to let you locate the
3582 referenced object inside the same namespace.
3583 properties:
3584 name:
3585 default: ""
3586 description: |-
3587 Name of the referent.
3588 This field is effectively required, but due to backwards compatibility is
3589 allowed to be empty. Instances of this type with an empty value here are
3590 almost certainly wrong.
3591 TODO: Add other useful fields. apiVersion, kind, uid?
3592 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3593 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3594 type: string
3595 type: object
3596 x-kubernetes-map-type: atomic
3597 type: array
3598 initContainers:
3599 description: |-
3600 InitContainers allows injecting initContainers to the Pod definition. Those
3601 can be used to e.g. fetch secrets for injection into the Prometheus
3602 configuration from external sources. Any errors during the execution of
3603 an initContainer will lead to a restart of the Pod. More info:
3604 https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
3605 InitContainers described here modify an operator generated init
3606 containers if they share the same name and modifications are done via a
3607 strategic merge patch.
3608
3609
3610 The names of init container name managed by the operator are:
3611 * `init-config-reloader`.
3612
3613
3614 Overriding init containers is entirely outside the scope of what the
3615 maintainers will support and by doing so, you accept that this behaviour
3616 may break at any time without notice.
3617 items:
3618 description: A single application container that you want to run
3619 within a pod.
3620 properties:
3621 args:
3622 description: |-
3623 Arguments to the entrypoint.
3624 The container image's CMD is used if this is not provided.
3625 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
3626 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
3627 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
3628 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
3629 of whether the variable exists or not. Cannot be updated.
3630 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
3631 items:
3632 type: string
3633 type: array
3634 x-kubernetes-list-type: atomic
3635 command:
3636 description: |-
3637 Entrypoint array. Not executed within a shell.
3638 The container image's ENTRYPOINT is used if this is not provided.
3639 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
3640 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
3641 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
3642 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
3643 of whether the variable exists or not. Cannot be updated.
3644 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
3645 items:
3646 type: string
3647 type: array
3648 x-kubernetes-list-type: atomic
3649 env:
3650 description: |-
3651 List of environment variables to set in the container.
3652 Cannot be updated.
3653 items:
3654 description: EnvVar represents an environment variable present
3655 in a Container.
3656 properties:
3657 name:
3658 description: Name of the environment variable. Must be
3659 a C_IDENTIFIER.
3660 type: string
3661 value:
3662 description: |-
3663 Variable references $(VAR_NAME) are expanded
3664 using the previously defined environment variables in the container and
3665 any service environment variables. If a variable cannot be resolved,
3666 the reference in the input string will be unchanged. Double $$ are reduced
3667 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
3668 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
3669 Escaped references will never be expanded, regardless of whether the variable
3670 exists or not.
3671 Defaults to "".
3672 type: string
3673 valueFrom:
3674 description: Source for the environment variable's value.
3675 Cannot be used if value is not empty.
3676 properties:
3677 configMapKeyRef:
3678 description: Selects a key of a ConfigMap.
3679 properties:
3680 key:
3681 description: The key to select.
3682 type: string
3683 name:
3684 default: ""
3685 description: |-
3686 Name of the referent.
3687 This field is effectively required, but due to backwards compatibility is
3688 allowed to be empty. Instances of this type with an empty value here are
3689 almost certainly wrong.
3690 TODO: Add other useful fields. apiVersion, kind, uid?
3691 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3692 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3693 type: string
3694 optional:
3695 description: Specify whether the ConfigMap or
3696 its key must be defined
3697 type: boolean
3698 required:
3699 - key
3700 type: object
3701 x-kubernetes-map-type: atomic
3702 fieldRef:
3703 description: |-
3704 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
3705 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
3706 properties:
3707 apiVersion:
3708 description: Version of the schema the FieldPath
3709 is written in terms of, defaults to "v1".
3710 type: string
3711 fieldPath:
3712 description: Path of the field to select in the
3713 specified API version.
3714 type: string
3715 required:
3716 - fieldPath
3717 type: object
3718 x-kubernetes-map-type: atomic
3719 resourceFieldRef:
3720 description: |-
3721 Selects a resource of the container: only resources limits and requests
3722 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
3723 properties:
3724 containerName:
3725 description: 'Container name: required for volumes,
3726 optional for env vars'
3727 type: string
3728 divisor:
3729 anyOf:
3730 - type: integer
3731 - type: string
3732 description: Specifies the output format of the
3733 exposed resources, defaults to "1"
3734 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3735 x-kubernetes-int-or-string: true
3736 resource:
3737 description: 'Required: resource to select'
3738 type: string
3739 required:
3740 - resource
3741 type: object
3742 x-kubernetes-map-type: atomic
3743 secretKeyRef:
3744 description: Selects a key of a secret in the pod's
3745 namespace
3746 properties:
3747 key:
3748 description: The key of the secret to select from. Must
3749 be a valid secret key.
3750 type: string
3751 name:
3752 default: ""
3753 description: |-
3754 Name of the referent.
3755 This field is effectively required, but due to backwards compatibility is
3756 allowed to be empty. Instances of this type with an empty value here are
3757 almost certainly wrong.
3758 TODO: Add other useful fields. apiVersion, kind, uid?
3759 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3760 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3761 type: string
3762 optional:
3763 description: Specify whether the Secret or its
3764 key must be defined
3765 type: boolean
3766 required:
3767 - key
3768 type: object
3769 x-kubernetes-map-type: atomic
3770 type: object
3771 required:
3772 - name
3773 type: object
3774 type: array
3775 x-kubernetes-list-map-keys:
3776 - name
3777 x-kubernetes-list-type: map
3778 envFrom:
3779 description: |-
3780 List of sources to populate environment variables in the container.
3781 The keys defined within a source must be a C_IDENTIFIER. All invalid keys
3782 will be reported as an event when the container is starting. When a key exists in multiple
3783 sources, the value associated with the last source will take precedence.
3784 Values defined by an Env with a duplicate key will take precedence.
3785 Cannot be updated.
3786 items:
3787 description: EnvFromSource represents the source of a set
3788 of ConfigMaps
3789 properties:
3790 configMapRef:
3791 description: The ConfigMap to select from
3792 properties:
3793 name:
3794 default: ""
3795 description: |-
3796 Name of the referent.
3797 This field is effectively required, but due to backwards compatibility is
3798 allowed to be empty. Instances of this type with an empty value here are
3799 almost certainly wrong.
3800 TODO: Add other useful fields. apiVersion, kind, uid?
3801 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3802 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3803 type: string
3804 optional:
3805 description: Specify whether the ConfigMap must be
3806 defined
3807 type: boolean
3808 type: object
3809 x-kubernetes-map-type: atomic
3810 prefix:
3811 description: An optional identifier to prepend to each
3812 key in the ConfigMap. Must be a C_IDENTIFIER.
3813 type: string
3814 secretRef:
3815 description: The Secret to select from
3816 properties:
3817 name:
3818 default: ""
3819 description: |-
3820 Name of the referent.
3821 This field is effectively required, but due to backwards compatibility is
3822 allowed to be empty. Instances of this type with an empty value here are
3823 almost certainly wrong.
3824 TODO: Add other useful fields. apiVersion, kind, uid?
3825 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3826 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3827 type: string
3828 optional:
3829 description: Specify whether the Secret must be defined
3830 type: boolean
3831 type: object
3832 x-kubernetes-map-type: atomic
3833 type: object
3834 type: array
3835 x-kubernetes-list-type: atomic
3836 image:
3837 description: |-
3838 Container image name.
3839 More info: https://kubernetes.io/docs/concepts/containers/images
3840 This field is optional to allow higher level config management to default or override
3841 container images in workload controllers like Deployments and StatefulSets.
3842 type: string
3843 imagePullPolicy:
3844 description: |-
3845 Image pull policy.
3846 One of Always, Never, IfNotPresent.
3847 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
3848 Cannot be updated.
3849 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
3850 type: string
3851 lifecycle:
3852 description: |-
3853 Actions that the management system should take in response to container lifecycle events.
3854 Cannot be updated.
3855 properties:
3856 postStart:
3857 description: |-
3858 PostStart is called immediately after a container is created. If the handler fails,
3859 the container is terminated and restarted according to its restart policy.
3860 Other management of the container blocks until the hook completes.
3861 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
3862 properties:
3863 exec:
3864 description: Exec specifies the action to take.
3865 properties:
3866 command:
3867 description: |-
3868 Command is the command line to execute inside the container, the working directory for the
3869 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
3870 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
3871 a shell, you need to explicitly call out to that shell.
3872 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3873 items:
3874 type: string
3875 type: array
3876 x-kubernetes-list-type: atomic
3877 type: object
3878 httpGet:
3879 description: HTTPGet specifies the http request to perform.
3880 properties:
3881 host:
3882 description: |-
3883 Host name to connect to, defaults to the pod IP. You probably want to set
3884 "Host" in httpHeaders instead.
3885 type: string
3886 httpHeaders:
3887 description: Custom headers to set in the request.
3888 HTTP allows repeated headers.
3889 items:
3890 description: HTTPHeader describes a custom header
3891 to be used in HTTP probes
3892 properties:
3893 name:
3894 description: |-
3895 The header field name.
3896 This will be canonicalized upon output, so case-variant names will be understood as the same header.
3897 type: string
3898 value:
3899 description: The header field value
3900 type: string
3901 required:
3902 - name
3903 - value
3904 type: object
3905 type: array
3906 x-kubernetes-list-type: atomic
3907 path:
3908 description: Path to access on the HTTP server.
3909 type: string
3910 port:
3911 anyOf:
3912 - type: integer
3913 - type: string
3914 description: |-
3915 Name or number of the port to access on the container.
3916 Number must be in the range 1 to 65535.
3917 Name must be an IANA_SVC_NAME.
3918 x-kubernetes-int-or-string: true
3919 scheme:
3920 description: |-
3921 Scheme to use for connecting to the host.
3922 Defaults to HTTP.
3923 type: string
3924 required:
3925 - port
3926 type: object
3927 sleep:
3928 description: Sleep represents the duration that the
3929 container should sleep before being terminated.
3930 properties:
3931 seconds:
3932 description: Seconds is the number of seconds to
3933 sleep.
3934 format: int64
3935 type: integer
3936 required:
3937 - seconds
3938 type: object
3939 tcpSocket:
3940 description: |-
3941 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
3942 for the backward compatibility. There are no validation of this field and
3943 lifecycle hooks will fail in runtime when tcp handler is specified.
3944 properties:
3945 host:
3946 description: 'Optional: Host name to connect to,
3947 defaults to the pod IP.'
3948 type: string
3949 port:
3950 anyOf:
3951 - type: integer
3952 - type: string
3953 description: |-
3954 Number or name of the port to access on the container.
3955 Number must be in the range 1 to 65535.
3956 Name must be an IANA_SVC_NAME.
3957 x-kubernetes-int-or-string: true
3958 required:
3959 - port
3960 type: object
3961 type: object
3962 preStop:
3963 description: |-
3964 PreStop is called immediately before a container is terminated due to an
3965 API request or management event such as liveness/startup probe failure,
3966 preemption, resource contention, etc. The handler is not called if the
3967 container crashes or exits. The Pod's termination grace period countdown begins before the
3968 PreStop hook is executed. Regardless of the outcome of the handler, the
3969 container will eventually terminate within the Pod's termination grace
3970 period (unless delayed by finalizers). Other management of the container blocks until the hook completes
3971 or until the termination grace period is reached.
3972 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
3973 properties:
3974 exec:
3975 description: Exec specifies the action to take.
3976 properties:
3977 command:
3978 description: |-
3979 Command is the command line to execute inside the container, the working directory for the
3980 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
3981 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
3982 a shell, you need to explicitly call out to that shell.
3983 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3984 items:
3985 type: string
3986 type: array
3987 x-kubernetes-list-type: atomic
3988 type: object
3989 httpGet:
3990 description: HTTPGet specifies the http request to perform.
3991 properties:
3992 host:
3993 description: |-
3994 Host name to connect to, defaults to the pod IP. You probably want to set
3995 "Host" in httpHeaders instead.
3996 type: string
3997 httpHeaders:
3998 description: Custom headers to set in the request.
3999 HTTP allows repeated headers.
4000 items:
4001 description: HTTPHeader describes a custom header
4002 to be used in HTTP probes
4003 properties:
4004 name:
4005 description: |-
4006 The header field name.
4007 This will be canonicalized upon output, so case-variant names will be understood as the same header.
4008 type: string
4009 value:
4010 description: The header field value
4011 type: string
4012 required:
4013 - name
4014 - value
4015 type: object
4016 type: array
4017 x-kubernetes-list-type: atomic
4018 path:
4019 description: Path to access on the HTTP server.
4020 type: string
4021 port:
4022 anyOf:
4023 - type: integer
4024 - type: string
4025 description: |-
4026 Name or number of the port to access on the container.
4027 Number must be in the range 1 to 65535.
4028 Name must be an IANA_SVC_NAME.
4029 x-kubernetes-int-or-string: true
4030 scheme:
4031 description: |-
4032 Scheme to use for connecting to the host.
4033 Defaults to HTTP.
4034 type: string
4035 required:
4036 - port
4037 type: object
4038 sleep:
4039 description: Sleep represents the duration that the
4040 container should sleep before being terminated.
4041 properties:
4042 seconds:
4043 description: Seconds is the number of seconds to
4044 sleep.
4045 format: int64
4046 type: integer
4047 required:
4048 - seconds
4049 type: object
4050 tcpSocket:
4051 description: |-
4052 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
4053 for the backward compatibility. There are no validation of this field and
4054 lifecycle hooks will fail in runtime when tcp handler is specified.
4055 properties:
4056 host:
4057 description: 'Optional: Host name to connect to,
4058 defaults to the pod IP.'
4059 type: string
4060 port:
4061 anyOf:
4062 - type: integer
4063 - type: string
4064 description: |-
4065 Number or name of the port to access on the container.
4066 Number must be in the range 1 to 65535.
4067 Name must be an IANA_SVC_NAME.
4068 x-kubernetes-int-or-string: true
4069 required:
4070 - port
4071 type: object
4072 type: object
4073 type: object
4074 livenessProbe:
4075 description: |-
4076 Periodic probe of container liveness.
4077 Container will be restarted if the probe fails.
4078 Cannot be updated.
4079 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4080 properties:
4081 exec:
4082 description: Exec specifies the action to take.
4083 properties:
4084 command:
4085 description: |-
4086 Command is the command line to execute inside the container, the working directory for the
4087 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
4088 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
4089 a shell, you need to explicitly call out to that shell.
4090 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
4091 items:
4092 type: string
4093 type: array
4094 x-kubernetes-list-type: atomic
4095 type: object
4096 failureThreshold:
4097 description: |-
4098 Minimum consecutive failures for the probe to be considered failed after having succeeded.
4099 Defaults to 3. Minimum value is 1.
4100 format: int32
4101 type: integer
4102 grpc:
4103 description: GRPC specifies an action involving a GRPC port.
4104 properties:
4105 port:
4106 description: Port number of the gRPC service. Number
4107 must be in the range 1 to 65535.
4108 format: int32
4109 type: integer
4110 service:
4111 description: |-
4112 Service is the name of the service to place in the gRPC HealthCheckRequest
4113 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
4114
4115
4116 If this is not specified, the default behavior is defined by gRPC.
4117 type: string
4118 required:
4119 - port
4120 type: object
4121 httpGet:
4122 description: HTTPGet specifies the http request to perform.
4123 properties:
4124 host:
4125 description: |-
4126 Host name to connect to, defaults to the pod IP. You probably want to set
4127 "Host" in httpHeaders instead.
4128 type: string
4129 httpHeaders:
4130 description: Custom headers to set in the request. HTTP
4131 allows repeated headers.
4132 items:
4133 description: HTTPHeader describes a custom header
4134 to be used in HTTP probes
4135 properties:
4136 name:
4137 description: |-
4138 The header field name.
4139 This will be canonicalized upon output, so case-variant names will be understood as the same header.
4140 type: string
4141 value:
4142 description: The header field value
4143 type: string
4144 required:
4145 - name
4146 - value
4147 type: object
4148 type: array
4149 x-kubernetes-list-type: atomic
4150 path:
4151 description: Path to access on the HTTP server.
4152 type: string
4153 port:
4154 anyOf:
4155 - type: integer
4156 - type: string
4157 description: |-
4158 Name or number of the port to access on the container.
4159 Number must be in the range 1 to 65535.
4160 Name must be an IANA_SVC_NAME.
4161 x-kubernetes-int-or-string: true
4162 scheme:
4163 description: |-
4164 Scheme to use for connecting to the host.
4165 Defaults to HTTP.
4166 type: string
4167 required:
4168 - port
4169 type: object
4170 initialDelaySeconds:
4171 description: |-
4172 Number of seconds after the container has started before liveness probes are initiated.
4173 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4174 format: int32
4175 type: integer
4176 periodSeconds:
4177 description: |-
4178 How often (in seconds) to perform the probe.
4179 Default to 10 seconds. Minimum value is 1.
4180 format: int32
4181 type: integer
4182 successThreshold:
4183 description: |-
4184 Minimum consecutive successes for the probe to be considered successful after having failed.
4185 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
4186 format: int32
4187 type: integer
4188 tcpSocket:
4189 description: TCPSocket specifies an action involving a TCP
4190 port.
4191 properties:
4192 host:
4193 description: 'Optional: Host name to connect to, defaults
4194 to the pod IP.'
4195 type: string
4196 port:
4197 anyOf:
4198 - type: integer
4199 - type: string
4200 description: |-
4201 Number or name of the port to access on the container.
4202 Number must be in the range 1 to 65535.
4203 Name must be an IANA_SVC_NAME.
4204 x-kubernetes-int-or-string: true
4205 required:
4206 - port
4207 type: object
4208 terminationGracePeriodSeconds:
4209 description: |-
4210 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
4211 The grace period is the duration in seconds after the processes running in the pod are sent
4212 a termination signal and the time when the processes are forcibly halted with a kill signal.
4213 Set this value longer than the expected cleanup time for your process.
4214 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
4215 value overrides the value provided by the pod spec.
4216 Value must be non-negative integer. The value zero indicates stop immediately via
4217 the kill signal (no opportunity to shut down).
4218 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
4219 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
4220 format: int64
4221 type: integer
4222 timeoutSeconds:
4223 description: |-
4224 Number of seconds after which the probe times out.
4225 Defaults to 1 second. Minimum value is 1.
4226 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4227 format: int32
4228 type: integer
4229 type: object
4230 name:
4231 description: |-
4232 Name of the container specified as a DNS_LABEL.
4233 Each container in a pod must have a unique name (DNS_LABEL).
4234 Cannot be updated.
4235 type: string
4236 ports:
4237 description: |-
4238 List of ports to expose from the container. Not specifying a port here
4239 DOES NOT prevent that port from being exposed. Any port which is
4240 listening on the default "0.0.0.0" address inside a container will be
4241 accessible from the network.
4242 Modifying this array with strategic merge patch may corrupt the data.
4243 For more information See https://github.com/kubernetes/kubernetes/issues/108255.
4244 Cannot be updated.
4245 items:
4246 description: ContainerPort represents a network port in a
4247 single container.
4248 properties:
4249 containerPort:
4250 description: |-
4251 Number of port to expose on the pod's IP address.
4252 This must be a valid port number, 0 < x < 65536.
4253 format: int32
4254 type: integer
4255 hostIP:
4256 description: What host IP to bind the external port to.
4257 type: string
4258 hostPort:
4259 description: |-
4260 Number of port to expose on the host.
4261 If specified, this must be a valid port number, 0 < x < 65536.
4262 If HostNetwork is specified, this must match ContainerPort.
4263 Most containers do not need this.
4264 format: int32
4265 type: integer
4266 name:
4267 description: |-
4268 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
4269 named port in a pod must have a unique name. Name for the port that can be
4270 referred to by services.
4271 type: string
4272 protocol:
4273 default: TCP
4274 description: |-
4275 Protocol for port. Must be UDP, TCP, or SCTP.
4276 Defaults to "TCP".
4277 type: string
4278 required:
4279 - containerPort
4280 type: object
4281 type: array
4282 x-kubernetes-list-map-keys:
4283 - containerPort
4284 - protocol
4285 x-kubernetes-list-type: map
4286 readinessProbe:
4287 description: |-
4288 Periodic probe of container service readiness.
4289 Container will be removed from service endpoints if the probe fails.
4290 Cannot be updated.
4291 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4292 properties:
4293 exec:
4294 description: Exec specifies the action to take.
4295 properties:
4296 command:
4297 description: |-
4298 Command is the command line to execute inside the container, the working directory for the
4299 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
4300 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
4301 a shell, you need to explicitly call out to that shell.
4302 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
4303 items:
4304 type: string
4305 type: array
4306 x-kubernetes-list-type: atomic
4307 type: object
4308 failureThreshold:
4309 description: |-
4310 Minimum consecutive failures for the probe to be considered failed after having succeeded.
4311 Defaults to 3. Minimum value is 1.
4312 format: int32
4313 type: integer
4314 grpc:
4315 description: GRPC specifies an action involving a GRPC port.
4316 properties:
4317 port:
4318 description: Port number of the gRPC service. Number
4319 must be in the range 1 to 65535.
4320 format: int32
4321 type: integer
4322 service:
4323 description: |-
4324 Service is the name of the service to place in the gRPC HealthCheckRequest
4325 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
4326
4327
4328 If this is not specified, the default behavior is defined by gRPC.
4329 type: string
4330 required:
4331 - port
4332 type: object
4333 httpGet:
4334 description: HTTPGet specifies the http request to perform.
4335 properties:
4336 host:
4337 description: |-
4338 Host name to connect to, defaults to the pod IP. You probably want to set
4339 "Host" in httpHeaders instead.
4340 type: string
4341 httpHeaders:
4342 description: Custom headers to set in the request. HTTP
4343 allows repeated headers.
4344 items:
4345 description: HTTPHeader describes a custom header
4346 to be used in HTTP probes
4347 properties:
4348 name:
4349 description: |-
4350 The header field name.
4351 This will be canonicalized upon output, so case-variant names will be understood as the same header.
4352 type: string
4353 value:
4354 description: The header field value
4355 type: string
4356 required:
4357 - name
4358 - value
4359 type: object
4360 type: array
4361 x-kubernetes-list-type: atomic
4362 path:
4363 description: Path to access on the HTTP server.
4364 type: string
4365 port:
4366 anyOf:
4367 - type: integer
4368 - type: string
4369 description: |-
4370 Name or number of the port to access on the container.
4371 Number must be in the range 1 to 65535.
4372 Name must be an IANA_SVC_NAME.
4373 x-kubernetes-int-or-string: true
4374 scheme:
4375 description: |-
4376 Scheme to use for connecting to the host.
4377 Defaults to HTTP.
4378 type: string
4379 required:
4380 - port
4381 type: object
4382 initialDelaySeconds:
4383 description: |-
4384 Number of seconds after the container has started before liveness probes are initiated.
4385 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4386 format: int32
4387 type: integer
4388 periodSeconds:
4389 description: |-
4390 How often (in seconds) to perform the probe.
4391 Default to 10 seconds. Minimum value is 1.
4392 format: int32
4393 type: integer
4394 successThreshold:
4395 description: |-
4396 Minimum consecutive successes for the probe to be considered successful after having failed.
4397 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
4398 format: int32
4399 type: integer
4400 tcpSocket:
4401 description: TCPSocket specifies an action involving a TCP
4402 port.
4403 properties:
4404 host:
4405 description: 'Optional: Host name to connect to, defaults
4406 to the pod IP.'
4407 type: string
4408 port:
4409 anyOf:
4410 - type: integer
4411 - type: string
4412 description: |-
4413 Number or name of the port to access on the container.
4414 Number must be in the range 1 to 65535.
4415 Name must be an IANA_SVC_NAME.
4416 x-kubernetes-int-or-string: true
4417 required:
4418 - port
4419 type: object
4420 terminationGracePeriodSeconds:
4421 description: |-
4422 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
4423 The grace period is the duration in seconds after the processes running in the pod are sent
4424 a termination signal and the time when the processes are forcibly halted with a kill signal.
4425 Set this value longer than the expected cleanup time for your process.
4426 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
4427 value overrides the value provided by the pod spec.
4428 Value must be non-negative integer. The value zero indicates stop immediately via
4429 the kill signal (no opportunity to shut down).
4430 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
4431 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
4432 format: int64
4433 type: integer
4434 timeoutSeconds:
4435 description: |-
4436 Number of seconds after which the probe times out.
4437 Defaults to 1 second. Minimum value is 1.
4438 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4439 format: int32
4440 type: integer
4441 type: object
4442 resizePolicy:
4443 description: Resources resize policy for the container.
4444 items:
4445 description: ContainerResizePolicy represents resource resize
4446 policy for the container.
4447 properties:
4448 resourceName:
4449 description: |-
4450 Name of the resource to which this resource resize policy applies.
4451 Supported values: cpu, memory.
4452 type: string
4453 restartPolicy:
4454 description: |-
4455 Restart policy to apply when specified resource is resized.
4456 If not specified, it defaults to NotRequired.
4457 type: string
4458 required:
4459 - resourceName
4460 - restartPolicy
4461 type: object
4462 type: array
4463 x-kubernetes-list-type: atomic
4464 resources:
4465 description: |-
4466 Compute Resources required by this container.
4467 Cannot be updated.
4468 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
4469 properties:
4470 claims:
4471 description: |-
4472 Claims lists the names of resources, defined in spec.resourceClaims,
4473 that are used by this container.
4474
4475
4476 This is an alpha field and requires enabling the
4477 DynamicResourceAllocation feature gate.
4478
4479
4480 This field is immutable. It can only be set for containers.
4481 items:
4482 description: ResourceClaim references one entry in PodSpec.ResourceClaims.
4483 properties:
4484 name:
4485 description: |-
4486 Name must match the name of one entry in pod.spec.resourceClaims of
4487 the Pod where this field is used. It makes that resource available
4488 inside a container.
4489 type: string
4490 required:
4491 - name
4492 type: object
4493 type: array
4494 x-kubernetes-list-map-keys:
4495 - name
4496 x-kubernetes-list-type: map
4497 limits:
4498 additionalProperties:
4499 anyOf:
4500 - type: integer
4501 - type: string
4502 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4503 x-kubernetes-int-or-string: true
4504 description: |-
4505 Limits describes the maximum amount of compute resources allowed.
4506 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
4507 type: object
4508 requests:
4509 additionalProperties:
4510 anyOf:
4511 - type: integer
4512 - type: string
4513 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4514 x-kubernetes-int-or-string: true
4515 description: |-
4516 Requests describes the minimum amount of compute resources required.
4517 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
4518 otherwise to an implementation-defined value. Requests cannot exceed Limits.
4519 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
4520 type: object
4521 type: object
4522 restartPolicy:
4523 description: |-
4524 RestartPolicy defines the restart behavior of individual containers in a pod.
4525 This field may only be set for init containers, and the only allowed value is "Always".
4526 For non-init containers or when this field is not specified,
4527 the restart behavior is defined by the Pod's restart policy and the container type.
4528 Setting the RestartPolicy as "Always" for the init container will have the following effect:
4529 this init container will be continually restarted on
4530 exit until all regular containers have terminated. Once all regular
4531 containers have completed, all init containers with restartPolicy "Always"
4532 will be shut down. This lifecycle differs from normal init containers and
4533 is often referred to as a "sidecar" container. Although this init
4534 container still starts in the init container sequence, it does not wait
4535 for the container to complete before proceeding to the next init
4536 container. Instead, the next init container starts immediately after this
4537 init container is started, or after any startupProbe has successfully
4538 completed.
4539 type: string
4540 securityContext:
4541 description: |-
4542 SecurityContext defines the security options the container should be run with.
4543 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
4544 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
4545 properties:
4546 allowPrivilegeEscalation:
4547 description: |-
4548 AllowPrivilegeEscalation controls whether a process can gain more
4549 privileges than its parent process. This bool directly controls if
4550 the no_new_privs flag will be set on the container process.
4551 AllowPrivilegeEscalation is true always when the container is:
4552 1) run as Privileged
4553 2) has CAP_SYS_ADMIN
4554 Note that this field cannot be set when spec.os.name is windows.
4555 type: boolean
4556 appArmorProfile:
4557 description: |-
4558 appArmorProfile is the AppArmor options to use by this container. If set, this profile
4559 overrides the pod's appArmorProfile.
4560 Note that this field cannot be set when spec.os.name is windows.
4561 properties:
4562 localhostProfile:
4563 description: |-
4564 localhostProfile indicates a profile loaded on the node that should be used.
4565 The profile must be preconfigured on the node to work.
4566 Must match the loaded name of the profile.
4567 Must be set if and only if type is "Localhost".
4568 type: string
4569 type:
4570 description: |-
4571 type indicates which kind of AppArmor profile will be applied.
4572 Valid options are:
4573 Localhost - a profile pre-loaded on the node.
4574 RuntimeDefault - the container runtime's default profile.
4575 Unconfined - no AppArmor enforcement.
4576 type: string
4577 required:
4578 - type
4579 type: object
4580 capabilities:
4581 description: |-
4582 The capabilities to add/drop when running containers.
4583 Defaults to the default set of capabilities granted by the container runtime.
4584 Note that this field cannot be set when spec.os.name is windows.
4585 properties:
4586 add:
4587 description: Added capabilities
4588 items:
4589 description: Capability represent POSIX capabilities
4590 type
4591 type: string
4592 type: array
4593 x-kubernetes-list-type: atomic
4594 drop:
4595 description: Removed capabilities
4596 items:
4597 description: Capability represent POSIX capabilities
4598 type
4599 type: string
4600 type: array
4601 x-kubernetes-list-type: atomic
4602 type: object
4603 privileged:
4604 description: |-
4605 Run container in privileged mode.
4606 Processes in privileged containers are essentially equivalent to root on the host.
4607 Defaults to false.
4608 Note that this field cannot be set when spec.os.name is windows.
4609 type: boolean
4610 procMount:
4611 description: |-
4612 procMount denotes the type of proc mount to use for the containers.
4613 The default is DefaultProcMount which uses the container runtime defaults for
4614 readonly paths and masked paths.
4615 This requires the ProcMountType feature flag to be enabled.
4616 Note that this field cannot be set when spec.os.name is windows.
4617 type: string
4618 readOnlyRootFilesystem:
4619 description: |-
4620 Whether this container has a read-only root filesystem.
4621 Default is false.
4622 Note that this field cannot be set when spec.os.name is windows.
4623 type: boolean
4624 runAsGroup:
4625 description: |-
4626 The GID to run the entrypoint of the container process.
4627 Uses runtime default if unset.
4628 May also be set in PodSecurityContext. If set in both SecurityContext and
4629 PodSecurityContext, the value specified in SecurityContext takes precedence.
4630 Note that this field cannot be set when spec.os.name is windows.
4631 format: int64
4632 type: integer
4633 runAsNonRoot:
4634 description: |-
4635 Indicates that the container must run as a non-root user.
4636 If true, the Kubelet will validate the image at runtime to ensure that it
4637 does not run as UID 0 (root) and fail to start the container if it does.
4638 If unset or false, no such validation will be performed.
4639 May also be set in PodSecurityContext. If set in both SecurityContext and
4640 PodSecurityContext, the value specified in SecurityContext takes precedence.
4641 type: boolean
4642 runAsUser:
4643 description: |-
4644 The UID to run the entrypoint of the container process.
4645 Defaults to user specified in image metadata if unspecified.
4646 May also be set in PodSecurityContext. If set in both SecurityContext and
4647 PodSecurityContext, the value specified in SecurityContext takes precedence.
4648 Note that this field cannot be set when spec.os.name is windows.
4649 format: int64
4650 type: integer
4651 seLinuxOptions:
4652 description: |-
4653 The SELinux context to be applied to the container.
4654 If unspecified, the container runtime will allocate a random SELinux context for each
4655 container. May also be set in PodSecurityContext. If set in both SecurityContext and
4656 PodSecurityContext, the value specified in SecurityContext takes precedence.
4657 Note that this field cannot be set when spec.os.name is windows.
4658 properties:
4659 level:
4660 description: Level is SELinux level label that applies
4661 to the container.
4662 type: string
4663 role:
4664 description: Role is a SELinux role label that applies
4665 to the container.
4666 type: string
4667 type:
4668 description: Type is a SELinux type label that applies
4669 to the container.
4670 type: string
4671 user:
4672 description: User is a SELinux user label that applies
4673 to the container.
4674 type: string
4675 type: object
4676 seccompProfile:
4677 description: |-
4678 The seccomp options to use by this container. If seccomp options are
4679 provided at both the pod & container level, the container options
4680 override the pod options.
4681 Note that this field cannot be set when spec.os.name is windows.
4682 properties:
4683 localhostProfile:
4684 description: |-
4685 localhostProfile indicates a profile defined in a file on the node should be used.
4686 The profile must be preconfigured on the node to work.
4687 Must be a descending path, relative to the kubelet's configured seccomp profile location.
4688 Must be set if type is "Localhost". Must NOT be set for any other type.
4689 type: string
4690 type:
4691 description: |-
4692 type indicates which kind of seccomp profile will be applied.
4693 Valid options are:
4694
4695
4696 Localhost - a profile defined in a file on the node should be used.
4697 RuntimeDefault - the container runtime default profile should be used.
4698 Unconfined - no profile should be applied.
4699 type: string
4700 required:
4701 - type
4702 type: object
4703 windowsOptions:
4704 description: |-
4705 The Windows specific settings applied to all containers.
4706 If unspecified, the options from the PodSecurityContext will be used.
4707 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
4708 Note that this field cannot be set when spec.os.name is linux.
4709 properties:
4710 gmsaCredentialSpec:
4711 description: |-
4712 GMSACredentialSpec is where the GMSA admission webhook
4713 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
4714 GMSA credential spec named by the GMSACredentialSpecName field.
4715 type: string
4716 gmsaCredentialSpecName:
4717 description: GMSACredentialSpecName is the name of the
4718 GMSA credential spec to use.
4719 type: string
4720 hostProcess:
4721 description: |-
4722 HostProcess determines if a container should be run as a 'Host Process' container.
4723 All of a Pod's containers must have the same effective HostProcess value
4724 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
4725 In addition, if HostProcess is true then HostNetwork must also be set to true.
4726 type: boolean
4727 runAsUserName:
4728 description: |-
4729 The UserName in Windows to run the entrypoint of the container process.
4730 Defaults to the user specified in image metadata if unspecified.
4731 May also be set in PodSecurityContext. If set in both SecurityContext and
4732 PodSecurityContext, the value specified in SecurityContext takes precedence.
4733 type: string
4734 type: object
4735 type: object
4736 startupProbe:
4737 description: |-
4738 StartupProbe indicates that the Pod has successfully initialized.
4739 If specified, no other probes are executed until this completes successfully.
4740 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
4741 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
4742 when it might take a long time to load data or warm a cache, than during steady-state operation.
4743 This cannot be updated.
4744 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4745 properties:
4746 exec:
4747 description: Exec specifies the action to take.
4748 properties:
4749 command:
4750 description: |-
4751 Command is the command line to execute inside the container, the working directory for the
4752 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
4753 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
4754 a shell, you need to explicitly call out to that shell.
4755 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
4756 items:
4757 type: string
4758 type: array
4759 x-kubernetes-list-type: atomic
4760 type: object
4761 failureThreshold:
4762 description: |-
4763 Minimum consecutive failures for the probe to be considered failed after having succeeded.
4764 Defaults to 3. Minimum value is 1.
4765 format: int32
4766 type: integer
4767 grpc:
4768 description: GRPC specifies an action involving a GRPC port.
4769 properties:
4770 port:
4771 description: Port number of the gRPC service. Number
4772 must be in the range 1 to 65535.
4773 format: int32
4774 type: integer
4775 service:
4776 description: |-
4777 Service is the name of the service to place in the gRPC HealthCheckRequest
4778 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
4779
4780
4781 If this is not specified, the default behavior is defined by gRPC.
4782 type: string
4783 required:
4784 - port
4785 type: object
4786 httpGet:
4787 description: HTTPGet specifies the http request to perform.
4788 properties:
4789 host:
4790 description: |-
4791 Host name to connect to, defaults to the pod IP. You probably want to set
4792 "Host" in httpHeaders instead.
4793 type: string
4794 httpHeaders:
4795 description: Custom headers to set in the request. HTTP
4796 allows repeated headers.
4797 items:
4798 description: HTTPHeader describes a custom header
4799 to be used in HTTP probes
4800 properties:
4801 name:
4802 description: |-
4803 The header field name.
4804 This will be canonicalized upon output, so case-variant names will be understood as the same header.
4805 type: string
4806 value:
4807 description: The header field value
4808 type: string
4809 required:
4810 - name
4811 - value
4812 type: object
4813 type: array
4814 x-kubernetes-list-type: atomic
4815 path:
4816 description: Path to access on the HTTP server.
4817 type: string
4818 port:
4819 anyOf:
4820 - type: integer
4821 - type: string
4822 description: |-
4823 Name or number of the port to access on the container.
4824 Number must be in the range 1 to 65535.
4825 Name must be an IANA_SVC_NAME.
4826 x-kubernetes-int-or-string: true
4827 scheme:
4828 description: |-
4829 Scheme to use for connecting to the host.
4830 Defaults to HTTP.
4831 type: string
4832 required:
4833 - port
4834 type: object
4835 initialDelaySeconds:
4836 description: |-
4837 Number of seconds after the container has started before liveness probes are initiated.
4838 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4839 format: int32
4840 type: integer
4841 periodSeconds:
4842 description: |-
4843 How often (in seconds) to perform the probe.
4844 Default to 10 seconds. Minimum value is 1.
4845 format: int32
4846 type: integer
4847 successThreshold:
4848 description: |-
4849 Minimum consecutive successes for the probe to be considered successful after having failed.
4850 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
4851 format: int32
4852 type: integer
4853 tcpSocket:
4854 description: TCPSocket specifies an action involving a TCP
4855 port.
4856 properties:
4857 host:
4858 description: 'Optional: Host name to connect to, defaults
4859 to the pod IP.'
4860 type: string
4861 port:
4862 anyOf:
4863 - type: integer
4864 - type: string
4865 description: |-
4866 Number or name of the port to access on the container.
4867 Number must be in the range 1 to 65535.
4868 Name must be an IANA_SVC_NAME.
4869 x-kubernetes-int-or-string: true
4870 required:
4871 - port
4872 type: object
4873 terminationGracePeriodSeconds:
4874 description: |-
4875 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
4876 The grace period is the duration in seconds after the processes running in the pod are sent
4877 a termination signal and the time when the processes are forcibly halted with a kill signal.
4878 Set this value longer than the expected cleanup time for your process.
4879 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
4880 value overrides the value provided by the pod spec.
4881 Value must be non-negative integer. The value zero indicates stop immediately via
4882 the kill signal (no opportunity to shut down).
4883 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
4884 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
4885 format: int64
4886 type: integer
4887 timeoutSeconds:
4888 description: |-
4889 Number of seconds after which the probe times out.
4890 Defaults to 1 second. Minimum value is 1.
4891 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4892 format: int32
4893 type: integer
4894 type: object
4895 stdin:
4896 description: |-
4897 Whether this container should allocate a buffer for stdin in the container runtime. If this
4898 is not set, reads from stdin in the container will always result in EOF.
4899 Default is false.
4900 type: boolean
4901 stdinOnce:
4902 description: |-
4903 Whether the container runtime should close the stdin channel after it has been opened by
4904 a single attach. When stdin is true the stdin stream will remain open across multiple attach
4905 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
4906 first client attaches to stdin, and then remains open and accepts data until the client disconnects,
4907 at which time stdin is closed and remains closed until the container is restarted. If this
4908 flag is false, a container processes that reads from stdin will never receive an EOF.
4909 Default is false
4910 type: boolean
4911 terminationMessagePath:
4912 description: |-
4913 Optional: Path at which the file to which the container's termination message
4914 will be written is mounted into the container's filesystem.
4915 Message written is intended to be brief final status, such as an assertion failure message.
4916 Will be truncated by the node if greater than 4096 bytes. The total message length across
4917 all containers will be limited to 12kb.
4918 Defaults to /dev/termination-log.
4919 Cannot be updated.
4920 type: string
4921 terminationMessagePolicy:
4922 description: |-
4923 Indicate how the termination message should be populated. File will use the contents of
4924 terminationMessagePath to populate the container status message on both success and failure.
4925 FallbackToLogsOnError will use the last chunk of container log output if the termination
4926 message file is empty and the container exited with an error.
4927 The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
4928 Defaults to File.
4929 Cannot be updated.
4930 type: string
4931 tty:
4932 description: |-
4933 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
4934 Default is false.
4935 type: boolean
4936 volumeDevices:
4937 description: volumeDevices is the list of block devices to be
4938 used by the container.
4939 items:
4940 description: volumeDevice describes a mapping of a raw block
4941 device within a container.
4942 properties:
4943 devicePath:
4944 description: devicePath is the path inside of the container
4945 that the device will be mapped to.
4946 type: string
4947 name:
4948 description: name must match the name of a persistentVolumeClaim
4949 in the pod
4950 type: string
4951 required:
4952 - devicePath
4953 - name
4954 type: object
4955 type: array
4956 x-kubernetes-list-map-keys:
4957 - devicePath
4958 x-kubernetes-list-type: map
4959 volumeMounts:
4960 description: |-
4961 Pod volumes to mount into the container's filesystem.
4962 Cannot be updated.
4963 items:
4964 description: VolumeMount describes a mounting of a Volume
4965 within a container.
4966 properties:
4967 mountPath:
4968 description: |-
4969 Path within the container at which the volume should be mounted. Must
4970 not contain ':'.
4971 type: string
4972 mountPropagation:
4973 description: |-
4974 mountPropagation determines how mounts are propagated from the host
4975 to container and the other way around.
4976 When not set, MountPropagationNone is used.
4977 This field is beta in 1.10.
4978 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
4979 (which defaults to None).
4980 type: string
4981 name:
4982 description: This must match the Name of a Volume.
4983 type: string
4984 readOnly:
4985 description: |-
4986 Mounted read-only if true, read-write otherwise (false or unspecified).
4987 Defaults to false.
4988 type: boolean
4989 recursiveReadOnly:
4990 description: |-
4991 RecursiveReadOnly specifies whether read-only mounts should be handled
4992 recursively.
4993
4994
4995 If ReadOnly is false, this field has no meaning and must be unspecified.
4996
4997
4998 If ReadOnly is true, and this field is set to Disabled, the mount is not made
4999 recursively read-only. If this field is set to IfPossible, the mount is made
5000 recursively read-only, if it is supported by the container runtime. If this
5001 field is set to Enabled, the mount is made recursively read-only if it is
5002 supported by the container runtime, otherwise the pod will not be started and
5003 an error will be generated to indicate the reason.
5004
5005
5006 If this field is set to IfPossible or Enabled, MountPropagation must be set to
5007 None (or be unspecified, which defaults to None).
5008
5009
5010 If this field is not specified, it is treated as an equivalent of Disabled.
5011 type: string
5012 subPath:
5013 description: |-
5014 Path within the volume from which the container's volume should be mounted.
5015 Defaults to "" (volume's root).
5016 type: string
5017 subPathExpr:
5018 description: |-
5019 Expanded path within the volume from which the container's volume should be mounted.
5020 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
5021 Defaults to "" (volume's root).
5022 SubPathExpr and SubPath are mutually exclusive.
5023 type: string
5024 required:
5025 - mountPath
5026 - name
5027 type: object
5028 type: array
5029 x-kubernetes-list-map-keys:
5030 - mountPath
5031 x-kubernetes-list-type: map
5032 workingDir:
5033 description: |-
5034 Container's working directory.
5035 If not specified, the container runtime's default will be used, which
5036 might be configured in the container image.
5037 Cannot be updated.
5038 type: string
5039 required:
5040 - name
5041 type: object
5042 type: array
5043 keepDroppedTargets:
5044 description: |-
5045 Per-scrape limit on the number of targets dropped by relabeling
5046 that will be kept in memory. 0 means no limit.
5047
5048
5049 It requires Prometheus >= v2.47.0.
5050 format: int64
5051 type: integer
5052 labelLimit:
5053 description: |-
5054 Per-scrape limit on number of labels that will be accepted for a sample.
5055 Only valid in Prometheus versions 2.45.0 and newer.
5056 format: int64
5057 type: integer
5058 labelNameLengthLimit:
5059 description: |-
5060 Per-scrape limit on length of labels name that will be accepted for a sample.
5061 Only valid in Prometheus versions 2.45.0 and newer.
5062 format: int64
5063 type: integer
5064 labelValueLengthLimit:
5065 description: |-
5066 Per-scrape limit on length of labels value that will be accepted for a sample.
5067 Only valid in Prometheus versions 2.45.0 and newer.
5068 format: int64
5069 type: integer
5070 listenLocal:
5071 description: |-
5072 When true, the Prometheus server listens on the loopback address
5073 instead of the Pod IP's address.
5074 type: boolean
5075 logFormat:
5076 description: Log format for Log level for Prometheus and the config-reloader
5077 sidecar.
5078 enum:
5079 - ""
5080 - logfmt
5081 - json
5082 type: string
5083 logLevel:
5084 description: Log level for Prometheus and the config-reloader sidecar.
5085 enum:
5086 - ""
5087 - debug
5088 - info
5089 - warn
5090 - error
5091 type: string
5092 minReadySeconds:
5093 description: |-
5094 Minimum number of seconds for which a newly created Pod should be ready
5095 without any of its container crashing for it to be considered available.
5096 Defaults to 0 (pod will be considered available as soon as it is ready)
5097
5098
5099 This is an alpha field from kubernetes 1.22 until 1.24 which requires
5100 enabling the StatefulSetMinReadySeconds feature gate.
5101 format: int32
5102 type: integer
5103 nodeSelector:
5104 additionalProperties:
5105 type: string
5106 description: Defines on which Nodes the Pods are scheduled.
5107 type: object
5108 overrideHonorLabels:
5109 description: |-
5110 When true, Prometheus resolves label conflicts by renaming the labels in
5111 the scraped data to "exported_<label value>" for all targets created
5112 from service and pod monitors.
5113 Otherwise the HonorLabels field of the service or pod monitor applies.
5114 type: boolean
5115 overrideHonorTimestamps:
5116 description: |-
5117 When true, Prometheus ignores the timestamps for all the targets created
5118 from service and pod monitors.
5119 Otherwise the HonorTimestamps field of the service or pod monitor applies.
5120 type: boolean
5121 paused:
5122 description: |-
5123 When a Prometheus deployment is paused, no actions except for deletion
5124 will be performed on the underlying objects.
5125 type: boolean
5126 podMetadata:
5127 description: PodMetadata configures labels and annotations which are
5128 propagated to the Prometheus pods.
5129 properties:
5130 annotations:
5131 additionalProperties:
5132 type: string
5133 description: |-
5134 Annotations is an unstructured key value map stored with a resource that may be
5135 set by external tools to store and retrieve arbitrary metadata. They are not
5136 queryable and should be preserved when modifying objects.
5137 More info: http://kubernetes.io/docs/user-guide/annotations
5138 type: object
5139 labels:
5140 additionalProperties:
5141 type: string
5142 description: |-
5143 Map of string keys and values that can be used to organize and categorize
5144 (scope and select) objects. May match selectors of replication controllers
5145 and services.
5146 More info: http://kubernetes.io/docs/user-guide/labels
5147 type: object
5148 name:
5149 description: |-
5150 Name must be unique within a namespace. Is required when creating resources, although
5151 some resources may allow a client to request the generation of an appropriate name
5152 automatically. Name is primarily intended for creation idempotence and configuration
5153 definition.
5154 Cannot be updated.
5155 More info: http://kubernetes.io/docs/user-guide/identifiers#names
5156 type: string
5157 type: object
5158 podMonitorNamespaceSelector:
5159 description: |-
5160 Namespaces to match for PodMonitors discovery. An empty label selector
5161 matches all namespaces. A null label selector matches the current
5162 namespace only.
5163 properties:
5164 matchExpressions:
5165 description: matchExpressions is a list of label selector requirements.
5166 The requirements are ANDed.
5167 items:
5168 description: |-
5169 A label selector requirement is a selector that contains values, a key, and an operator that
5170 relates the key and values.
5171 properties:
5172 key:
5173 description: key is the label key that the selector applies
5174 to.
5175 type: string
5176 operator:
5177 description: |-
5178 operator represents a key's relationship to a set of values.
5179 Valid operators are In, NotIn, Exists and DoesNotExist.
5180 type: string
5181 values:
5182 description: |-
5183 values is an array of string values. If the operator is In or NotIn,
5184 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5185 the values array must be empty. This array is replaced during a strategic
5186 merge patch.
5187 items:
5188 type: string
5189 type: array
5190 x-kubernetes-list-type: atomic
5191 required:
5192 - key
5193 - operator
5194 type: object
5195 type: array
5196 x-kubernetes-list-type: atomic
5197 matchLabels:
5198 additionalProperties:
5199 type: string
5200 description: |-
5201 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5202 map is equivalent to an element of matchExpressions, whose key field is "key", the
5203 operator is "In", and the values array contains only "value". The requirements are ANDed.
5204 type: object
5205 type: object
5206 x-kubernetes-map-type: atomic
5207 podMonitorSelector:
5208 description: |-
5209 *Experimental* PodMonitors to be selected for target discovery. An empty
5210 label selector matches all objects. A null label selector matches no
5211 objects.
5212
5213
5214 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
5215 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
5216 The Prometheus operator will ensure that the Prometheus configuration's
5217 Secret exists, but it is the responsibility of the user to provide the raw
5218 gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
5219 This behavior is *deprecated* and will be removed in the next major version
5220 of the custom resource definition. It is recommended to use
5221 `spec.additionalScrapeConfigs` instead.
5222 properties:
5223 matchExpressions:
5224 description: matchExpressions is a list of label selector requirements.
5225 The requirements are ANDed.
5226 items:
5227 description: |-
5228 A label selector requirement is a selector that contains values, a key, and an operator that
5229 relates the key and values.
5230 properties:
5231 key:
5232 description: key is the label key that the selector applies
5233 to.
5234 type: string
5235 operator:
5236 description: |-
5237 operator represents a key's relationship to a set of values.
5238 Valid operators are In, NotIn, Exists and DoesNotExist.
5239 type: string
5240 values:
5241 description: |-
5242 values is an array of string values. If the operator is In or NotIn,
5243 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5244 the values array must be empty. This array is replaced during a strategic
5245 merge patch.
5246 items:
5247 type: string
5248 type: array
5249 x-kubernetes-list-type: atomic
5250 required:
5251 - key
5252 - operator
5253 type: object
5254 type: array
5255 x-kubernetes-list-type: atomic
5256 matchLabels:
5257 additionalProperties:
5258 type: string
5259 description: |-
5260 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5261 map is equivalent to an element of matchExpressions, whose key field is "key", the
5262 operator is "In", and the values array contains only "value". The requirements are ANDed.
5263 type: object
5264 type: object
5265 x-kubernetes-map-type: atomic
5266 podTargetLabels:
5267 description: |-
5268 PodTargetLabels are appended to the `spec.podTargetLabels` field of all
5269 PodMonitor and ServiceMonitor objects.
5270 items:
5271 type: string
5272 type: array
5273 portName:
5274 default: web
5275 description: |-
5276 Port name used for the pods and governing service.
5277 Default: "web"
5278 type: string
5279 priorityClassName:
5280 description: Priority class assigned to the Pods.
5281 type: string
5282 probeNamespaceSelector:
5283 description: |-
5284 *Experimental* Namespaces to match for Probe discovery. An empty label
5285 selector matches all namespaces. A null label selector matches the
5286 current namespace only.
5287 properties:
5288 matchExpressions:
5289 description: matchExpressions is a list of label selector requirements.
5290 The requirements are ANDed.
5291 items:
5292 description: |-
5293 A label selector requirement is a selector that contains values, a key, and an operator that
5294 relates the key and values.
5295 properties:
5296 key:
5297 description: key is the label key that the selector applies
5298 to.
5299 type: string
5300 operator:
5301 description: |-
5302 operator represents a key's relationship to a set of values.
5303 Valid operators are In, NotIn, Exists and DoesNotExist.
5304 type: string
5305 values:
5306 description: |-
5307 values is an array of string values. If the operator is In or NotIn,
5308 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5309 the values array must be empty. This array is replaced during a strategic
5310 merge patch.
5311 items:
5312 type: string
5313 type: array
5314 x-kubernetes-list-type: atomic
5315 required:
5316 - key
5317 - operator
5318 type: object
5319 type: array
5320 x-kubernetes-list-type: atomic
5321 matchLabels:
5322 additionalProperties:
5323 type: string
5324 description: |-
5325 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5326 map is equivalent to an element of matchExpressions, whose key field is "key", the
5327 operator is "In", and the values array contains only "value". The requirements are ANDed.
5328 type: object
5329 type: object
5330 x-kubernetes-map-type: atomic
5331 probeSelector:
5332 description: |-
5333 *Experimental* Probes to be selected for target discovery. An empty
5334 label selector matches all objects. A null label selector matches no
5335 objects.
5336
5337
5338 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
5339 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
5340 The Prometheus operator will ensure that the Prometheus configuration's
5341 Secret exists, but it is the responsibility of the user to provide the raw
5342 gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
5343 This behavior is *deprecated* and will be removed in the next major version
5344 of the custom resource definition. It is recommended to use
5345 `spec.additionalScrapeConfigs` instead.
5346 properties:
5347 matchExpressions:
5348 description: matchExpressions is a list of label selector requirements.
5349 The requirements are ANDed.
5350 items:
5351 description: |-
5352 A label selector requirement is a selector that contains values, a key, and an operator that
5353 relates the key and values.
5354 properties:
5355 key:
5356 description: key is the label key that the selector applies
5357 to.
5358 type: string
5359 operator:
5360 description: |-
5361 operator represents a key's relationship to a set of values.
5362 Valid operators are In, NotIn, Exists and DoesNotExist.
5363 type: string
5364 values:
5365 description: |-
5366 values is an array of string values. If the operator is In or NotIn,
5367 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5368 the values array must be empty. This array is replaced during a strategic
5369 merge patch.
5370 items:
5371 type: string
5372 type: array
5373 x-kubernetes-list-type: atomic
5374 required:
5375 - key
5376 - operator
5377 type: object
5378 type: array
5379 x-kubernetes-list-type: atomic
5380 matchLabels:
5381 additionalProperties:
5382 type: string
5383 description: |-
5384 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5385 map is equivalent to an element of matchExpressions, whose key field is "key", the
5386 operator is "In", and the values array contains only "value". The requirements are ANDed.
5387 type: object
5388 type: object
5389 x-kubernetes-map-type: atomic
5390 prometheusExternalLabelName:
5391 description: |-
5392 Name of Prometheus external label used to denote the Prometheus instance
5393 name. The external label will _not_ be added when the field is set to
5394 the empty string (`""`).
5395
5396
5397 Default: "prometheus"
5398 type: string
5399 prometheusRulesExcludedFromEnforce:
5400 description: |-
5401 Defines the list of PrometheusRule objects to which the namespace label
5402 enforcement doesn't apply.
5403 This is only relevant when `spec.enforcedNamespaceLabel` is set to true.
5404 *Deprecated: use `spec.excludedFromEnforcement` instead.*
5405 items:
5406 description: |-
5407 PrometheusRuleExcludeConfig enables users to configure excluded
5408 PrometheusRule names and their namespaces to be ignored while enforcing
5409 namespace label for alerts and metrics.
5410 properties:
5411 ruleName:
5412 description: Name of the excluded PrometheusRule object.
5413 type: string
5414 ruleNamespace:
5415 description: Namespace of the excluded PrometheusRule object.
5416 type: string
5417 required:
5418 - ruleName
5419 - ruleNamespace
5420 type: object
5421 type: array
5422 query:
5423 description: QuerySpec defines the configuration of the Promethus
5424 query service.
5425 properties:
5426 lookbackDelta:
5427 description: The delta difference allowed for retrieving metrics
5428 during expression evaluations.
5429 type: string
5430 maxConcurrency:
5431 description: Number of concurrent queries that can be run at once.
5432 format: int32
5433 minimum: 1
5434 type: integer
5435 maxSamples:
5436 description: |-
5437 Maximum number of samples a single query can load into memory. Note that
5438 queries will fail if they would load more samples than this into memory,
5439 so this also limits the number of samples a query can return.
5440 format: int32
5441 type: integer
5442 timeout:
5443 description: Maximum time a query may take before being aborted.
5444 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
5445 type: string
5446 type: object
5447 queryLogFile:
5448 description: |-
5449 queryLogFile specifies where the file to which PromQL queries are logged.
5450
5451
5452 If the filename has an empty path, e.g. 'query.log', The Prometheus Pods
5453 will mount the file into an emptyDir volume at `/var/log/prometheus`.
5454 If a full path is provided, e.g. '/var/log/prometheus/query.log', you
5455 must mount a volume in the specified directory and it must be writable.
5456 This is because the prometheus container runs with a read-only root
5457 filesystem for security reasons.
5458 Alternatively, the location can be set to a standard I/O stream, e.g.
5459 `/dev/stdout`, to log query information to the default Prometheus log
5460 stream.
5461 type: string
5462 remoteRead:
5463 description: Defines the list of remote read configurations.
5464 items:
5465 description: |-
5466 RemoteReadSpec defines the configuration for Prometheus to read back samples
5467 from a remote endpoint.
5468 properties:
5469 authorization:
5470 description: |-
5471 Authorization section for the URL.
5472
5473
5474 It requires Prometheus >= v2.26.0.
5475
5476
5477 Cannot be set at the same time as `basicAuth`, or `oauth2`.
5478 properties:
5479 credentials:
5480 description: Selects a key of a Secret in the namespace
5481 that contains the credentials for authentication.
5482 properties:
5483 key:
5484 description: The key of the secret to select from. Must
5485 be a valid secret key.
5486 type: string
5487 name:
5488 default: ""
5489 description: |-
5490 Name of the referent.
5491 This field is effectively required, but due to backwards compatibility is
5492 allowed to be empty. Instances of this type with an empty value here are
5493 almost certainly wrong.
5494 TODO: Add other useful fields. apiVersion, kind, uid?
5495 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5496 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5497 type: string
5498 optional:
5499 description: Specify whether the Secret or its key must
5500 be defined
5501 type: boolean
5502 required:
5503 - key
5504 type: object
5505 x-kubernetes-map-type: atomic
5506 credentialsFile:
5507 description: File to read a secret from, mutually exclusive
5508 with `credentials`.
5509 type: string
5510 type:
5511 description: |-
5512 Defines the authentication type. The value is case-insensitive.
5513
5514
5515 "Basic" is not a supported value.
5516
5517
5518 Default: "Bearer"
5519 type: string
5520 type: object
5521 basicAuth:
5522 description: |-
5523 BasicAuth configuration for the URL.
5524
5525
5526 Cannot be set at the same time as `authorization`, or `oauth2`.
5527 properties:
5528 password:
5529 description: |-
5530 The secret in the service monitor namespace that contains the password
5531 for authentication.
5532 properties:
5533 key:
5534 description: The key of the secret to select from. Must
5535 be a valid secret key.
5536 type: string
5537 name:
5538 default: ""
5539 description: |-
5540 Name of the referent.
5541 This field is effectively required, but due to backwards compatibility is
5542 allowed to be empty. Instances of this type with an empty value here are
5543 almost certainly wrong.
5544 TODO: Add other useful fields. apiVersion, kind, uid?
5545 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5546 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5547 type: string
5548 optional:
5549 description: Specify whether the Secret or its key must
5550 be defined
5551 type: boolean
5552 required:
5553 - key
5554 type: object
5555 x-kubernetes-map-type: atomic
5556 username:
5557 description: |-
5558 The secret in the service monitor namespace that contains the username
5559 for authentication.
5560 properties:
5561 key:
5562 description: The key of the secret to select from. Must
5563 be a valid secret key.
5564 type: string
5565 name:
5566 default: ""
5567 description: |-
5568 Name of the referent.
5569 This field is effectively required, but due to backwards compatibility is
5570 allowed to be empty. Instances of this type with an empty value here are
5571 almost certainly wrong.
5572 TODO: Add other useful fields. apiVersion, kind, uid?
5573 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5574 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5575 type: string
5576 optional:
5577 description: Specify whether the Secret or its key must
5578 be defined
5579 type: boolean
5580 required:
5581 - key
5582 type: object
5583 x-kubernetes-map-type: atomic
5584 type: object
5585 bearerToken:
5586 description: |-
5587 *Warning: this field shouldn't be used because the token value appears
5588 in clear-text. Prefer using `authorization`.*
5589
5590
5591 *Deprecated: this will be removed in a future release.*
5592 type: string
5593 bearerTokenFile:
5594 description: |-
5595 File from which to read the bearer token for the URL.
5596
5597
5598 *Deprecated: this will be removed in a future release. Prefer using `authorization`.*
5599 type: string
5600 filterExternalLabels:
5601 description: |-
5602 Whether to use the external labels as selectors for the remote read endpoint.
5603
5604
5605 It requires Prometheus >= v2.34.0.
5606 type: boolean
5607 followRedirects:
5608 description: |-
5609 Configure whether HTTP requests follow HTTP 3xx redirects.
5610
5611
5612 It requires Prometheus >= v2.26.0.
5613 type: boolean
5614 headers:
5615 additionalProperties:
5616 type: string
5617 description: |-
5618 Custom HTTP headers to be sent along with each remote read request.
5619 Be aware that headers that are set by Prometheus itself can't be overwritten.
5620 Only valid in Prometheus versions 2.26.0 and newer.
5621 type: object
5622 name:
5623 description: |-
5624 The name of the remote read queue, it must be unique if specified. The
5625 name is used in metrics and logging in order to differentiate read
5626 configurations.
5627
5628
5629 It requires Prometheus >= v2.15.0.
5630 type: string
5631 oauth2:
5632 description: |-
5633 OAuth2 configuration for the URL.
5634
5635
5636 It requires Prometheus >= v2.27.0.
5637
5638
5639 Cannot be set at the same time as `authorization`, or `basicAuth`.
5640 properties:
5641 clientId:
5642 description: The secret or configmap containing the OAuth2
5643 client id
5644 properties:
5645 configMap:
5646 description: ConfigMap containing data to use for the
5647 targets.
5648 properties:
5649 key:
5650 description: The key to select.
5651 type: string
5652 name:
5653 default: ""
5654 description: |-
5655 Name of the referent.
5656 This field is effectively required, but due to backwards compatibility is
5657 allowed to be empty. Instances of this type with an empty value here are
5658 almost certainly wrong.
5659 TODO: Add other useful fields. apiVersion, kind, uid?
5660 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5661 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5662 type: string
5663 optional:
5664 description: Specify whether the ConfigMap or its
5665 key must be defined
5666 type: boolean
5667 required:
5668 - key
5669 type: object
5670 x-kubernetes-map-type: atomic
5671 secret:
5672 description: Secret containing data to use for the targets.
5673 properties:
5674 key:
5675 description: The key of the secret to select from. Must
5676 be a valid secret key.
5677 type: string
5678 name:
5679 default: ""
5680 description: |-
5681 Name of the referent.
5682 This field is effectively required, but due to backwards compatibility is
5683 allowed to be empty. Instances of this type with an empty value here are
5684 almost certainly wrong.
5685 TODO: Add other useful fields. apiVersion, kind, uid?
5686 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5687 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5688 type: string
5689 optional:
5690 description: Specify whether the Secret or its key
5691 must be defined
5692 type: boolean
5693 required:
5694 - key
5695 type: object
5696 x-kubernetes-map-type: atomic
5697 type: object
5698 clientSecret:
5699 description: The secret containing the OAuth2 client secret
5700 properties:
5701 key:
5702 description: The key of the secret to select from. Must
5703 be a valid secret key.
5704 type: string
5705 name:
5706 default: ""
5707 description: |-
5708 Name of the referent.
5709 This field is effectively required, but due to backwards compatibility is
5710 allowed to be empty. Instances of this type with an empty value here are
5711 almost certainly wrong.
5712 TODO: Add other useful fields. apiVersion, kind, uid?
5713 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5714 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5715 type: string
5716 optional:
5717 description: Specify whether the Secret or its key must
5718 be defined
5719 type: boolean
5720 required:
5721 - key
5722 type: object
5723 x-kubernetes-map-type: atomic
5724 endpointParams:
5725 additionalProperties:
5726 type: string
5727 description: Parameters to append to the token URL
5728 type: object
5729 scopes:
5730 description: OAuth2 scopes used for the token request
5731 items:
5732 type: string
5733 type: array
5734 tokenUrl:
5735 description: The URL to fetch the token from
5736 minLength: 1
5737 type: string
5738 required:
5739 - clientId
5740 - clientSecret
5741 - tokenUrl
5742 type: object
5743 proxyUrl:
5744 description: Optional ProxyURL.
5745 type: string
5746 readRecent:
5747 description: |-
5748 Whether reads should be made for queries for time ranges that
5749 the local storage should have complete data for.
5750 type: boolean
5751 remoteTimeout:
5752 description: Timeout for requests to the remote read endpoint.
5753 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
5754 type: string
5755 requiredMatchers:
5756 additionalProperties:
5757 type: string
5758 description: |-
5759 An optional list of equality matchers which have to be present
5760 in a selector to query the remote read endpoint.
5761 type: object
5762 tlsConfig:
5763 description: TLS Config to use for the URL.
5764 properties:
5765 ca:
5766 description: Certificate authority used when verifying server
5767 certificates.
5768 properties:
5769 configMap:
5770 description: ConfigMap containing data to use for the
5771 targets.
5772 properties:
5773 key:
5774 description: The key to select.
5775 type: string
5776 name:
5777 default: ""
5778 description: |-
5779 Name of the referent.
5780 This field is effectively required, but due to backwards compatibility is
5781 allowed to be empty. Instances of this type with an empty value here are
5782 almost certainly wrong.
5783 TODO: Add other useful fields. apiVersion, kind, uid?
5784 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5785 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5786 type: string
5787 optional:
5788 description: Specify whether the ConfigMap or its
5789 key must be defined
5790 type: boolean
5791 required:
5792 - key
5793 type: object
5794 x-kubernetes-map-type: atomic
5795 secret:
5796 description: Secret containing data to use for the targets.
5797 properties:
5798 key:
5799 description: The key of the secret to select from. Must
5800 be a valid secret key.
5801 type: string
5802 name:
5803 default: ""
5804 description: |-
5805 Name of the referent.
5806 This field is effectively required, but due to backwards compatibility is
5807 allowed to be empty. Instances of this type with an empty value here are
5808 almost certainly wrong.
5809 TODO: Add other useful fields. apiVersion, kind, uid?
5810 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5811 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5812 type: string
5813 optional:
5814 description: Specify whether the Secret or its key
5815 must be defined
5816 type: boolean
5817 required:
5818 - key
5819 type: object
5820 x-kubernetes-map-type: atomic
5821 type: object
5822 caFile:
5823 description: Path to the CA cert in the Prometheus container
5824 to use for the targets.
5825 type: string
5826 cert:
5827 description: Client certificate to present when doing client-authentication.
5828 properties:
5829 configMap:
5830 description: ConfigMap containing data to use for the
5831 targets.
5832 properties:
5833 key:
5834 description: The key to select.
5835 type: string
5836 name:
5837 default: ""
5838 description: |-
5839 Name of the referent.
5840 This field is effectively required, but due to backwards compatibility is
5841 allowed to be empty. Instances of this type with an empty value here are
5842 almost certainly wrong.
5843 TODO: Add other useful fields. apiVersion, kind, uid?
5844 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5845 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5846 type: string
5847 optional:
5848 description: Specify whether the ConfigMap or its
5849 key must be defined
5850 type: boolean
5851 required:
5852 - key
5853 type: object
5854 x-kubernetes-map-type: atomic
5855 secret:
5856 description: Secret containing data to use for the targets.
5857 properties:
5858 key:
5859 description: The key of the secret to select from. Must
5860 be a valid secret key.
5861 type: string
5862 name:
5863 default: ""
5864 description: |-
5865 Name of the referent.
5866 This field is effectively required, but due to backwards compatibility is
5867 allowed to be empty. Instances of this type with an empty value here are
5868 almost certainly wrong.
5869 TODO: Add other useful fields. apiVersion, kind, uid?
5870 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5871 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5872 type: string
5873 optional:
5874 description: Specify whether the Secret or its key
5875 must be defined
5876 type: boolean
5877 required:
5878 - key
5879 type: object
5880 x-kubernetes-map-type: atomic
5881 type: object
5882 certFile:
5883 description: Path to the client cert file in the Prometheus
5884 container for the targets.
5885 type: string
5886 insecureSkipVerify:
5887 description: Disable target certificate validation.
5888 type: boolean
5889 keyFile:
5890 description: Path to the client key file in the Prometheus
5891 container for the targets.
5892 type: string
5893 keySecret:
5894 description: Secret containing the client key file for the
5895 targets.
5896 properties:
5897 key:
5898 description: The key of the secret to select from. Must
5899 be a valid secret key.
5900 type: string
5901 name:
5902 default: ""
5903 description: |-
5904 Name of the referent.
5905 This field is effectively required, but due to backwards compatibility is
5906 allowed to be empty. Instances of this type with an empty value here are
5907 almost certainly wrong.
5908 TODO: Add other useful fields. apiVersion, kind, uid?
5909 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5910 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5911 type: string
5912 optional:
5913 description: Specify whether the Secret or its key must
5914 be defined
5915 type: boolean
5916 required:
5917 - key
5918 type: object
5919 x-kubernetes-map-type: atomic
5920 serverName:
5921 description: Used to verify the hostname for the targets.
5922 type: string
5923 type: object
5924 url:
5925 description: The URL of the endpoint to query from.
5926 type: string
5927 required:
5928 - url
5929 type: object
5930 type: array
5931 remoteWrite:
5932 description: Defines the list of remote write configurations.
5933 items:
5934 description: |-
5935 RemoteWriteSpec defines the configuration to write samples from Prometheus
5936 to a remote endpoint.
5937 properties:
5938 authorization:
5939 description: |-
5940 Authorization section for the URL.
5941
5942
5943 It requires Prometheus >= v2.26.0.
5944
5945
5946 Cannot be set at the same time as `sigv4`, `basicAuth`, or `oauth2`.
5947 properties:
5948 credentials:
5949 description: Selects a key of a Secret in the namespace
5950 that contains the credentials for authentication.
5951 properties:
5952 key:
5953 description: The key of the secret to select from. Must
5954 be a valid secret key.
5955 type: string
5956 name:
5957 default: ""
5958 description: |-
5959 Name of the referent.
5960 This field is effectively required, but due to backwards compatibility is
5961 allowed to be empty. Instances of this type with an empty value here are
5962 almost certainly wrong.
5963 TODO: Add other useful fields. apiVersion, kind, uid?
5964 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5965 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
5966 type: string
5967 optional:
5968 description: Specify whether the Secret or its key must
5969 be defined
5970 type: boolean
5971 required:
5972 - key
5973 type: object
5974 x-kubernetes-map-type: atomic
5975 credentialsFile:
5976 description: File to read a secret from, mutually exclusive
5977 with `credentials`.
5978 type: string
5979 type:
5980 description: |-
5981 Defines the authentication type. The value is case-insensitive.
5982
5983
5984 "Basic" is not a supported value.
5985
5986
5987 Default: "Bearer"
5988 type: string
5989 type: object
5990 basicAuth:
5991 description: |-
5992 BasicAuth configuration for the URL.
5993
5994
5995 Cannot be set at the same time as `sigv4`, `authorization`, or `oauth2`.
5996 properties:
5997 password:
5998 description: |-
5999 The secret in the service monitor namespace that contains the password
6000 for authentication.
6001 properties:
6002 key:
6003 description: The key of the secret to select from. Must
6004 be a valid secret key.
6005 type: string
6006 name:
6007 default: ""
6008 description: |-
6009 Name of the referent.
6010 This field is effectively required, but due to backwards compatibility is
6011 allowed to be empty. Instances of this type with an empty value here are
6012 almost certainly wrong.
6013 TODO: Add other useful fields. apiVersion, kind, uid?
6014 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6015 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6016 type: string
6017 optional:
6018 description: Specify whether the Secret or its key must
6019 be defined
6020 type: boolean
6021 required:
6022 - key
6023 type: object
6024 x-kubernetes-map-type: atomic
6025 username:
6026 description: |-
6027 The secret in the service monitor namespace that contains the username
6028 for authentication.
6029 properties:
6030 key:
6031 description: The key of the secret to select from. Must
6032 be a valid secret key.
6033 type: string
6034 name:
6035 default: ""
6036 description: |-
6037 Name of the referent.
6038 This field is effectively required, but due to backwards compatibility is
6039 allowed to be empty. Instances of this type with an empty value here are
6040 almost certainly wrong.
6041 TODO: Add other useful fields. apiVersion, kind, uid?
6042 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6043 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6044 type: string
6045 optional:
6046 description: Specify whether the Secret or its key must
6047 be defined
6048 type: boolean
6049 required:
6050 - key
6051 type: object
6052 x-kubernetes-map-type: atomic
6053 type: object
6054 bearerToken:
6055 description: |-
6056 *Warning: this field shouldn't be used because the token value appears
6057 in clear-text. Prefer using `authorization`.*
6058
6059
6060 *Deprecated: this will be removed in a future release.*
6061 type: string
6062 bearerTokenFile:
6063 description: |-
6064 File from which to read bearer token for the URL.
6065
6066
6067 *Deprecated: this will be removed in a future release. Prefer using `authorization`.*
6068 type: string
6069 headers:
6070 additionalProperties:
6071 type: string
6072 description: |-
6073 Custom HTTP headers to be sent along with each remote write request.
6074 Be aware that headers that are set by Prometheus itself can't be overwritten.
6075
6076
6077 It requires Prometheus >= v2.25.0.
6078 type: object
6079 metadataConfig:
6080 description: MetadataConfig configures the sending of series
6081 metadata to the remote storage.
6082 properties:
6083 send:
6084 description: Defines whether metric metadata is sent to
6085 the remote storage or not.
6086 type: boolean
6087 sendInterval:
6088 description: Defines how frequently metric metadata is sent
6089 to the remote storage.
6090 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
6091 type: string
6092 type: object
6093 name:
6094 description: |-
6095 The name of the remote write queue, it must be unique if specified. The
6096 name is used in metrics and logging in order to differentiate queues.
6097
6098
6099 It requires Prometheus >= v2.15.0.
6100 type: string
6101 oauth2:
6102 description: |-
6103 OAuth2 configuration for the URL.
6104
6105
6106 It requires Prometheus >= v2.27.0.
6107
6108
6109 Cannot be set at the same time as `sigv4`, `authorization`, or `basicAuth`.
6110 properties:
6111 clientId:
6112 description: The secret or configmap containing the OAuth2
6113 client id
6114 properties:
6115 configMap:
6116 description: ConfigMap containing data to use for the
6117 targets.
6118 properties:
6119 key:
6120 description: The key to select.
6121 type: string
6122 name:
6123 default: ""
6124 description: |-
6125 Name of the referent.
6126 This field is effectively required, but due to backwards compatibility is
6127 allowed to be empty. Instances of this type with an empty value here are
6128 almost certainly wrong.
6129 TODO: Add other useful fields. apiVersion, kind, uid?
6130 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6131 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6132 type: string
6133 optional:
6134 description: Specify whether the ConfigMap or its
6135 key must be defined
6136 type: boolean
6137 required:
6138 - key
6139 type: object
6140 x-kubernetes-map-type: atomic
6141 secret:
6142 description: Secret containing data to use for the targets.
6143 properties:
6144 key:
6145 description: The key of the secret to select from. Must
6146 be a valid secret key.
6147 type: string
6148 name:
6149 default: ""
6150 description: |-
6151 Name of the referent.
6152 This field is effectively required, but due to backwards compatibility is
6153 allowed to be empty. Instances of this type with an empty value here are
6154 almost certainly wrong.
6155 TODO: Add other useful fields. apiVersion, kind, uid?
6156 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6157 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6158 type: string
6159 optional:
6160 description: Specify whether the Secret or its key
6161 must be defined
6162 type: boolean
6163 required:
6164 - key
6165 type: object
6166 x-kubernetes-map-type: atomic
6167 type: object
6168 clientSecret:
6169 description: The secret containing the OAuth2 client secret
6170 properties:
6171 key:
6172 description: The key of the secret to select from. Must
6173 be a valid secret key.
6174 type: string
6175 name:
6176 default: ""
6177 description: |-
6178 Name of the referent.
6179 This field is effectively required, but due to backwards compatibility is
6180 allowed to be empty. Instances of this type with an empty value here are
6181 almost certainly wrong.
6182 TODO: Add other useful fields. apiVersion, kind, uid?
6183 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6184 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6185 type: string
6186 optional:
6187 description: Specify whether the Secret or its key must
6188 be defined
6189 type: boolean
6190 required:
6191 - key
6192 type: object
6193 x-kubernetes-map-type: atomic
6194 endpointParams:
6195 additionalProperties:
6196 type: string
6197 description: Parameters to append to the token URL
6198 type: object
6199 scopes:
6200 description: OAuth2 scopes used for the token request
6201 items:
6202 type: string
6203 type: array
6204 tokenUrl:
6205 description: The URL to fetch the token from
6206 minLength: 1
6207 type: string
6208 required:
6209 - clientId
6210 - clientSecret
6211 - tokenUrl
6212 type: object
6213 proxyUrl:
6214 description: Optional ProxyURL.
6215 type: string
6216 queueConfig:
6217 description: QueueConfig allows tuning of the remote write queue
6218 parameters.
6219 properties:
6220 batchSendDeadline:
6221 description: BatchSendDeadline is the maximum time a sample
6222 will wait in buffer.
6223 type: string
6224 capacity:
6225 description: |-
6226 Capacity is the number of samples to buffer per shard before we start
6227 dropping them.
6228 type: integer
6229 maxBackoff:
6230 description: MaxBackoff is the maximum retry delay.
6231 type: string
6232 maxRetries:
6233 description: MaxRetries is the maximum number of times to
6234 retry a batch on recoverable errors.
6235 type: integer
6236 maxSamplesPerSend:
6237 description: MaxSamplesPerSend is the maximum number of
6238 samples per send.
6239 type: integer
6240 maxShards:
6241 description: MaxShards is the maximum number of shards,
6242 i.e. amount of concurrency.
6243 type: integer
6244 minBackoff:
6245 description: MinBackoff is the initial retry delay. Gets
6246 doubled for every retry.
6247 type: string
6248 minShards:
6249 description: MinShards is the minimum number of shards,
6250 i.e. amount of concurrency.
6251 type: integer
6252 retryOnRateLimit:
6253 description: |-
6254 Retry upon receiving a 429 status code from the remote-write storage.
6255 This is experimental feature and might change in the future.
6256 type: boolean
6257 type: object
6258 remoteTimeout:
6259 description: Timeout for requests to the remote write endpoint.
6260 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
6261 type: string
6262 sendExemplars:
6263 description: |-
6264 Enables sending of exemplars over remote write. Note that
6265 exemplar-storage itself must be enabled using the `spec.enableFeature`
6266 option for exemplars to be scraped in the first place.
6267
6268
6269 It requires Prometheus >= v2.27.0.
6270 type: boolean
6271 sendNativeHistograms:
6272 description: |-
6273 Enables sending of native histograms, also known as sparse histograms
6274 over remote write.
6275
6276
6277 It requires Prometheus >= v2.40.0.
6278 type: boolean
6279 sigv4:
6280 description: |-
6281 Sigv4 allows to configures AWS's Signature Verification 4 for the URL.
6282
6283
6284 It requires Prometheus >= v2.26.0.
6285
6286
6287 Cannot be set at the same time as `authorization`, `basicAuth`, or `oauth2`.
6288 properties:
6289 accessKey:
6290 description: |-
6291 AccessKey is the AWS API key. If not specified, the environment variable
6292 `AWS_ACCESS_KEY_ID` is used.
6293 properties:
6294 key:
6295 description: The key of the secret to select from. Must
6296 be a valid secret key.
6297 type: string
6298 name:
6299 default: ""
6300 description: |-
6301 Name of the referent.
6302 This field is effectively required, but due to backwards compatibility is
6303 allowed to be empty. Instances of this type with an empty value here are
6304 almost certainly wrong.
6305 TODO: Add other useful fields. apiVersion, kind, uid?
6306 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6307 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6308 type: string
6309 optional:
6310 description: Specify whether the Secret or its key must
6311 be defined
6312 type: boolean
6313 required:
6314 - key
6315 type: object
6316 x-kubernetes-map-type: atomic
6317 profile:
6318 description: Profile is the named AWS profile used to authenticate.
6319 type: string
6320 region:
6321 description: Region is the AWS region. If blank, the region
6322 from the default credentials chain used.
6323 type: string
6324 roleArn:
6325 description: RoleArn is the named AWS profile used to authenticate.
6326 type: string
6327 secretKey:
6328 description: |-
6329 SecretKey is the AWS API secret. If not specified, the environment
6330 variable `AWS_SECRET_ACCESS_KEY` is used.
6331 properties:
6332 key:
6333 description: The key of the secret to select from. Must
6334 be a valid secret key.
6335 type: string
6336 name:
6337 default: ""
6338 description: |-
6339 Name of the referent.
6340 This field is effectively required, but due to backwards compatibility is
6341 allowed to be empty. Instances of this type with an empty value here are
6342 almost certainly wrong.
6343 TODO: Add other useful fields. apiVersion, kind, uid?
6344 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6345 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6346 type: string
6347 optional:
6348 description: Specify whether the Secret or its key must
6349 be defined
6350 type: boolean
6351 required:
6352 - key
6353 type: object
6354 x-kubernetes-map-type: atomic
6355 type: object
6356 tlsConfig:
6357 description: TLS Config to use for the URL.
6358 properties:
6359 ca:
6360 description: Certificate authority used when verifying server
6361 certificates.
6362 properties:
6363 configMap:
6364 description: ConfigMap containing data to use for the
6365 targets.
6366 properties:
6367 key:
6368 description: The key to select.
6369 type: string
6370 name:
6371 default: ""
6372 description: |-
6373 Name of the referent.
6374 This field is effectively required, but due to backwards compatibility is
6375 allowed to be empty. Instances of this type with an empty value here are
6376 almost certainly wrong.
6377 TODO: Add other useful fields. apiVersion, kind, uid?
6378 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6379 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6380 type: string
6381 optional:
6382 description: Specify whether the ConfigMap or its
6383 key must be defined
6384 type: boolean
6385 required:
6386 - key
6387 type: object
6388 x-kubernetes-map-type: atomic
6389 secret:
6390 description: Secret containing data to use for the targets.
6391 properties:
6392 key:
6393 description: The key of the secret to select from. Must
6394 be a valid secret key.
6395 type: string
6396 name:
6397 default: ""
6398 description: |-
6399 Name of the referent.
6400 This field is effectively required, but due to backwards compatibility is
6401 allowed to be empty. Instances of this type with an empty value here are
6402 almost certainly wrong.
6403 TODO: Add other useful fields. apiVersion, kind, uid?
6404 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6405 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6406 type: string
6407 optional:
6408 description: Specify whether the Secret or its key
6409 must be defined
6410 type: boolean
6411 required:
6412 - key
6413 type: object
6414 x-kubernetes-map-type: atomic
6415 type: object
6416 caFile:
6417 description: Path to the CA cert in the Prometheus container
6418 to use for the targets.
6419 type: string
6420 cert:
6421 description: Client certificate to present when doing client-authentication.
6422 properties:
6423 configMap:
6424 description: ConfigMap containing data to use for the
6425 targets.
6426 properties:
6427 key:
6428 description: The key to select.
6429 type: string
6430 name:
6431 default: ""
6432 description: |-
6433 Name of the referent.
6434 This field is effectively required, but due to backwards compatibility is
6435 allowed to be empty. Instances of this type with an empty value here are
6436 almost certainly wrong.
6437 TODO: Add other useful fields. apiVersion, kind, uid?
6438 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6439 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6440 type: string
6441 optional:
6442 description: Specify whether the ConfigMap or its
6443 key must be defined
6444 type: boolean
6445 required:
6446 - key
6447 type: object
6448 x-kubernetes-map-type: atomic
6449 secret:
6450 description: Secret containing data to use for the targets.
6451 properties:
6452 key:
6453 description: The key of the secret to select from. Must
6454 be a valid secret key.
6455 type: string
6456 name:
6457 default: ""
6458 description: |-
6459 Name of the referent.
6460 This field is effectively required, but due to backwards compatibility is
6461 allowed to be empty. Instances of this type with an empty value here are
6462 almost certainly wrong.
6463 TODO: Add other useful fields. apiVersion, kind, uid?
6464 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6465 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6466 type: string
6467 optional:
6468 description: Specify whether the Secret or its key
6469 must be defined
6470 type: boolean
6471 required:
6472 - key
6473 type: object
6474 x-kubernetes-map-type: atomic
6475 type: object
6476 certFile:
6477 description: Path to the client cert file in the Prometheus
6478 container for the targets.
6479 type: string
6480 insecureSkipVerify:
6481 description: Disable target certificate validation.
6482 type: boolean
6483 keyFile:
6484 description: Path to the client key file in the Prometheus
6485 container for the targets.
6486 type: string
6487 keySecret:
6488 description: Secret containing the client key file for the
6489 targets.
6490 properties:
6491 key:
6492 description: The key of the secret to select from. Must
6493 be a valid secret key.
6494 type: string
6495 name:
6496 default: ""
6497 description: |-
6498 Name of the referent.
6499 This field is effectively required, but due to backwards compatibility is
6500 allowed to be empty. Instances of this type with an empty value here are
6501 almost certainly wrong.
6502 TODO: Add other useful fields. apiVersion, kind, uid?
6503 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6504 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6505 type: string
6506 optional:
6507 description: Specify whether the Secret or its key must
6508 be defined
6509 type: boolean
6510 required:
6511 - key
6512 type: object
6513 x-kubernetes-map-type: atomic
6514 serverName:
6515 description: Used to verify the hostname for the targets.
6516 type: string
6517 type: object
6518 url:
6519 description: The URL of the endpoint to send samples to.
6520 type: string
6521 writeRelabelConfigs:
6522 description: The list of remote write relabel configurations.
6523 items:
6524 description: |-
6525 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
6526 scraped samples and remote write samples.
6527
6528
6529 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
6530 properties:
6531 action:
6532 default: replace
6533 description: |-
6534 Action to perform based on the regex matching.
6535
6536
6537 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
6538 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
6539
6540
6541 Default: "Replace"
6542 enum:
6543 - replace
6544 - Replace
6545 - keep
6546 - Keep
6547 - drop
6548 - Drop
6549 - hashmod
6550 - HashMod
6551 - labelmap
6552 - LabelMap
6553 - labeldrop
6554 - LabelDrop
6555 - labelkeep
6556 - LabelKeep
6557 - lowercase
6558 - Lowercase
6559 - uppercase
6560 - Uppercase
6561 - keepequal
6562 - KeepEqual
6563 - dropequal
6564 - DropEqual
6565 type: string
6566 modulus:
6567 description: |-
6568 Modulus to take of the hash of the source label values.
6569
6570
6571 Only applicable when the action is `HashMod`.
6572 format: int64
6573 type: integer
6574 regex:
6575 description: Regular expression against which the extracted
6576 value is matched.
6577 type: string
6578 replacement:
6579 description: |-
6580 Replacement value against which a Replace action is performed if the
6581 regular expression matches.
6582
6583
6584 Regex capture groups are available.
6585 type: string
6586 separator:
6587 description: Separator is the string between concatenated
6588 SourceLabels.
6589 type: string
6590 sourceLabels:
6591 description: |-
6592 The source labels select values from existing labels. Their content is
6593 concatenated using the configured Separator and matched against the
6594 configured regular expression.
6595 items:
6596 description: LabelName is a valid Prometheus label name
6597 which may only contain ASCII letters, numbers, as
6598 well as underscores.
6599 pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
6600 type: string
6601 type: array
6602 targetLabel:
6603 description: |-
6604 Label to which the resulting string is written in a replacement.
6605
6606
6607 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
6608 `KeepEqual` and `DropEqual` actions.
6609
6610
6611 Regex capture groups are available.
6612 type: string
6613 type: object
6614 type: array
6615 required:
6616 - url
6617 type: object
6618 type: array
6619 replicaExternalLabelName:
6620 description: |-
6621 Name of Prometheus external label used to denote the replica name.
6622 The external label will _not_ be added when the field is set to the
6623 empty string (`""`).
6624
6625
6626 Default: "prometheus_replica"
6627 type: string
6628 replicas:
6629 description: |-
6630 Number of replicas of each shard to deploy for a Prometheus deployment.
6631 `spec.replicas` multiplied by `spec.shards` is the total number of Pods
6632 created.
6633
6634
6635 Default: 1
6636 format: int32
6637 type: integer
6638 resources:
6639 description: Defines the resources requests and limits of the 'prometheus'
6640 container.
6641 properties:
6642 claims:
6643 description: |-
6644 Claims lists the names of resources, defined in spec.resourceClaims,
6645 that are used by this container.
6646
6647
6648 This is an alpha field and requires enabling the
6649 DynamicResourceAllocation feature gate.
6650
6651
6652 This field is immutable. It can only be set for containers.
6653 items:
6654 description: ResourceClaim references one entry in PodSpec.ResourceClaims.
6655 properties:
6656 name:
6657 description: |-
6658 Name must match the name of one entry in pod.spec.resourceClaims of
6659 the Pod where this field is used. It makes that resource available
6660 inside a container.
6661 type: string
6662 required:
6663 - name
6664 type: object
6665 type: array
6666 x-kubernetes-list-map-keys:
6667 - name
6668 x-kubernetes-list-type: map
6669 limits:
6670 additionalProperties:
6671 anyOf:
6672 - type: integer
6673 - type: string
6674 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6675 x-kubernetes-int-or-string: true
6676 description: |-
6677 Limits describes the maximum amount of compute resources allowed.
6678 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
6679 type: object
6680 requests:
6681 additionalProperties:
6682 anyOf:
6683 - type: integer
6684 - type: string
6685 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6686 x-kubernetes-int-or-string: true
6687 description: |-
6688 Requests describes the minimum amount of compute resources required.
6689 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
6690 otherwise to an implementation-defined value. Requests cannot exceed Limits.
6691 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
6692 type: object
6693 type: object
6694 retention:
6695 description: |-
6696 How long to retain the Prometheus data.
6697
6698
6699 Default: "24h" if `spec.retention` and `spec.retentionSize` are empty.
6700 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
6701 type: string
6702 retentionSize:
6703 description: Maximum number of bytes used by the Prometheus data.
6704 pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$
6705 type: string
6706 routePrefix:
6707 description: |-
6708 The route prefix Prometheus registers HTTP handlers for.
6709
6710
6711 This is useful when using `spec.externalURL`, and a proxy is rewriting
6712 HTTP routes of a request, and the actual ExternalURL is still true, but
6713 the server serves requests under a different route prefix. For example
6714 for use with `kubectl proxy`.
6715 type: string
6716 ruleNamespaceSelector:
6717 description: |-
6718 Namespaces to match for PrometheusRule discovery. An empty label selector
6719 matches all namespaces. A null label selector matches the current
6720 namespace only.
6721 properties:
6722 matchExpressions:
6723 description: matchExpressions is a list of label selector requirements.
6724 The requirements are ANDed.
6725 items:
6726 description: |-
6727 A label selector requirement is a selector that contains values, a key, and an operator that
6728 relates the key and values.
6729 properties:
6730 key:
6731 description: key is the label key that the selector applies
6732 to.
6733 type: string
6734 operator:
6735 description: |-
6736 operator represents a key's relationship to a set of values.
6737 Valid operators are In, NotIn, Exists and DoesNotExist.
6738 type: string
6739 values:
6740 description: |-
6741 values is an array of string values. If the operator is In or NotIn,
6742 the values array must be non-empty. If the operator is Exists or DoesNotExist,
6743 the values array must be empty. This array is replaced during a strategic
6744 merge patch.
6745 items:
6746 type: string
6747 type: array
6748 x-kubernetes-list-type: atomic
6749 required:
6750 - key
6751 - operator
6752 type: object
6753 type: array
6754 x-kubernetes-list-type: atomic
6755 matchLabels:
6756 additionalProperties:
6757 type: string
6758 description: |-
6759 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
6760 map is equivalent to an element of matchExpressions, whose key field is "key", the
6761 operator is "In", and the values array contains only "value". The requirements are ANDed.
6762 type: object
6763 type: object
6764 x-kubernetes-map-type: atomic
6765 ruleSelector:
6766 description: |-
6767 PrometheusRule objects to be selected for rule evaluation. An empty
6768 label selector matches all objects. A null label selector matches no
6769 objects.
6770 properties:
6771 matchExpressions:
6772 description: matchExpressions is a list of label selector requirements.
6773 The requirements are ANDed.
6774 items:
6775 description: |-
6776 A label selector requirement is a selector that contains values, a key, and an operator that
6777 relates the key and values.
6778 properties:
6779 key:
6780 description: key is the label key that the selector applies
6781 to.
6782 type: string
6783 operator:
6784 description: |-
6785 operator represents a key's relationship to a set of values.
6786 Valid operators are In, NotIn, Exists and DoesNotExist.
6787 type: string
6788 values:
6789 description: |-
6790 values is an array of string values. If the operator is In or NotIn,
6791 the values array must be non-empty. If the operator is Exists or DoesNotExist,
6792 the values array must be empty. This array is replaced during a strategic
6793 merge patch.
6794 items:
6795 type: string
6796 type: array
6797 x-kubernetes-list-type: atomic
6798 required:
6799 - key
6800 - operator
6801 type: object
6802 type: array
6803 x-kubernetes-list-type: atomic
6804 matchLabels:
6805 additionalProperties:
6806 type: string
6807 description: |-
6808 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
6809 map is equivalent to an element of matchExpressions, whose key field is "key", the
6810 operator is "In", and the values array contains only "value". The requirements are ANDed.
6811 type: object
6812 type: object
6813 x-kubernetes-map-type: atomic
6814 rules:
6815 description: Defines the configuration of the Prometheus rules' engine.
6816 properties:
6817 alert:
6818 description: |-
6819 Defines the parameters of the Prometheus rules' engine.
6820
6821
6822 Any update to these parameters trigger a restart of the pods.
6823 properties:
6824 forGracePeriod:
6825 description: |-
6826 Minimum duration between alert and restored 'for' state.
6827
6828
6829 This is maintained only for alerts with a configured 'for' time greater
6830 than the grace period.
6831 type: string
6832 forOutageTolerance:
6833 description: |-
6834 Max time to tolerate prometheus outage for restoring 'for' state of
6835 alert.
6836 type: string
6837 resendDelay:
6838 description: |-
6839 Minimum amount of time to wait before resending an alert to
6840 Alertmanager.
6841 type: string
6842 type: object
6843 type: object
6844 sampleLimit:
6845 description: |-
6846 SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
6847 Only valid in Prometheus versions 2.45.0 and newer.
6848 format: int64
6849 type: integer
6850 scrapeConfigNamespaceSelector:
6851 description: |-
6852 Namespaces to match for ScrapeConfig discovery. An empty label selector
6853 matches all namespaces. A null label selector matches the current
6854 current namespace only.
6855 properties:
6856 matchExpressions:
6857 description: matchExpressions is a list of label selector requirements.
6858 The requirements are ANDed.
6859 items:
6860 description: |-
6861 A label selector requirement is a selector that contains values, a key, and an operator that
6862 relates the key and values.
6863 properties:
6864 key:
6865 description: key is the label key that the selector applies
6866 to.
6867 type: string
6868 operator:
6869 description: |-
6870 operator represents a key's relationship to a set of values.
6871 Valid operators are In, NotIn, Exists and DoesNotExist.
6872 type: string
6873 values:
6874 description: |-
6875 values is an array of string values. If the operator is In or NotIn,
6876 the values array must be non-empty. If the operator is Exists or DoesNotExist,
6877 the values array must be empty. This array is replaced during a strategic
6878 merge patch.
6879 items:
6880 type: string
6881 type: array
6882 x-kubernetes-list-type: atomic
6883 required:
6884 - key
6885 - operator
6886 type: object
6887 type: array
6888 x-kubernetes-list-type: atomic
6889 matchLabels:
6890 additionalProperties:
6891 type: string
6892 description: |-
6893 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
6894 map is equivalent to an element of matchExpressions, whose key field is "key", the
6895 operator is "In", and the values array contains only "value". The requirements are ANDed.
6896 type: object
6897 type: object
6898 x-kubernetes-map-type: atomic
6899 scrapeConfigSelector:
6900 description: |-
6901 *Experimental* ScrapeConfigs to be selected for target discovery. An
6902 empty label selector matches all objects. A null label selector matches
6903 no objects.
6904
6905
6906 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
6907 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
6908 The Prometheus operator will ensure that the Prometheus configuration's
6909 Secret exists, but it is the responsibility of the user to provide the raw
6910 gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
6911 This behavior is *deprecated* and will be removed in the next major version
6912 of the custom resource definition. It is recommended to use
6913 `spec.additionalScrapeConfigs` instead.
6914 properties:
6915 matchExpressions:
6916 description: matchExpressions is a list of label selector requirements.
6917 The requirements are ANDed.
6918 items:
6919 description: |-
6920 A label selector requirement is a selector that contains values, a key, and an operator that
6921 relates the key and values.
6922 properties:
6923 key:
6924 description: key is the label key that the selector applies
6925 to.
6926 type: string
6927 operator:
6928 description: |-
6929 operator represents a key's relationship to a set of values.
6930 Valid operators are In, NotIn, Exists and DoesNotExist.
6931 type: string
6932 values:
6933 description: |-
6934 values is an array of string values. If the operator is In or NotIn,
6935 the values array must be non-empty. If the operator is Exists or DoesNotExist,
6936 the values array must be empty. This array is replaced during a strategic
6937 merge patch.
6938 items:
6939 type: string
6940 type: array
6941 x-kubernetes-list-type: atomic
6942 required:
6943 - key
6944 - operator
6945 type: object
6946 type: array
6947 x-kubernetes-list-type: atomic
6948 matchLabels:
6949 additionalProperties:
6950 type: string
6951 description: |-
6952 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
6953 map is equivalent to an element of matchExpressions, whose key field is "key", the
6954 operator is "In", and the values array contains only "value". The requirements are ANDed.
6955 type: object
6956 type: object
6957 x-kubernetes-map-type: atomic
6958 scrapeInterval:
6959 default: 30s
6960 description: |-
6961 Interval between consecutive scrapes.
6962
6963
6964 Default: "30s"
6965 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
6966 type: string
6967 scrapeTimeout:
6968 description: Number of seconds to wait until a scrape request times
6969 out.
6970 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
6971 type: string
6972 secrets:
6973 description: |-
6974 Secrets is a list of Secrets in the same namespace as the Prometheus
6975 object, which shall be mounted into the Prometheus Pods.
6976 Each Secret is added to the StatefulSet definition as a volume named `secret-<secret-name>`.
6977 The Secrets are mounted into /etc/prometheus/secrets/<secret-name> in the 'prometheus' container.
6978 items:
6979 type: string
6980 type: array
6981 securityContext:
6982 description: |-
6983 SecurityContext holds pod-level security attributes and common container settings.
6984 This defaults to the default PodSecurityContext.
6985 properties:
6986 appArmorProfile:
6987 description: |-
6988 appArmorProfile is the AppArmor options to use by the containers in this pod.
6989 Note that this field cannot be set when spec.os.name is windows.
6990 properties:
6991 localhostProfile:
6992 description: |-
6993 localhostProfile indicates a profile loaded on the node that should be used.
6994 The profile must be preconfigured on the node to work.
6995 Must match the loaded name of the profile.
6996 Must be set if and only if type is "Localhost".
6997 type: string
6998 type:
6999 description: |-
7000 type indicates which kind of AppArmor profile will be applied.
7001 Valid options are:
7002 Localhost - a profile pre-loaded on the node.
7003 RuntimeDefault - the container runtime's default profile.
7004 Unconfined - no AppArmor enforcement.
7005 type: string
7006 required:
7007 - type
7008 type: object
7009 fsGroup:
7010 description: |-
7011 A special supplemental group that applies to all containers in a pod.
7012 Some volume types allow the Kubelet to change the ownership of that volume
7013 to be owned by the pod:
7014
7015
7016 1. The owning GID will be the FSGroup
7017 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
7018 3. The permission bits are OR'd with rw-rw----
7019
7020
7021 If unset, the Kubelet will not modify the ownership and permissions of any volume.
7022 Note that this field cannot be set when spec.os.name is windows.
7023 format: int64
7024 type: integer
7025 fsGroupChangePolicy:
7026 description: |-
7027 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
7028 before being exposed inside Pod. This field will only apply to
7029 volume types which support fsGroup based ownership(and permissions).
7030 It will have no effect on ephemeral volume types such as: secret, configmaps
7031 and emptydir.
7032 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
7033 Note that this field cannot be set when spec.os.name is windows.
7034 type: string
7035 runAsGroup:
7036 description: |-
7037 The GID to run the entrypoint of the container process.
7038 Uses runtime default if unset.
7039 May also be set in SecurityContext. If set in both SecurityContext and
7040 PodSecurityContext, the value specified in SecurityContext takes precedence
7041 for that container.
7042 Note that this field cannot be set when spec.os.name is windows.
7043 format: int64
7044 type: integer
7045 runAsNonRoot:
7046 description: |-
7047 Indicates that the container must run as a non-root user.
7048 If true, the Kubelet will validate the image at runtime to ensure that it
7049 does not run as UID 0 (root) and fail to start the container if it does.
7050 If unset or false, no such validation will be performed.
7051 May also be set in SecurityContext. If set in both SecurityContext and
7052 PodSecurityContext, the value specified in SecurityContext takes precedence.
7053 type: boolean
7054 runAsUser:
7055 description: |-
7056 The UID to run the entrypoint of the container process.
7057 Defaults to user specified in image metadata if unspecified.
7058 May also be set in SecurityContext. If set in both SecurityContext and
7059 PodSecurityContext, the value specified in SecurityContext takes precedence
7060 for that container.
7061 Note that this field cannot be set when spec.os.name is windows.
7062 format: int64
7063 type: integer
7064 seLinuxOptions:
7065 description: |-
7066 The SELinux context to be applied to all containers.
7067 If unspecified, the container runtime will allocate a random SELinux context for each
7068 container. May also be set in SecurityContext. If set in
7069 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
7070 takes precedence for that container.
7071 Note that this field cannot be set when spec.os.name is windows.
7072 properties:
7073 level:
7074 description: Level is SELinux level label that applies to
7075 the container.
7076 type: string
7077 role:
7078 description: Role is a SELinux role label that applies to
7079 the container.
7080 type: string
7081 type:
7082 description: Type is a SELinux type label that applies to
7083 the container.
7084 type: string
7085 user:
7086 description: User is a SELinux user label that applies to
7087 the container.
7088 type: string
7089 type: object
7090 seccompProfile:
7091 description: |-
7092 The seccomp options to use by the containers in this pod.
7093 Note that this field cannot be set when spec.os.name is windows.
7094 properties:
7095 localhostProfile:
7096 description: |-
7097 localhostProfile indicates a profile defined in a file on the node should be used.
7098 The profile must be preconfigured on the node to work.
7099 Must be a descending path, relative to the kubelet's configured seccomp profile location.
7100 Must be set if type is "Localhost". Must NOT be set for any other type.
7101 type: string
7102 type:
7103 description: |-
7104 type indicates which kind of seccomp profile will be applied.
7105 Valid options are:
7106
7107
7108 Localhost - a profile defined in a file on the node should be used.
7109 RuntimeDefault - the container runtime default profile should be used.
7110 Unconfined - no profile should be applied.
7111 type: string
7112 required:
7113 - type
7114 type: object
7115 supplementalGroups:
7116 description: |-
7117 A list of groups applied to the first process run in each container, in addition
7118 to the container's primary GID, the fsGroup (if specified), and group memberships
7119 defined in the container image for the uid of the container process. If unspecified,
7120 no additional groups are added to any container. Note that group memberships
7121 defined in the container image for the uid of the container process are still effective,
7122 even if they are not included in this list.
7123 Note that this field cannot be set when spec.os.name is windows.
7124 items:
7125 format: int64
7126 type: integer
7127 type: array
7128 x-kubernetes-list-type: atomic
7129 sysctls:
7130 description: |-
7131 Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
7132 sysctls (by the container runtime) might fail to launch.
7133 Note that this field cannot be set when spec.os.name is windows.
7134 items:
7135 description: Sysctl defines a kernel parameter to be set
7136 properties:
7137 name:
7138 description: Name of a property to set
7139 type: string
7140 value:
7141 description: Value of a property to set
7142 type: string
7143 required:
7144 - name
7145 - value
7146 type: object
7147 type: array
7148 x-kubernetes-list-type: atomic
7149 windowsOptions:
7150 description: |-
7151 The Windows specific settings applied to all containers.
7152 If unspecified, the options within a container's SecurityContext will be used.
7153 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
7154 Note that this field cannot be set when spec.os.name is linux.
7155 properties:
7156 gmsaCredentialSpec:
7157 description: |-
7158 GMSACredentialSpec is where the GMSA admission webhook
7159 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
7160 GMSA credential spec named by the GMSACredentialSpecName field.
7161 type: string
7162 gmsaCredentialSpecName:
7163 description: GMSACredentialSpecName is the name of the GMSA
7164 credential spec to use.
7165 type: string
7166 hostProcess:
7167 description: |-
7168 HostProcess determines if a container should be run as a 'Host Process' container.
7169 All of a Pod's containers must have the same effective HostProcess value
7170 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
7171 In addition, if HostProcess is true then HostNetwork must also be set to true.
7172 type: boolean
7173 runAsUserName:
7174 description: |-
7175 The UserName in Windows to run the entrypoint of the container process.
7176 Defaults to the user specified in image metadata if unspecified.
7177 May also be set in PodSecurityContext. If set in both SecurityContext and
7178 PodSecurityContext, the value specified in SecurityContext takes precedence.
7179 type: string
7180 type: object
7181 type: object
7182 serviceAccountName:
7183 description: |-
7184 ServiceAccountName is the name of the ServiceAccount to use to run the
7185 Prometheus Pods.
7186 type: string
7187 serviceMonitorNamespaceSelector:
7188 description: |-
7189 Namespaces to match for ServicedMonitors discovery. An empty label selector
7190 matches all namespaces. A null label selector matches the current
7191 namespace only.
7192 properties:
7193 matchExpressions:
7194 description: matchExpressions is a list of label selector requirements.
7195 The requirements are ANDed.
7196 items:
7197 description: |-
7198 A label selector requirement is a selector that contains values, a key, and an operator that
7199 relates the key and values.
7200 properties:
7201 key:
7202 description: key is the label key that the selector applies
7203 to.
7204 type: string
7205 operator:
7206 description: |-
7207 operator represents a key's relationship to a set of values.
7208 Valid operators are In, NotIn, Exists and DoesNotExist.
7209 type: string
7210 values:
7211 description: |-
7212 values is an array of string values. If the operator is In or NotIn,
7213 the values array must be non-empty. If the operator is Exists or DoesNotExist,
7214 the values array must be empty. This array is replaced during a strategic
7215 merge patch.
7216 items:
7217 type: string
7218 type: array
7219 x-kubernetes-list-type: atomic
7220 required:
7221 - key
7222 - operator
7223 type: object
7224 type: array
7225 x-kubernetes-list-type: atomic
7226 matchLabels:
7227 additionalProperties:
7228 type: string
7229 description: |-
7230 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
7231 map is equivalent to an element of matchExpressions, whose key field is "key", the
7232 operator is "In", and the values array contains only "value". The requirements are ANDed.
7233 type: object
7234 type: object
7235 x-kubernetes-map-type: atomic
7236 serviceMonitorSelector:
7237 description: |-
7238 ServiceMonitors to be selected for target discovery. An empty label
7239 selector matches all objects. A null label selector matches no objects.
7240
7241
7242 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
7243 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
7244 The Prometheus operator will ensure that the Prometheus configuration's
7245 Secret exists, but it is the responsibility of the user to provide the raw
7246 gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
7247 This behavior is *deprecated* and will be removed in the next major version
7248 of the custom resource definition. It is recommended to use
7249 `spec.additionalScrapeConfigs` instead.
7250 properties:
7251 matchExpressions:
7252 description: matchExpressions is a list of label selector requirements.
7253 The requirements are ANDed.
7254 items:
7255 description: |-
7256 A label selector requirement is a selector that contains values, a key, and an operator that
7257 relates the key and values.
7258 properties:
7259 key:
7260 description: key is the label key that the selector applies
7261 to.
7262 type: string
7263 operator:
7264 description: |-
7265 operator represents a key's relationship to a set of values.
7266 Valid operators are In, NotIn, Exists and DoesNotExist.
7267 type: string
7268 values:
7269 description: |-
7270 values is an array of string values. If the operator is In or NotIn,
7271 the values array must be non-empty. If the operator is Exists or DoesNotExist,
7272 the values array must be empty. This array is replaced during a strategic
7273 merge patch.
7274 items:
7275 type: string
7276 type: array
7277 x-kubernetes-list-type: atomic
7278 required:
7279 - key
7280 - operator
7281 type: object
7282 type: array
7283 x-kubernetes-list-type: atomic
7284 matchLabels:
7285 additionalProperties:
7286 type: string
7287 description: |-
7288 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
7289 map is equivalent to an element of matchExpressions, whose key field is "key", the
7290 operator is "In", and the values array contains only "value". The requirements are ANDed.
7291 type: object
7292 type: object
7293 x-kubernetes-map-type: atomic
7294 sha:
7295 description: |-
7296 *Deprecated: use 'spec.image' instead. The image's digest can be
7297 specified as part of the image name.*
7298 type: string
7299 shards:
7300 description: |-
7301 EXPERIMENTAL: Number of shards to distribute targets onto. `spec.replicas`
7302 multiplied by `spec.shards` is the total number of Pods created.
7303
7304
7305 Note that scaling down shards will not reshard data onto remaining
7306 instances, it must be manually moved. Increasing shards will not reshard
7307 data either but it will continue to be available from the same
7308 instances. To query globally, use Thanos sidecar and Thanos querier or
7309 remote write data to a central location.
7310
7311
7312 Sharding is performed on the content of the `__address__` target meta-label
7313 for PodMonitors and ServiceMonitors and `__param_target__` for Probes.
7314
7315
7316 Default: 1
7317 format: int32
7318 type: integer
7319 storage:
7320 description: Storage defines the storage used by Prometheus.
7321 properties:
7322 disableMountSubPath:
7323 description: '*Deprecated: subPath usage will be removed in a
7324 future release.*'
7325 type: boolean
7326 emptyDir:
7327 description: |-
7328 EmptyDirVolumeSource to be used by the StatefulSet.
7329 If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.
7330 More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
7331 properties:
7332 medium:
7333 description: |-
7334 medium represents what type of storage medium should back this directory.
7335 The default is "" which means to use the node's default medium.
7336 Must be an empty string (default) or Memory.
7337 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
7338 type: string
7339 sizeLimit:
7340 anyOf:
7341 - type: integer
7342 - type: string
7343 description: |-
7344 sizeLimit is the total amount of local storage required for this EmptyDir volume.
7345 The size limit is also applicable for memory medium.
7346 The maximum usage on memory medium EmptyDir would be the minimum value between
7347 the SizeLimit specified here and the sum of memory limits of all containers in a pod.
7348 The default is nil which means that the limit is undefined.
7349 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
7350 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7351 x-kubernetes-int-or-string: true
7352 type: object
7353 ephemeral:
7354 description: |-
7355 EphemeralVolumeSource to be used by the StatefulSet.
7356 This is a beta field in k8s 1.21 and GA in 1.15.
7357 For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.
7358 More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
7359 properties:
7360 volumeClaimTemplate:
7361 description: |-
7362 Will be used to create a stand-alone PVC to provision the volume.
7363 The pod in which this EphemeralVolumeSource is embedded will be the
7364 owner of the PVC, i.e. the PVC will be deleted together with the
7365 pod. The name of the PVC will be `<pod name>-<volume name>` where
7366 `<volume name>` is the name from the `PodSpec.Volumes` array
7367 entry. Pod validation will reject the pod if the concatenated name
7368 is not valid for a PVC (for example, too long).
7369
7370
7371 An existing PVC with that name that is not owned by the pod
7372 will *not* be used for the pod to avoid using an unrelated
7373 volume by mistake. Starting the pod is then blocked until
7374 the unrelated PVC is removed. If such a pre-created PVC is
7375 meant to be used by the pod, the PVC has to updated with an
7376 owner reference to the pod once the pod exists. Normally
7377 this should not be necessary, but it may be useful when
7378 manually reconstructing a broken cluster.
7379
7380
7381 This field is read-only and no changes will be made by Kubernetes
7382 to the PVC after it has been created.
7383
7384
7385 Required, must not be nil.
7386 properties:
7387 metadata:
7388 description: |-
7389 May contain labels and annotations that will be copied into the PVC
7390 when creating it. No other fields are allowed and will be rejected during
7391 validation.
7392 properties:
7393 annotations:
7394 additionalProperties:
7395 type: string
7396 type: object
7397 finalizers:
7398 items:
7399 type: string
7400 type: array
7401 labels:
7402 additionalProperties:
7403 type: string
7404 type: object
7405 name:
7406 type: string
7407 namespace:
7408 type: string
7409 type: object
7410 spec:
7411 description: |-
7412 The specification for the PersistentVolumeClaim. The entire content is
7413 copied unchanged into the PVC that gets created from this
7414 template. The same fields as in a PersistentVolumeClaim
7415 are also valid here.
7416 properties:
7417 accessModes:
7418 description: |-
7419 accessModes contains the desired access modes the volume should have.
7420 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
7421 items:
7422 type: string
7423 type: array
7424 x-kubernetes-list-type: atomic
7425 dataSource:
7426 description: |-
7427 dataSource field can be used to specify either:
7428 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
7429 * An existing PVC (PersistentVolumeClaim)
7430 If the provisioner or an external controller can support the specified data source,
7431 it will create a new volume based on the contents of the specified data source.
7432 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
7433 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
7434 If the namespace is specified, then dataSourceRef will not be copied to dataSource.
7435 properties:
7436 apiGroup:
7437 description: |-
7438 APIGroup is the group for the resource being referenced.
7439 If APIGroup is not specified, the specified Kind must be in the core API group.
7440 For any other third-party types, APIGroup is required.
7441 type: string
7442 kind:
7443 description: Kind is the type of resource being
7444 referenced
7445 type: string
7446 name:
7447 description: Name is the name of resource being
7448 referenced
7449 type: string
7450 required:
7451 - kind
7452 - name
7453 type: object
7454 x-kubernetes-map-type: atomic
7455 dataSourceRef:
7456 description: |-
7457 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
7458 volume is desired. This may be any object from a non-empty API group (non
7459 core object) or a PersistentVolumeClaim object.
7460 When this field is specified, volume binding will only succeed if the type of
7461 the specified object matches some installed volume populator or dynamic
7462 provisioner.
7463 This field will replace the functionality of the dataSource field and as such
7464 if both fields are non-empty, they must have the same value. For backwards
7465 compatibility, when namespace isn't specified in dataSourceRef,
7466 both fields (dataSource and dataSourceRef) will be set to the same
7467 value automatically if one of them is empty and the other is non-empty.
7468 When namespace is specified in dataSourceRef,
7469 dataSource isn't set to the same value and must be empty.
7470 There are three important differences between dataSource and dataSourceRef:
7471 * While dataSource only allows two specific types of objects, dataSourceRef
7472 allows any non-core object, as well as PersistentVolumeClaim objects.
7473 * While dataSource ignores disallowed values (dropping them), dataSourceRef
7474 preserves all values, and generates an error if a disallowed value is
7475 specified.
7476 * While dataSource only allows local objects, dataSourceRef allows objects
7477 in any namespaces.
7478 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
7479 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
7480 properties:
7481 apiGroup:
7482 description: |-
7483 APIGroup is the group for the resource being referenced.
7484 If APIGroup is not specified, the specified Kind must be in the core API group.
7485 For any other third-party types, APIGroup is required.
7486 type: string
7487 kind:
7488 description: Kind is the type of resource being
7489 referenced
7490 type: string
7491 name:
7492 description: Name is the name of resource being
7493 referenced
7494 type: string
7495 namespace:
7496 description: |-
7497 Namespace is the namespace of resource being referenced
7498 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
7499 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
7500 type: string
7501 required:
7502 - kind
7503 - name
7504 type: object
7505 resources:
7506 description: |-
7507 resources represents the minimum resources the volume should have.
7508 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
7509 that are lower than previous value but must still be higher than capacity recorded in the
7510 status field of the claim.
7511 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
7512 properties:
7513 limits:
7514 additionalProperties:
7515 anyOf:
7516 - type: integer
7517 - type: string
7518 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7519 x-kubernetes-int-or-string: true
7520 description: |-
7521 Limits describes the maximum amount of compute resources allowed.
7522 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7523 type: object
7524 requests:
7525 additionalProperties:
7526 anyOf:
7527 - type: integer
7528 - type: string
7529 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7530 x-kubernetes-int-or-string: true
7531 description: |-
7532 Requests describes the minimum amount of compute resources required.
7533 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
7534 otherwise to an implementation-defined value. Requests cannot exceed Limits.
7535 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7536 type: object
7537 type: object
7538 selector:
7539 description: selector is a label query over volumes
7540 to consider for binding.
7541 properties:
7542 matchExpressions:
7543 description: matchExpressions is a list of label
7544 selector requirements. The requirements are
7545 ANDed.
7546 items:
7547 description: |-
7548 A label selector requirement is a selector that contains values, a key, and an operator that
7549 relates the key and values.
7550 properties:
7551 key:
7552 description: key is the label key that the
7553 selector applies to.
7554 type: string
7555 operator:
7556 description: |-
7557 operator represents a key's relationship to a set of values.
7558 Valid operators are In, NotIn, Exists and DoesNotExist.
7559 type: string
7560 values:
7561 description: |-
7562 values is an array of string values. If the operator is In or NotIn,
7563 the values array must be non-empty. If the operator is Exists or DoesNotExist,
7564 the values array must be empty. This array is replaced during a strategic
7565 merge patch.
7566 items:
7567 type: string
7568 type: array
7569 x-kubernetes-list-type: atomic
7570 required:
7571 - key
7572 - operator
7573 type: object
7574 type: array
7575 x-kubernetes-list-type: atomic
7576 matchLabels:
7577 additionalProperties:
7578 type: string
7579 description: |-
7580 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
7581 map is equivalent to an element of matchExpressions, whose key field is "key", the
7582 operator is "In", and the values array contains only "value". The requirements are ANDed.
7583 type: object
7584 type: object
7585 x-kubernetes-map-type: atomic
7586 storageClassName:
7587 description: |-
7588 storageClassName is the name of the StorageClass required by the claim.
7589 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
7590 type: string
7591 volumeAttributesClassName:
7592 description: |-
7593 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
7594 If specified, the CSI driver will create or update the volume with the attributes defined
7595 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
7596 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
7597 will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
7598 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
7599 will be set by the persistentvolume controller if it exists.
7600 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
7601 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
7602 exists.
7603 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
7604 (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
7605 type: string
7606 volumeMode:
7607 description: |-
7608 volumeMode defines what type of volume is required by the claim.
7609 Value of Filesystem is implied when not included in claim spec.
7610 type: string
7611 volumeName:
7612 description: volumeName is the binding reference to
7613 the PersistentVolume backing this claim.
7614 type: string
7615 type: object
7616 required:
7617 - spec
7618 type: object
7619 type: object
7620 volumeClaimTemplate:
7621 description: |-
7622 Defines the PVC spec to be used by the Prometheus StatefulSets.
7623 The easiest way to use a volume that cannot be automatically provisioned
7624 is to use a label selector alongside manually created PersistentVolumes.
7625 properties:
7626 apiVersion:
7627 description: |-
7628 APIVersion defines the versioned schema of this representation of an object.
7629 Servers should convert recognized schemas to the latest internal value, and
7630 may reject unrecognized values.
7631 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
7632 type: string
7633 kind:
7634 description: |-
7635 Kind is a string value representing the REST resource this object represents.
7636 Servers may infer this from the endpoint the client submits requests to.
7637 Cannot be updated.
7638 In CamelCase.
7639 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
7640 type: string
7641 metadata:
7642 description: EmbeddedMetadata contains metadata relevant to
7643 an EmbeddedResource.
7644 properties:
7645 annotations:
7646 additionalProperties:
7647 type: string
7648 description: |-
7649 Annotations is an unstructured key value map stored with a resource that may be
7650 set by external tools to store and retrieve arbitrary metadata. They are not
7651 queryable and should be preserved when modifying objects.
7652 More info: http://kubernetes.io/docs/user-guide/annotations
7653 type: object
7654 labels:
7655 additionalProperties:
7656 type: string
7657 description: |-
7658 Map of string keys and values that can be used to organize and categorize
7659 (scope and select) objects. May match selectors of replication controllers
7660 and services.
7661 More info: http://kubernetes.io/docs/user-guide/labels
7662 type: object
7663 name:
7664 description: |-
7665 Name must be unique within a namespace. Is required when creating resources, although
7666 some resources may allow a client to request the generation of an appropriate name
7667 automatically. Name is primarily intended for creation idempotence and configuration
7668 definition.
7669 Cannot be updated.
7670 More info: http://kubernetes.io/docs/user-guide/identifiers#names
7671 type: string
7672 type: object
7673 spec:
7674 description: |-
7675 Defines the desired characteristics of a volume requested by a pod author.
7676 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
7677 properties:
7678 accessModes:
7679 description: |-
7680 accessModes contains the desired access modes the volume should have.
7681 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
7682 items:
7683 type: string
7684 type: array
7685 x-kubernetes-list-type: atomic
7686 dataSource:
7687 description: |-
7688 dataSource field can be used to specify either:
7689 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
7690 * An existing PVC (PersistentVolumeClaim)
7691 If the provisioner or an external controller can support the specified data source,
7692 it will create a new volume based on the contents of the specified data source.
7693 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
7694 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
7695 If the namespace is specified, then dataSourceRef will not be copied to dataSource.
7696 properties:
7697 apiGroup:
7698 description: |-
7699 APIGroup is the group for the resource being referenced.
7700 If APIGroup is not specified, the specified Kind must be in the core API group.
7701 For any other third-party types, APIGroup is required.
7702 type: string
7703 kind:
7704 description: Kind is the type of resource being referenced
7705 type: string
7706 name:
7707 description: Name is the name of resource being referenced
7708 type: string
7709 required:
7710 - kind
7711 - name
7712 type: object
7713 x-kubernetes-map-type: atomic
7714 dataSourceRef:
7715 description: |-
7716 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
7717 volume is desired. This may be any object from a non-empty API group (non
7718 core object) or a PersistentVolumeClaim object.
7719 When this field is specified, volume binding will only succeed if the type of
7720 the specified object matches some installed volume populator or dynamic
7721 provisioner.
7722 This field will replace the functionality of the dataSource field and as such
7723 if both fields are non-empty, they must have the same value. For backwards
7724 compatibility, when namespace isn't specified in dataSourceRef,
7725 both fields (dataSource and dataSourceRef) will be set to the same
7726 value automatically if one of them is empty and the other is non-empty.
7727 When namespace is specified in dataSourceRef,
7728 dataSource isn't set to the same value and must be empty.
7729 There are three important differences between dataSource and dataSourceRef:
7730 * While dataSource only allows two specific types of objects, dataSourceRef
7731 allows any non-core object, as well as PersistentVolumeClaim objects.
7732 * While dataSource ignores disallowed values (dropping them), dataSourceRef
7733 preserves all values, and generates an error if a disallowed value is
7734 specified.
7735 * While dataSource only allows local objects, dataSourceRef allows objects
7736 in any namespaces.
7737 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
7738 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
7739 properties:
7740 apiGroup:
7741 description: |-
7742 APIGroup is the group for the resource being referenced.
7743 If APIGroup is not specified, the specified Kind must be in the core API group.
7744 For any other third-party types, APIGroup is required.
7745 type: string
7746 kind:
7747 description: Kind is the type of resource being referenced
7748 type: string
7749 name:
7750 description: Name is the name of resource being referenced
7751 type: string
7752 namespace:
7753 description: |-
7754 Namespace is the namespace of resource being referenced
7755 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
7756 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
7757 type: string
7758 required:
7759 - kind
7760 - name
7761 type: object
7762 resources:
7763 description: |-
7764 resources represents the minimum resources the volume should have.
7765 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
7766 that are lower than previous value but must still be higher than capacity recorded in the
7767 status field of the claim.
7768 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
7769 properties:
7770 limits:
7771 additionalProperties:
7772 anyOf:
7773 - type: integer
7774 - type: string
7775 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7776 x-kubernetes-int-or-string: true
7777 description: |-
7778 Limits describes the maximum amount of compute resources allowed.
7779 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7780 type: object
7781 requests:
7782 additionalProperties:
7783 anyOf:
7784 - type: integer
7785 - type: string
7786 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7787 x-kubernetes-int-or-string: true
7788 description: |-
7789 Requests describes the minimum amount of compute resources required.
7790 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
7791 otherwise to an implementation-defined value. Requests cannot exceed Limits.
7792 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7793 type: object
7794 type: object
7795 selector:
7796 description: selector is a label query over volumes to
7797 consider for binding.
7798 properties:
7799 matchExpressions:
7800 description: matchExpressions is a list of label selector
7801 requirements. The requirements are ANDed.
7802 items:
7803 description: |-
7804 A label selector requirement is a selector that contains values, a key, and an operator that
7805 relates the key and values.
7806 properties:
7807 key:
7808 description: key is the label key that the selector
7809 applies to.
7810 type: string
7811 operator:
7812 description: |-
7813 operator represents a key's relationship to a set of values.
7814 Valid operators are In, NotIn, Exists and DoesNotExist.
7815 type: string
7816 values:
7817 description: |-
7818 values is an array of string values. If the operator is In or NotIn,
7819 the values array must be non-empty. If the operator is Exists or DoesNotExist,
7820 the values array must be empty. This array is replaced during a strategic
7821 merge patch.
7822 items:
7823 type: string
7824 type: array
7825 x-kubernetes-list-type: atomic
7826 required:
7827 - key
7828 - operator
7829 type: object
7830 type: array
7831 x-kubernetes-list-type: atomic
7832 matchLabels:
7833 additionalProperties:
7834 type: string
7835 description: |-
7836 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
7837 map is equivalent to an element of matchExpressions, whose key field is "key", the
7838 operator is "In", and the values array contains only "value". The requirements are ANDed.
7839 type: object
7840 type: object
7841 x-kubernetes-map-type: atomic
7842 storageClassName:
7843 description: |-
7844 storageClassName is the name of the StorageClass required by the claim.
7845 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
7846 type: string
7847 volumeAttributesClassName:
7848 description: |-
7849 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
7850 If specified, the CSI driver will create or update the volume with the attributes defined
7851 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
7852 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
7853 will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
7854 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
7855 will be set by the persistentvolume controller if it exists.
7856 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
7857 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
7858 exists.
7859 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
7860 (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
7861 type: string
7862 volumeMode:
7863 description: |-
7864 volumeMode defines what type of volume is required by the claim.
7865 Value of Filesystem is implied when not included in claim spec.
7866 type: string
7867 volumeName:
7868 description: volumeName is the binding reference to the
7869 PersistentVolume backing this claim.
7870 type: string
7871 type: object
7872 status:
7873 description: '*Deprecated: this field is never set.*'
7874 properties:
7875 accessModes:
7876 description: |-
7877 accessModes contains the actual access modes the volume backing the PVC has.
7878 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
7879 items:
7880 type: string
7881 type: array
7882 x-kubernetes-list-type: atomic
7883 allocatedResourceStatuses:
7884 additionalProperties:
7885 description: |-
7886 When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
7887 that it does not recognizes, then it should ignore that update and let other controllers
7888 handle it.
7889 type: string
7890 description: "allocatedResourceStatuses stores status
7891 of resource being resized for the given PVC.\nKey names
7892 follow standard Kubernetes label syntax. Valid values
7893 are either:\n\t* Un-prefixed keys:\n\t\t- storage -
7894 the capacity of the volume.\n\t* Custom resources must
7895 use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart
7896 from above values - keys that are unprefixed or have
7897 kubernetes.io prefix are considered\nreserved and hence
7898 may not be used.\n\n\nClaimResourceStatus can be in
7899 any of following states:\n\t- ControllerResizeInProgress:\n\t\tState
7900 set when resize controller starts resizing the volume
7901 in control-plane.\n\t- ControllerResizeFailed:\n\t\tState
7902 set when resize has failed in resize controller with
7903 a terminal error.\n\t- NodeResizePending:\n\t\tState
7904 set when resize controller has finished resizing the
7905 volume but further resizing of\n\t\tvolume is needed
7906 on the node.\n\t- NodeResizeInProgress:\n\t\tState set
7907 when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState
7908 set when resizing has failed in kubelet with a terminal
7909 error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor
7910 example: if expanding a PVC for more capacity - this
7911 field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage']
7912 = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage']
7913 = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage']
7914 = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage']
7915 = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage']
7916 = \"NodeResizeFailed\"\nWhen this field is not set,
7917 it means that no resize operation is in progress for
7918 the given PVC.\n\n\nA controller that receives PVC update
7919 with previously unknown resourceName or ClaimResourceStatus\nshould
7920 ignore the update for the purpose it was designed. For
7921 example - a controller that\nonly is responsible for
7922 resizing capacity of the volume, should ignore PVC updates
7923 that change other valid\nresources associated with PVC.\n\n\nThis
7924 is an alpha field and requires enabling RecoverVolumeExpansionFailure
7925 feature."
7926 type: object
7927 x-kubernetes-map-type: granular
7928 allocatedResources:
7929 additionalProperties:
7930 anyOf:
7931 - type: integer
7932 - type: string
7933 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7934 x-kubernetes-int-or-string: true
7935 description: "allocatedResources tracks the resources
7936 allocated to a PVC including its capacity.\nKey names
7937 follow standard Kubernetes label syntax. Valid values
7938 are either:\n\t* Un-prefixed keys:\n\t\t- storage -
7939 the capacity of the volume.\n\t* Custom resources must
7940 use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart
7941 from above values - keys that are unprefixed or have
7942 kubernetes.io prefix are considered\nreserved and hence
7943 may not be used.\n\n\nCapacity reported here may be
7944 larger than the actual capacity when a volume expansion
7945 operation\nis requested.\nFor storage quota, the larger
7946 value from allocatedResources and PVC.spec.resources
7947 is used.\nIf allocatedResources is not set, PVC.spec.resources
7948 alone is used for quota calculation.\nIf a volume expansion
7949 capacity request is lowered, allocatedResources is only\nlowered
7950 if there are no expansion operations in progress and
7951 if the actual volume capacity\nis equal or lower than
7952 the requested capacity.\n\n\nA controller that receives
7953 PVC update with previously unknown resourceName\nshould
7954 ignore the update for the purpose it was designed. For
7955 example - a controller that\nonly is responsible for
7956 resizing capacity of the volume, should ignore PVC updates
7957 that change other valid\nresources associated with PVC.\n\n\nThis
7958 is an alpha field and requires enabling RecoverVolumeExpansionFailure
7959 feature."
7960 type: object
7961 capacity:
7962 additionalProperties:
7963 anyOf:
7964 - type: integer
7965 - type: string
7966 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7967 x-kubernetes-int-or-string: true
7968 description: capacity represents the actual resources
7969 of the underlying volume.
7970 type: object
7971 conditions:
7972 description: |-
7973 conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
7974 resized then the Condition will be set to 'Resizing'.
7975 items:
7976 description: PersistentVolumeClaimCondition contains
7977 details about state of pvc
7978 properties:
7979 lastProbeTime:
7980 description: lastProbeTime is the time we probed
7981 the condition.
7982 format: date-time
7983 type: string
7984 lastTransitionTime:
7985 description: lastTransitionTime is the time the
7986 condition transitioned from one status to another.
7987 format: date-time
7988 type: string
7989 message:
7990 description: message is the human-readable message
7991 indicating details about last transition.
7992 type: string
7993 reason:
7994 description: |-
7995 reason is a unique, this should be a short, machine understandable string that gives the reason
7996 for condition's last transition. If it reports "Resizing" that means the underlying
7997 persistent volume is being resized.
7998 type: string
7999 status:
8000 type: string
8001 type:
8002 description: PersistentVolumeClaimConditionType
8003 is a valid value of PersistentVolumeClaimCondition.Type
8004 type: string
8005 required:
8006 - status
8007 - type
8008 type: object
8009 type: array
8010 x-kubernetes-list-map-keys:
8011 - type
8012 x-kubernetes-list-type: map
8013 currentVolumeAttributesClassName:
8014 description: |-
8015 currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
8016 When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
8017 This is an alpha field and requires enabling VolumeAttributesClass feature.
8018 type: string
8019 modifyVolumeStatus:
8020 description: |-
8021 ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
8022 When this is unset, there is no ModifyVolume operation being attempted.
8023 This is an alpha field and requires enabling VolumeAttributesClass feature.
8024 properties:
8025 status:
8026 description: "status is the status of the ControllerModifyVolume
8027 operation. It can be in any of following states:\n
8028 - Pending\n Pending indicates that the PersistentVolumeClaim
8029 cannot be modified due to unmet requirements, such
8030 as\n the specified VolumeAttributesClass not existing.\n
8031 - InProgress\n InProgress indicates that the volume
8032 is being modified.\n - Infeasible\n Infeasible
8033 indicates that the request has been rejected as
8034 invalid by the CSI driver. To\n\t resolve the error,
8035 a valid VolumeAttributesClass needs to be specified.\nNote:
8036 New statuses can be added in the future. Consumers
8037 should check for unknown statuses and fail appropriately."
8038 type: string
8039 targetVolumeAttributesClassName:
8040 description: targetVolumeAttributesClassName is the
8041 name of the VolumeAttributesClass the PVC currently
8042 being reconciled
8043 type: string
8044 required:
8045 - status
8046 type: object
8047 phase:
8048 description: phase represents the current phase of PersistentVolumeClaim.
8049 type: string
8050 type: object
8051 type: object
8052 type: object
8053 tag:
8054 description: |-
8055 *Deprecated: use 'spec.image' instead. The image's tag can be specified
8056 as part of the image name.*
8057 type: string
8058 targetLimit:
8059 description: |-
8060 TargetLimit defines a limit on the number of scraped targets that will be accepted.
8061 Only valid in Prometheus versions 2.45.0 and newer.
8062 format: int64
8063 type: integer
8064 thanos:
8065 description: |-
8066 Defines the configuration of the optional Thanos sidecar.
8067
8068
8069 This section is experimental, it may change significantly without
8070 deprecation notice in any release.
8071 properties:
8072 additionalArgs:
8073 description: |-
8074 AdditionalArgs allows setting additional arguments for the Thanos container.
8075 The arguments are passed as-is to the Thanos container which may cause issues
8076 if they are invalid or not supported the given Thanos version.
8077 In case of an argument conflict (e.g. an argument which is already set by the
8078 operator itself) or when providing an invalid argument, the reconciliation will
8079 fail and an error will be logged.
8080 items:
8081 description: Argument as part of the AdditionalArgs list.
8082 properties:
8083 name:
8084 description: Name of the argument, e.g. "scrape.discovery-reload-interval".
8085 minLength: 1
8086 type: string
8087 value:
8088 description: Argument value, e.g. 30s. Can be empty for
8089 name-only arguments (e.g. --storage.tsdb.no-lockfile)
8090 type: string
8091 required:
8092 - name
8093 type: object
8094 type: array
8095 baseImage:
8096 description: '*Deprecated: use ''image'' instead.*'
8097 type: string
8098 blockSize:
8099 default: 2h
8100 description: |-
8101 BlockDuration controls the size of TSDB blocks produced by Prometheus.
8102 The default value is 2h to match the upstream Prometheus defaults.
8103
8104
8105 WARNING: Changing the block duration can impact the performance and
8106 efficiency of the entire Prometheus/Thanos stack due to how it interacts
8107 with memory and Thanos compactors. It is recommended to keep this value
8108 set to a multiple of 120 times your longest scrape or rule interval. For
8109 example, 30s * 120 = 1h.
8110 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
8111 type: string
8112 getConfigInterval:
8113 description: How often to retrieve the Prometheus configuration.
8114 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
8115 type: string
8116 getConfigTimeout:
8117 description: Maximum time to wait when retrieving the Prometheus
8118 configuration.
8119 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
8120 type: string
8121 grpcListenLocal:
8122 description: |-
8123 When true, the Thanos sidecar listens on the loopback interface instead
8124 of the Pod IP's address for the gRPC endpoints.
8125
8126
8127 It has no effect if `listenLocal` is true.
8128 type: boolean
8129 grpcServerTlsConfig:
8130 description: |-
8131 Configures the TLS parameters for the gRPC server providing the StoreAPI.
8132
8133
8134 Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.
8135 properties:
8136 ca:
8137 description: Certificate authority used when verifying server
8138 certificates.
8139 properties:
8140 configMap:
8141 description: ConfigMap containing data to use for the
8142 targets.
8143 properties:
8144 key:
8145 description: The key to select.
8146 type: string
8147 name:
8148 default: ""
8149 description: |-
8150 Name of the referent.
8151 This field is effectively required, but due to backwards compatibility is
8152 allowed to be empty. Instances of this type with an empty value here are
8153 almost certainly wrong.
8154 TODO: Add other useful fields. apiVersion, kind, uid?
8155 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8156 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8157 type: string
8158 optional:
8159 description: Specify whether the ConfigMap or its
8160 key must be defined
8161 type: boolean
8162 required:
8163 - key
8164 type: object
8165 x-kubernetes-map-type: atomic
8166 secret:
8167 description: Secret containing data to use for the targets.
8168 properties:
8169 key:
8170 description: The key of the secret to select from. Must
8171 be a valid secret key.
8172 type: string
8173 name:
8174 default: ""
8175 description: |-
8176 Name of the referent.
8177 This field is effectively required, but due to backwards compatibility is
8178 allowed to be empty. Instances of this type with an empty value here are
8179 almost certainly wrong.
8180 TODO: Add other useful fields. apiVersion, kind, uid?
8181 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8182 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8183 type: string
8184 optional:
8185 description: Specify whether the Secret or its key
8186 must be defined
8187 type: boolean
8188 required:
8189 - key
8190 type: object
8191 x-kubernetes-map-type: atomic
8192 type: object
8193 caFile:
8194 description: Path to the CA cert in the Prometheus container
8195 to use for the targets.
8196 type: string
8197 cert:
8198 description: Client certificate to present when doing client-authentication.
8199 properties:
8200 configMap:
8201 description: ConfigMap containing data to use for the
8202 targets.
8203 properties:
8204 key:
8205 description: The key to select.
8206 type: string
8207 name:
8208 default: ""
8209 description: |-
8210 Name of the referent.
8211 This field is effectively required, but due to backwards compatibility is
8212 allowed to be empty. Instances of this type with an empty value here are
8213 almost certainly wrong.
8214 TODO: Add other useful fields. apiVersion, kind, uid?
8215 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8216 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8217 type: string
8218 optional:
8219 description: Specify whether the ConfigMap or its
8220 key must be defined
8221 type: boolean
8222 required:
8223 - key
8224 type: object
8225 x-kubernetes-map-type: atomic
8226 secret:
8227 description: Secret containing data to use for the targets.
8228 properties:
8229 key:
8230 description: The key of the secret to select from. Must
8231 be a valid secret key.
8232 type: string
8233 name:
8234 default: ""
8235 description: |-
8236 Name of the referent.
8237 This field is effectively required, but due to backwards compatibility is
8238 allowed to be empty. Instances of this type with an empty value here are
8239 almost certainly wrong.
8240 TODO: Add other useful fields. apiVersion, kind, uid?
8241 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8242 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8243 type: string
8244 optional:
8245 description: Specify whether the Secret or its key
8246 must be defined
8247 type: boolean
8248 required:
8249 - key
8250 type: object
8251 x-kubernetes-map-type: atomic
8252 type: object
8253 certFile:
8254 description: Path to the client cert file in the Prometheus
8255 container for the targets.
8256 type: string
8257 insecureSkipVerify:
8258 description: Disable target certificate validation.
8259 type: boolean
8260 keyFile:
8261 description: Path to the client key file in the Prometheus
8262 container for the targets.
8263 type: string
8264 keySecret:
8265 description: Secret containing the client key file for the
8266 targets.
8267 properties:
8268 key:
8269 description: The key of the secret to select from. Must
8270 be a valid secret key.
8271 type: string
8272 name:
8273 default: ""
8274 description: |-
8275 Name of the referent.
8276 This field is effectively required, but due to backwards compatibility is
8277 allowed to be empty. Instances of this type with an empty value here are
8278 almost certainly wrong.
8279 TODO: Add other useful fields. apiVersion, kind, uid?
8280 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8281 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8282 type: string
8283 optional:
8284 description: Specify whether the Secret or its key must
8285 be defined
8286 type: boolean
8287 required:
8288 - key
8289 type: object
8290 x-kubernetes-map-type: atomic
8291 serverName:
8292 description: Used to verify the hostname for the targets.
8293 type: string
8294 type: object
8295 httpListenLocal:
8296 description: |-
8297 When true, the Thanos sidecar listens on the loopback interface instead
8298 of the Pod IP's address for the HTTP endpoints.
8299
8300
8301 It has no effect if `listenLocal` is true.
8302 type: boolean
8303 image:
8304 description: |-
8305 Container image name for Thanos. If specified, it takes precedence over
8306 the `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha`
8307 fields.
8308
8309
8310 Specifying `spec.thanos.version` is still necessary to ensure the
8311 Prometheus Operator knows which version of Thanos is being configured.
8312
8313
8314 If neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined,
8315 the operator will use the latest upstream version of Thanos available at
8316 the time when the operator was released.
8317 type: string
8318 listenLocal:
8319 description: '*Deprecated: use `grpcListenLocal` and `httpListenLocal`
8320 instead.*'
8321 type: boolean
8322 logFormat:
8323 description: Log format for the Thanos sidecar.
8324 enum:
8325 - ""
8326 - logfmt
8327 - json
8328 type: string
8329 logLevel:
8330 description: Log level for the Thanos sidecar.
8331 enum:
8332 - ""
8333 - debug
8334 - info
8335 - warn
8336 - error
8337 type: string
8338 minTime:
8339 description: |-
8340 Defines the start of time range limit served by the Thanos sidecar's StoreAPI.
8341 The field's value should be a constant time in RFC3339 format or a time
8342 duration relative to current time, such as -1d or 2h45m. Valid duration
8343 units are ms, s, m, h, d, w, y.
8344 type: string
8345 objectStorageConfig:
8346 description: |-
8347 Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage.
8348
8349
8350 More info: https://thanos.io/tip/thanos/storage.md/
8351
8352
8353 objectStorageConfigFile takes precedence over this field.
8354 properties:
8355 key:
8356 description: The key of the secret to select from. Must be
8357 a valid secret key.
8358 type: string
8359 name:
8360 default: ""
8361 description: |-
8362 Name of the referent.
8363 This field is effectively required, but due to backwards compatibility is
8364 allowed to be empty. Instances of this type with an empty value here are
8365 almost certainly wrong.
8366 TODO: Add other useful fields. apiVersion, kind, uid?
8367 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8368 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8369 type: string
8370 optional:
8371 description: Specify whether the Secret or its key must be
8372 defined
8373 type: boolean
8374 required:
8375 - key
8376 type: object
8377 x-kubernetes-map-type: atomic
8378 objectStorageConfigFile:
8379 description: |-
8380 Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage.
8381
8382
8383 More info: https://thanos.io/tip/thanos/storage.md/
8384
8385
8386 This field takes precedence over objectStorageConfig.
8387 type: string
8388 readyTimeout:
8389 description: |-
8390 ReadyTimeout is the maximum time that the Thanos sidecar will wait for
8391 Prometheus to start.
8392 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
8393 type: string
8394 resources:
8395 description: Defines the resources requests and limits of the
8396 Thanos sidecar.
8397 properties:
8398 claims:
8399 description: |-
8400 Claims lists the names of resources, defined in spec.resourceClaims,
8401 that are used by this container.
8402
8403
8404 This is an alpha field and requires enabling the
8405 DynamicResourceAllocation feature gate.
8406
8407
8408 This field is immutable. It can only be set for containers.
8409 items:
8410 description: ResourceClaim references one entry in PodSpec.ResourceClaims.
8411 properties:
8412 name:
8413 description: |-
8414 Name must match the name of one entry in pod.spec.resourceClaims of
8415 the Pod where this field is used. It makes that resource available
8416 inside a container.
8417 type: string
8418 required:
8419 - name
8420 type: object
8421 type: array
8422 x-kubernetes-list-map-keys:
8423 - name
8424 x-kubernetes-list-type: map
8425 limits:
8426 additionalProperties:
8427 anyOf:
8428 - type: integer
8429 - type: string
8430 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
8431 x-kubernetes-int-or-string: true
8432 description: |-
8433 Limits describes the maximum amount of compute resources allowed.
8434 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
8435 type: object
8436 requests:
8437 additionalProperties:
8438 anyOf:
8439 - type: integer
8440 - type: string
8441 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
8442 x-kubernetes-int-or-string: true
8443 description: |-
8444 Requests describes the minimum amount of compute resources required.
8445 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
8446 otherwise to an implementation-defined value. Requests cannot exceed Limits.
8447 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
8448 type: object
8449 type: object
8450 sha:
8451 description: |-
8452 *Deprecated: use 'image' instead. The image digest can be specified
8453 as part of the image name.*
8454 type: string
8455 tag:
8456 description: |-
8457 *Deprecated: use 'image' instead. The image's tag can be specified as
8458 part of the image name.*
8459 type: string
8460 tracingConfig:
8461 description: |-
8462 Defines the tracing configuration for the Thanos sidecar.
8463
8464
8465 More info: https://thanos.io/tip/thanos/tracing.md/
8466
8467
8468 This is an experimental feature, it may change in any upcoming release
8469 in a breaking way.
8470
8471
8472 tracingConfigFile takes precedence over this field.
8473 properties:
8474 key:
8475 description: The key of the secret to select from. Must be
8476 a valid secret key.
8477 type: string
8478 name:
8479 default: ""
8480 description: |-
8481 Name of the referent.
8482 This field is effectively required, but due to backwards compatibility is
8483 allowed to be empty. Instances of this type with an empty value here are
8484 almost certainly wrong.
8485 TODO: Add other useful fields. apiVersion, kind, uid?
8486 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8487 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8488 type: string
8489 optional:
8490 description: Specify whether the Secret or its key must be
8491 defined
8492 type: boolean
8493 required:
8494 - key
8495 type: object
8496 x-kubernetes-map-type: atomic
8497 tracingConfigFile:
8498 description: |-
8499 Defines the tracing configuration file for the Thanos sidecar.
8500
8501
8502 More info: https://thanos.io/tip/thanos/tracing.md/
8503
8504
8505 This is an experimental feature, it may change in any upcoming release
8506 in a breaking way.
8507
8508
8509 This field takes precedence over tracingConfig.
8510 type: string
8511 version:
8512 description: |-
8513 Version of Thanos being deployed. The operator uses this information
8514 to generate the Prometheus StatefulSet + configuration files.
8515
8516
8517 If not specified, the operator assumes the latest upstream release of
8518 Thanos available at the time when the version of the operator was
8519 released.
8520 type: string
8521 volumeMounts:
8522 description: |-
8523 VolumeMounts allows configuration of additional VolumeMounts for Thanos.
8524 VolumeMounts specified will be appended to other VolumeMounts in the
8525 'thanos-sidecar' container.
8526 items:
8527 description: VolumeMount describes a mounting of a Volume within
8528 a container.
8529 properties:
8530 mountPath:
8531 description: |-
8532 Path within the container at which the volume should be mounted. Must
8533 not contain ':'.
8534 type: string
8535 mountPropagation:
8536 description: |-
8537 mountPropagation determines how mounts are propagated from the host
8538 to container and the other way around.
8539 When not set, MountPropagationNone is used.
8540 This field is beta in 1.10.
8541 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
8542 (which defaults to None).
8543 type: string
8544 name:
8545 description: This must match the Name of a Volume.
8546 type: string
8547 readOnly:
8548 description: |-
8549 Mounted read-only if true, read-write otherwise (false or unspecified).
8550 Defaults to false.
8551 type: boolean
8552 recursiveReadOnly:
8553 description: |-
8554 RecursiveReadOnly specifies whether read-only mounts should be handled
8555 recursively.
8556
8557
8558 If ReadOnly is false, this field has no meaning and must be unspecified.
8559
8560
8561 If ReadOnly is true, and this field is set to Disabled, the mount is not made
8562 recursively read-only. If this field is set to IfPossible, the mount is made
8563 recursively read-only, if it is supported by the container runtime. If this
8564 field is set to Enabled, the mount is made recursively read-only if it is
8565 supported by the container runtime, otherwise the pod will not be started and
8566 an error will be generated to indicate the reason.
8567
8568
8569 If this field is set to IfPossible or Enabled, MountPropagation must be set to
8570 None (or be unspecified, which defaults to None).
8571
8572
8573 If this field is not specified, it is treated as an equivalent of Disabled.
8574 type: string
8575 subPath:
8576 description: |-
8577 Path within the volume from which the container's volume should be mounted.
8578 Defaults to "" (volume's root).
8579 type: string
8580 subPathExpr:
8581 description: |-
8582 Expanded path within the volume from which the container's volume should be mounted.
8583 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
8584 Defaults to "" (volume's root).
8585 SubPathExpr and SubPath are mutually exclusive.
8586 type: string
8587 required:
8588 - mountPath
8589 - name
8590 type: object
8591 type: array
8592 type: object
8593 tolerations:
8594 description: Defines the Pods' tolerations if specified.
8595 items:
8596 description: |-
8597 The pod this Toleration is attached to tolerates any taint that matches
8598 the triple <key,value,effect> using the matching operator <operator>.
8599 properties:
8600 effect:
8601 description: |-
8602 Effect indicates the taint effect to match. Empty means match all taint effects.
8603 When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
8604 type: string
8605 key:
8606 description: |-
8607 Key is the taint key that the toleration applies to. Empty means match all taint keys.
8608 If the key is empty, operator must be Exists; this combination means to match all values and all keys.
8609 type: string
8610 operator:
8611 description: |-
8612 Operator represents a key's relationship to the value.
8613 Valid operators are Exists and Equal. Defaults to Equal.
8614 Exists is equivalent to wildcard for value, so that a pod can
8615 tolerate all taints of a particular category.
8616 type: string
8617 tolerationSeconds:
8618 description: |-
8619 TolerationSeconds represents the period of time the toleration (which must be
8620 of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
8621 it is not set, which means tolerate the taint forever (do not evict). Zero and
8622 negative values will be treated as 0 (evict immediately) by the system.
8623 format: int64
8624 type: integer
8625 value:
8626 description: |-
8627 Value is the taint value the toleration matches to.
8628 If the operator is Exists, the value should be empty, otherwise just a regular string.
8629 type: string
8630 type: object
8631 type: array
8632 topologySpreadConstraints:
8633 description: Defines the pod's topology spread constraints if specified.
8634 items:
8635 description: TopologySpreadConstraint specifies how to spread matching
8636 pods among the given topology.
8637 properties:
8638 labelSelector:
8639 description: |-
8640 LabelSelector is used to find matching pods.
8641 Pods that match this label selector are counted to determine the number of pods
8642 in their corresponding topology domain.
8643 properties:
8644 matchExpressions:
8645 description: matchExpressions is a list of label selector
8646 requirements. The requirements are ANDed.
8647 items:
8648 description: |-
8649 A label selector requirement is a selector that contains values, a key, and an operator that
8650 relates the key and values.
8651 properties:
8652 key:
8653 description: key is the label key that the selector
8654 applies to.
8655 type: string
8656 operator:
8657 description: |-
8658 operator represents a key's relationship to a set of values.
8659 Valid operators are In, NotIn, Exists and DoesNotExist.
8660 type: string
8661 values:
8662 description: |-
8663 values is an array of string values. If the operator is In or NotIn,
8664 the values array must be non-empty. If the operator is Exists or DoesNotExist,
8665 the values array must be empty. This array is replaced during a strategic
8666 merge patch.
8667 items:
8668 type: string
8669 type: array
8670 x-kubernetes-list-type: atomic
8671 required:
8672 - key
8673 - operator
8674 type: object
8675 type: array
8676 x-kubernetes-list-type: atomic
8677 matchLabels:
8678 additionalProperties:
8679 type: string
8680 description: |-
8681 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
8682 map is equivalent to an element of matchExpressions, whose key field is "key", the
8683 operator is "In", and the values array contains only "value". The requirements are ANDed.
8684 type: object
8685 type: object
8686 x-kubernetes-map-type: atomic
8687 matchLabelKeys:
8688 description: |-
8689 MatchLabelKeys is a set of pod label keys to select the pods over which
8690 spreading will be calculated. The keys are used to lookup values from the
8691 incoming pod labels, those key-value labels are ANDed with labelSelector
8692 to select the group of existing pods over which spreading will be calculated
8693 for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
8694 MatchLabelKeys cannot be set when LabelSelector isn't set.
8695 Keys that don't exist in the incoming pod labels will
8696 be ignored. A null or empty list means only match against labelSelector.
8697
8698
8699 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
8700 items:
8701 type: string
8702 type: array
8703 x-kubernetes-list-type: atomic
8704 maxSkew:
8705 description: |-
8706 MaxSkew describes the degree to which pods may be unevenly distributed.
8707 When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
8708 between the number of matching pods in the target topology and the global minimum.
8709 The global minimum is the minimum number of matching pods in an eligible domain
8710 or zero if the number of eligible domains is less than MinDomains.
8711 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
8712 labelSelector spread as 2/2/1:
8713 In this case, the global minimum is 1.
8714 | zone1 | zone2 | zone3 |
8715 | P P | P P | P |
8716 - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
8717 scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
8718 violate MaxSkew(1).
8719 - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
8720 When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
8721 to topologies that satisfy it.
8722 It's a required field. Default value is 1 and 0 is not allowed.
8723 format: int32
8724 type: integer
8725 minDomains:
8726 description: |-
8727 MinDomains indicates a minimum number of eligible domains.
8728 When the number of eligible domains with matching topology keys is less than minDomains,
8729 Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
8730 And when the number of eligible domains with matching topology keys equals or greater than minDomains,
8731 this value has no effect on scheduling.
8732 As a result, when the number of eligible domains is less than minDomains,
8733 scheduler won't schedule more than maxSkew Pods to those domains.
8734 If value is nil, the constraint behaves as if MinDomains is equal to 1.
8735 Valid values are integers greater than 0.
8736 When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
8737
8738
8739 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
8740 labelSelector spread as 2/2/2:
8741 | zone1 | zone2 | zone3 |
8742 | P P | P P | P P |
8743 The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
8744 In this situation, new pod with the same labelSelector cannot be scheduled,
8745 because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
8746 it will violate MaxSkew.
8747 format: int32
8748 type: integer
8749 nodeAffinityPolicy:
8750 description: |-
8751 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
8752 when calculating pod topology spread skew. Options are:
8753 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
8754 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
8755
8756
8757 If this value is nil, the behavior is equivalent to the Honor policy.
8758 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
8759 type: string
8760 nodeTaintsPolicy:
8761 description: |-
8762 NodeTaintsPolicy indicates how we will treat node taints when calculating
8763 pod topology spread skew. Options are:
8764 - Honor: nodes without taints, along with tainted nodes for which the incoming pod
8765 has a toleration, are included.
8766 - Ignore: node taints are ignored. All nodes are included.
8767
8768
8769 If this value is nil, the behavior is equivalent to the Ignore policy.
8770 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
8771 type: string
8772 topologyKey:
8773 description: |-
8774 TopologyKey is the key of node labels. Nodes that have a label with this key
8775 and identical values are considered to be in the same topology.
8776 We consider each <key, value> as a "bucket", and try to put balanced number
8777 of pods into each bucket.
8778 We define a domain as a particular instance of a topology.
8779 Also, we define an eligible domain as a domain whose nodes meet the requirements of
8780 nodeAffinityPolicy and nodeTaintsPolicy.
8781 e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
8782 And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
8783 It's a required field.
8784 type: string
8785 whenUnsatisfiable:
8786 description: |-
8787 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
8788 the spread constraint.
8789 - DoNotSchedule (default) tells the scheduler not to schedule it.
8790 - ScheduleAnyway tells the scheduler to schedule the pod in any location,
8791 but giving higher precedence to topologies that would help reduce the
8792 skew.
8793 A constraint is considered "Unsatisfiable" for an incoming pod
8794 if and only if every possible node assignment for that pod would violate
8795 "MaxSkew" on some topology.
8796 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
8797 labelSelector spread as 3/1/1:
8798 | zone1 | zone2 | zone3 |
8799 | P P P | P | P |
8800 If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
8801 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
8802 MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
8803 won't make it *more* imbalanced.
8804 It's a required field.
8805 type: string
8806 required:
8807 - maxSkew
8808 - topologyKey
8809 - whenUnsatisfiable
8810 type: object
8811 type: array
8812 tracingConfig:
8813 description: |-
8814 EXPERIMENTAL: TracingConfig configures tracing in Prometheus. This is an
8815 experimental feature, it may change in any upcoming release in a
8816 breaking way.
8817 properties:
8818 clientType:
8819 description: Client used to export the traces. Supported values
8820 are `http` or `grpc`.
8821 enum:
8822 - http
8823 - grpc
8824 type: string
8825 compression:
8826 description: Compression key for supported compression types.
8827 The only supported value is `gzip`.
8828 enum:
8829 - gzip
8830 type: string
8831 endpoint:
8832 description: Endpoint to send the traces to. Should be provided
8833 in format <host>:<port>.
8834 minLength: 1
8835 type: string
8836 headers:
8837 additionalProperties:
8838 type: string
8839 description: Key-value pairs to be used as headers associated
8840 with gRPC or HTTP requests.
8841 type: object
8842 insecure:
8843 description: If disabled, the client will use a secure connection.
8844 type: boolean
8845 samplingFraction:
8846 anyOf:
8847 - type: integer
8848 - type: string
8849 description: Sets the probability a given trace will be sampled.
8850 Must be a float from 0 through 1.
8851 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
8852 x-kubernetes-int-or-string: true
8853 timeout:
8854 description: Maximum time the exporter will wait for each batch
8855 export.
8856 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
8857 type: string
8858 tlsConfig:
8859 description: TLS Config to use when sending traces.
8860 properties:
8861 ca:
8862 description: Certificate authority used when verifying server
8863 certificates.
8864 properties:
8865 configMap:
8866 description: ConfigMap containing data to use for the
8867 targets.
8868 properties:
8869 key:
8870 description: The key to select.
8871 type: string
8872 name:
8873 default: ""
8874 description: |-
8875 Name of the referent.
8876 This field is effectively required, but due to backwards compatibility is
8877 allowed to be empty. Instances of this type with an empty value here are
8878 almost certainly wrong.
8879 TODO: Add other useful fields. apiVersion, kind, uid?
8880 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8881 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8882 type: string
8883 optional:
8884 description: Specify whether the ConfigMap or its
8885 key must be defined
8886 type: boolean
8887 required:
8888 - key
8889 type: object
8890 x-kubernetes-map-type: atomic
8891 secret:
8892 description: Secret containing data to use for the targets.
8893 properties:
8894 key:
8895 description: The key of the secret to select from. Must
8896 be a valid secret key.
8897 type: string
8898 name:
8899 default: ""
8900 description: |-
8901 Name of the referent.
8902 This field is effectively required, but due to backwards compatibility is
8903 allowed to be empty. Instances of this type with an empty value here are
8904 almost certainly wrong.
8905 TODO: Add other useful fields. apiVersion, kind, uid?
8906 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8907 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8908 type: string
8909 optional:
8910 description: Specify whether the Secret or its key
8911 must be defined
8912 type: boolean
8913 required:
8914 - key
8915 type: object
8916 x-kubernetes-map-type: atomic
8917 type: object
8918 caFile:
8919 description: Path to the CA cert in the Prometheus container
8920 to use for the targets.
8921 type: string
8922 cert:
8923 description: Client certificate to present when doing client-authentication.
8924 properties:
8925 configMap:
8926 description: ConfigMap containing data to use for the
8927 targets.
8928 properties:
8929 key:
8930 description: The key to select.
8931 type: string
8932 name:
8933 default: ""
8934 description: |-
8935 Name of the referent.
8936 This field is effectively required, but due to backwards compatibility is
8937 allowed to be empty. Instances of this type with an empty value here are
8938 almost certainly wrong.
8939 TODO: Add other useful fields. apiVersion, kind, uid?
8940 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8941 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8942 type: string
8943 optional:
8944 description: Specify whether the ConfigMap or its
8945 key must be defined
8946 type: boolean
8947 required:
8948 - key
8949 type: object
8950 x-kubernetes-map-type: atomic
8951 secret:
8952 description: Secret containing data to use for the targets.
8953 properties:
8954 key:
8955 description: The key of the secret to select from. Must
8956 be a valid secret key.
8957 type: string
8958 name:
8959 default: ""
8960 description: |-
8961 Name of the referent.
8962 This field is effectively required, but due to backwards compatibility is
8963 allowed to be empty. Instances of this type with an empty value here are
8964 almost certainly wrong.
8965 TODO: Add other useful fields. apiVersion, kind, uid?
8966 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8967 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8968 type: string
8969 optional:
8970 description: Specify whether the Secret or its key
8971 must be defined
8972 type: boolean
8973 required:
8974 - key
8975 type: object
8976 x-kubernetes-map-type: atomic
8977 type: object
8978 certFile:
8979 description: Path to the client cert file in the Prometheus
8980 container for the targets.
8981 type: string
8982 insecureSkipVerify:
8983 description: Disable target certificate validation.
8984 type: boolean
8985 keyFile:
8986 description: Path to the client key file in the Prometheus
8987 container for the targets.
8988 type: string
8989 keySecret:
8990 description: Secret containing the client key file for the
8991 targets.
8992 properties:
8993 key:
8994 description: The key of the secret to select from. Must
8995 be a valid secret key.
8996 type: string
8997 name:
8998 default: ""
8999 description: |-
9000 Name of the referent.
9001 This field is effectively required, but due to backwards compatibility is
9002 allowed to be empty. Instances of this type with an empty value here are
9003 almost certainly wrong.
9004 TODO: Add other useful fields. apiVersion, kind, uid?
9005 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9006 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9007 type: string
9008 optional:
9009 description: Specify whether the Secret or its key must
9010 be defined
9011 type: boolean
9012 required:
9013 - key
9014 type: object
9015 x-kubernetes-map-type: atomic
9016 serverName:
9017 description: Used to verify the hostname for the targets.
9018 type: string
9019 type: object
9020 required:
9021 - endpoint
9022 type: object
9023 tsdb:
9024 description: |-
9025 Defines the runtime reloadable configuration of the timeseries database
9026 (TSDB).
9027 properties:
9028 outOfOrderTimeWindow:
9029 description: |-
9030 Configures how old an out-of-order/out-of-bounds sample can be with
9031 respect to the TSDB max time.
9032
9033
9034 An out-of-order/out-of-bounds sample is ingested into the TSDB as long as
9035 the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).
9036
9037
9038 Out of order ingestion is an experimental feature.
9039
9040
9041 It requires Prometheus >= v2.39.0.
9042 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
9043 type: string
9044 type: object
9045 version:
9046 description: |-
9047 Version of Prometheus being deployed. The operator uses this information
9048 to generate the Prometheus StatefulSet + configuration files.
9049
9050
9051 If not specified, the operator assumes the latest upstream version of
9052 Prometheus available at the time when the version of the operator was
9053 released.
9054 type: string
9055 volumeMounts:
9056 description: |-
9057 VolumeMounts allows the configuration of additional VolumeMounts.
9058
9059
9060 VolumeMounts will be appended to other VolumeMounts in the 'prometheus'
9061 container, that are generated as a result of StorageSpec objects.
9062 items:
9063 description: VolumeMount describes a mounting of a Volume within
9064 a container.
9065 properties:
9066 mountPath:
9067 description: |-
9068 Path within the container at which the volume should be mounted. Must
9069 not contain ':'.
9070 type: string
9071 mountPropagation:
9072 description: |-
9073 mountPropagation determines how mounts are propagated from the host
9074 to container and the other way around.
9075 When not set, MountPropagationNone is used.
9076 This field is beta in 1.10.
9077 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
9078 (which defaults to None).
9079 type: string
9080 name:
9081 description: This must match the Name of a Volume.
9082 type: string
9083 readOnly:
9084 description: |-
9085 Mounted read-only if true, read-write otherwise (false or unspecified).
9086 Defaults to false.
9087 type: boolean
9088 recursiveReadOnly:
9089 description: |-
9090 RecursiveReadOnly specifies whether read-only mounts should be handled
9091 recursively.
9092
9093
9094 If ReadOnly is false, this field has no meaning and must be unspecified.
9095
9096
9097 If ReadOnly is true, and this field is set to Disabled, the mount is not made
9098 recursively read-only. If this field is set to IfPossible, the mount is made
9099 recursively read-only, if it is supported by the container runtime. If this
9100 field is set to Enabled, the mount is made recursively read-only if it is
9101 supported by the container runtime, otherwise the pod will not be started and
9102 an error will be generated to indicate the reason.
9103
9104
9105 If this field is set to IfPossible or Enabled, MountPropagation must be set to
9106 None (or be unspecified, which defaults to None).
9107
9108
9109 If this field is not specified, it is treated as an equivalent of Disabled.
9110 type: string
9111 subPath:
9112 description: |-
9113 Path within the volume from which the container's volume should be mounted.
9114 Defaults to "" (volume's root).
9115 type: string
9116 subPathExpr:
9117 description: |-
9118 Expanded path within the volume from which the container's volume should be mounted.
9119 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
9120 Defaults to "" (volume's root).
9121 SubPathExpr and SubPath are mutually exclusive.
9122 type: string
9123 required:
9124 - mountPath
9125 - name
9126 type: object
9127 type: array
9128 volumes:
9129 description: |-
9130 Volumes allows the configuration of additional volumes on the output
9131 StatefulSet definition. Volumes specified will be appended to other
9132 volumes that are generated as a result of StorageSpec objects.
9133 items:
9134 description: Volume represents a named volume in a pod that may
9135 be accessed by any container in the pod.
9136 properties:
9137 awsElasticBlockStore:
9138 description: |-
9139 awsElasticBlockStore represents an AWS Disk resource that is attached to a
9140 kubelet's host machine and then exposed to the pod.
9141 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
9142 properties:
9143 fsType:
9144 description: |-
9145 fsType is the filesystem type of the volume that you want to mount.
9146 Tip: Ensure that the filesystem type is supported by the host operating system.
9147 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9148 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
9149 TODO: how do we prevent errors in the filesystem from compromising the machine
9150 type: string
9151 partition:
9152 description: |-
9153 partition is the partition in the volume that you want to mount.
9154 If omitted, the default is to mount by volume name.
9155 Examples: For volume /dev/sda1, you specify the partition as "1".
9156 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
9157 format: int32
9158 type: integer
9159 readOnly:
9160 description: |-
9161 readOnly value true will force the readOnly setting in VolumeMounts.
9162 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
9163 type: boolean
9164 volumeID:
9165 description: |-
9166 volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
9167 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
9168 type: string
9169 required:
9170 - volumeID
9171 type: object
9172 azureDisk:
9173 description: azureDisk represents an Azure Data Disk mount on
9174 the host and bind mount to the pod.
9175 properties:
9176 cachingMode:
9177 description: 'cachingMode is the Host Caching mode: None,
9178 Read Only, Read Write.'
9179 type: string
9180 diskName:
9181 description: diskName is the Name of the data disk in the
9182 blob storage
9183 type: string
9184 diskURI:
9185 description: diskURI is the URI of data disk in the blob
9186 storage
9187 type: string
9188 fsType:
9189 description: |-
9190 fsType is Filesystem type to mount.
9191 Must be a filesystem type supported by the host operating system.
9192 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9193 type: string
9194 kind:
9195 description: 'kind expected values are Shared: multiple
9196 blob disks per storage account Dedicated: single blob
9197 disk per storage account Managed: azure managed data
9198 disk (only in managed availability set). defaults to shared'
9199 type: string
9200 readOnly:
9201 description: |-
9202 readOnly Defaults to false (read/write). ReadOnly here will force
9203 the ReadOnly setting in VolumeMounts.
9204 type: boolean
9205 required:
9206 - diskName
9207 - diskURI
9208 type: object
9209 azureFile:
9210 description: azureFile represents an Azure File Service mount
9211 on the host and bind mount to the pod.
9212 properties:
9213 readOnly:
9214 description: |-
9215 readOnly defaults to false (read/write). ReadOnly here will force
9216 the ReadOnly setting in VolumeMounts.
9217 type: boolean
9218 secretName:
9219 description: secretName is the name of secret that contains
9220 Azure Storage Account Name and Key
9221 type: string
9222 shareName:
9223 description: shareName is the azure share Name
9224 type: string
9225 required:
9226 - secretName
9227 - shareName
9228 type: object
9229 cephfs:
9230 description: cephFS represents a Ceph FS mount on the host that
9231 shares a pod's lifetime
9232 properties:
9233 monitors:
9234 description: |-
9235 monitors is Required: Monitors is a collection of Ceph monitors
9236 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
9237 items:
9238 type: string
9239 type: array
9240 x-kubernetes-list-type: atomic
9241 path:
9242 description: 'path is Optional: Used as the mounted root,
9243 rather than the full Ceph tree, default is /'
9244 type: string
9245 readOnly:
9246 description: |-
9247 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
9248 the ReadOnly setting in VolumeMounts.
9249 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
9250 type: boolean
9251 secretFile:
9252 description: |-
9253 secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
9254 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
9255 type: string
9256 secretRef:
9257 description: |-
9258 secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
9259 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
9260 properties:
9261 name:
9262 default: ""
9263 description: |-
9264 Name of the referent.
9265 This field is effectively required, but due to backwards compatibility is
9266 allowed to be empty. Instances of this type with an empty value here are
9267 almost certainly wrong.
9268 TODO: Add other useful fields. apiVersion, kind, uid?
9269 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9270 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9271 type: string
9272 type: object
9273 x-kubernetes-map-type: atomic
9274 user:
9275 description: |-
9276 user is optional: User is the rados user name, default is admin
9277 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
9278 type: string
9279 required:
9280 - monitors
9281 type: object
9282 cinder:
9283 description: |-
9284 cinder represents a cinder volume attached and mounted on kubelets host machine.
9285 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
9286 properties:
9287 fsType:
9288 description: |-
9289 fsType is the filesystem type to mount.
9290 Must be a filesystem type supported by the host operating system.
9291 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9292 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
9293 type: string
9294 readOnly:
9295 description: |-
9296 readOnly defaults to false (read/write). ReadOnly here will force
9297 the ReadOnly setting in VolumeMounts.
9298 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
9299 type: boolean
9300 secretRef:
9301 description: |-
9302 secretRef is optional: points to a secret object containing parameters used to connect
9303 to OpenStack.
9304 properties:
9305 name:
9306 default: ""
9307 description: |-
9308 Name of the referent.
9309 This field is effectively required, but due to backwards compatibility is
9310 allowed to be empty. Instances of this type with an empty value here are
9311 almost certainly wrong.
9312 TODO: Add other useful fields. apiVersion, kind, uid?
9313 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9314 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9315 type: string
9316 type: object
9317 x-kubernetes-map-type: atomic
9318 volumeID:
9319 description: |-
9320 volumeID used to identify the volume in cinder.
9321 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
9322 type: string
9323 required:
9324 - volumeID
9325 type: object
9326 configMap:
9327 description: configMap represents a configMap that should populate
9328 this volume
9329 properties:
9330 defaultMode:
9331 description: |-
9332 defaultMode is optional: mode bits used to set permissions on created files by default.
9333 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
9334 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
9335 Defaults to 0644.
9336 Directories within the path are not affected by this setting.
9337 This might be in conflict with other options that affect the file
9338 mode, like fsGroup, and the result can be other mode bits set.
9339 format: int32
9340 type: integer
9341 items:
9342 description: |-
9343 items if unspecified, each key-value pair in the Data field of the referenced
9344 ConfigMap will be projected into the volume as a file whose name is the
9345 key and content is the value. If specified, the listed keys will be
9346 projected into the specified paths, and unlisted keys will not be
9347 present. If a key is specified which is not present in the ConfigMap,
9348 the volume setup will error unless it is marked optional. Paths must be
9349 relative and may not contain the '..' path or start with '..'.
9350 items:
9351 description: Maps a string key to a path within a volume.
9352 properties:
9353 key:
9354 description: key is the key to project.
9355 type: string
9356 mode:
9357 description: |-
9358 mode is Optional: mode bits used to set permissions on this file.
9359 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
9360 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
9361 If not specified, the volume defaultMode will be used.
9362 This might be in conflict with other options that affect the file
9363 mode, like fsGroup, and the result can be other mode bits set.
9364 format: int32
9365 type: integer
9366 path:
9367 description: |-
9368 path is the relative path of the file to map the key to.
9369 May not be an absolute path.
9370 May not contain the path element '..'.
9371 May not start with the string '..'.
9372 type: string
9373 required:
9374 - key
9375 - path
9376 type: object
9377 type: array
9378 x-kubernetes-list-type: atomic
9379 name:
9380 default: ""
9381 description: |-
9382 Name of the referent.
9383 This field is effectively required, but due to backwards compatibility is
9384 allowed to be empty. Instances of this type with an empty value here are
9385 almost certainly wrong.
9386 TODO: Add other useful fields. apiVersion, kind, uid?
9387 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9388 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9389 type: string
9390 optional:
9391 description: optional specify whether the ConfigMap or its
9392 keys must be defined
9393 type: boolean
9394 type: object
9395 x-kubernetes-map-type: atomic
9396 csi:
9397 description: csi (Container Storage Interface) represents ephemeral
9398 storage that is handled by certain external CSI drivers (Beta
9399 feature).
9400 properties:
9401 driver:
9402 description: |-
9403 driver is the name of the CSI driver that handles this volume.
9404 Consult with your admin for the correct name as registered in the cluster.
9405 type: string
9406 fsType:
9407 description: |-
9408 fsType to mount. Ex. "ext4", "xfs", "ntfs".
9409 If not provided, the empty value is passed to the associated CSI driver
9410 which will determine the default filesystem to apply.
9411 type: string
9412 nodePublishSecretRef:
9413 description: |-
9414 nodePublishSecretRef is a reference to the secret object containing
9415 sensitive information to pass to the CSI driver to complete the CSI
9416 NodePublishVolume and NodeUnpublishVolume calls.
9417 This field is optional, and may be empty if no secret is required. If the
9418 secret object contains more than one secret, all secret references are passed.
9419 properties:
9420 name:
9421 default: ""
9422 description: |-
9423 Name of the referent.
9424 This field is effectively required, but due to backwards compatibility is
9425 allowed to be empty. Instances of this type with an empty value here are
9426 almost certainly wrong.
9427 TODO: Add other useful fields. apiVersion, kind, uid?
9428 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9429 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9430 type: string
9431 type: object
9432 x-kubernetes-map-type: atomic
9433 readOnly:
9434 description: |-
9435 readOnly specifies a read-only configuration for the volume.
9436 Defaults to false (read/write).
9437 type: boolean
9438 volumeAttributes:
9439 additionalProperties:
9440 type: string
9441 description: |-
9442 volumeAttributes stores driver-specific properties that are passed to the CSI
9443 driver. Consult your driver's documentation for supported values.
9444 type: object
9445 required:
9446 - driver
9447 type: object
9448 downwardAPI:
9449 description: downwardAPI represents downward API about the pod
9450 that should populate this volume
9451 properties:
9452 defaultMode:
9453 description: |-
9454 Optional: mode bits to use on created files by default. Must be a
9455 Optional: mode bits used to set permissions on created files by default.
9456 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
9457 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
9458 Defaults to 0644.
9459 Directories within the path are not affected by this setting.
9460 This might be in conflict with other options that affect the file
9461 mode, like fsGroup, and the result can be other mode bits set.
9462 format: int32
9463 type: integer
9464 items:
9465 description: Items is a list of downward API volume file
9466 items:
9467 description: DownwardAPIVolumeFile represents information
9468 to create the file containing the pod field
9469 properties:
9470 fieldRef:
9471 description: 'Required: Selects a field of the pod:
9472 only annotations, labels, name, namespace and uid
9473 are supported.'
9474 properties:
9475 apiVersion:
9476 description: Version of the schema the FieldPath
9477 is written in terms of, defaults to "v1".
9478 type: string
9479 fieldPath:
9480 description: Path of the field to select in the
9481 specified API version.
9482 type: string
9483 required:
9484 - fieldPath
9485 type: object
9486 x-kubernetes-map-type: atomic
9487 mode:
9488 description: |-
9489 Optional: mode bits used to set permissions on this file, must be an octal value
9490 between 0000 and 0777 or a decimal value between 0 and 511.
9491 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
9492 If not specified, the volume defaultMode will be used.
9493 This might be in conflict with other options that affect the file
9494 mode, like fsGroup, and the result can be other mode bits set.
9495 format: int32
9496 type: integer
9497 path:
9498 description: 'Required: Path is the relative path
9499 name of the file to be created. Must not be absolute
9500 or contain the ''..'' path. Must be utf-8 encoded.
9501 The first item of the relative path must not start
9502 with ''..'''
9503 type: string
9504 resourceFieldRef:
9505 description: |-
9506 Selects a resource of the container: only resources limits and requests
9507 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
9508 properties:
9509 containerName:
9510 description: 'Container name: required for volumes,
9511 optional for env vars'
9512 type: string
9513 divisor:
9514 anyOf:
9515 - type: integer
9516 - type: string
9517 description: Specifies the output format of the
9518 exposed resources, defaults to "1"
9519 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
9520 x-kubernetes-int-or-string: true
9521 resource:
9522 description: 'Required: resource to select'
9523 type: string
9524 required:
9525 - resource
9526 type: object
9527 x-kubernetes-map-type: atomic
9528 required:
9529 - path
9530 type: object
9531 type: array
9532 x-kubernetes-list-type: atomic
9533 type: object
9534 emptyDir:
9535 description: |-
9536 emptyDir represents a temporary directory that shares a pod's lifetime.
9537 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
9538 properties:
9539 medium:
9540 description: |-
9541 medium represents what type of storage medium should back this directory.
9542 The default is "" which means to use the node's default medium.
9543 Must be an empty string (default) or Memory.
9544 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
9545 type: string
9546 sizeLimit:
9547 anyOf:
9548 - type: integer
9549 - type: string
9550 description: |-
9551 sizeLimit is the total amount of local storage required for this EmptyDir volume.
9552 The size limit is also applicable for memory medium.
9553 The maximum usage on memory medium EmptyDir would be the minimum value between
9554 the SizeLimit specified here and the sum of memory limits of all containers in a pod.
9555 The default is nil which means that the limit is undefined.
9556 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
9557 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
9558 x-kubernetes-int-or-string: true
9559 type: object
9560 ephemeral:
9561 description: |-
9562 ephemeral represents a volume that is handled by a cluster storage driver.
9563 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
9564 and deleted when the pod is removed.
9565
9566
9567 Use this if:
9568 a) the volume is only needed while the pod runs,
9569 b) features of normal volumes like restoring from snapshot or capacity
9570 tracking are needed,
9571 c) the storage driver is specified through a storage class, and
9572 d) the storage driver supports dynamic volume provisioning through
9573 a PersistentVolumeClaim (see EphemeralVolumeSource for more
9574 information on the connection between this volume type
9575 and PersistentVolumeClaim).
9576
9577
9578 Use PersistentVolumeClaim or one of the vendor-specific
9579 APIs for volumes that persist for longer than the lifecycle
9580 of an individual pod.
9581
9582
9583 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
9584 be used that way - see the documentation of the driver for
9585 more information.
9586
9587
9588 A pod can use both types of ephemeral volumes and
9589 persistent volumes at the same time.
9590 properties:
9591 volumeClaimTemplate:
9592 description: |-
9593 Will be used to create a stand-alone PVC to provision the volume.
9594 The pod in which this EphemeralVolumeSource is embedded will be the
9595 owner of the PVC, i.e. the PVC will be deleted together with the
9596 pod. The name of the PVC will be `<pod name>-<volume name>` where
9597 `<volume name>` is the name from the `PodSpec.Volumes` array
9598 entry. Pod validation will reject the pod if the concatenated name
9599 is not valid for a PVC (for example, too long).
9600
9601
9602 An existing PVC with that name that is not owned by the pod
9603 will *not* be used for the pod to avoid using an unrelated
9604 volume by mistake. Starting the pod is then blocked until
9605 the unrelated PVC is removed. If such a pre-created PVC is
9606 meant to be used by the pod, the PVC has to updated with an
9607 owner reference to the pod once the pod exists. Normally
9608 this should not be necessary, but it may be useful when
9609 manually reconstructing a broken cluster.
9610
9611
9612 This field is read-only and no changes will be made by Kubernetes
9613 to the PVC after it has been created.
9614
9615
9616 Required, must not be nil.
9617 properties:
9618 metadata:
9619 description: |-
9620 May contain labels and annotations that will be copied into the PVC
9621 when creating it. No other fields are allowed and will be rejected during
9622 validation.
9623 properties:
9624 annotations:
9625 additionalProperties:
9626 type: string
9627 type: object
9628 finalizers:
9629 items:
9630 type: string
9631 type: array
9632 labels:
9633 additionalProperties:
9634 type: string
9635 type: object
9636 name:
9637 type: string
9638 namespace:
9639 type: string
9640 type: object
9641 spec:
9642 description: |-
9643 The specification for the PersistentVolumeClaim. The entire content is
9644 copied unchanged into the PVC that gets created from this
9645 template. The same fields as in a PersistentVolumeClaim
9646 are also valid here.
9647 properties:
9648 accessModes:
9649 description: |-
9650 accessModes contains the desired access modes the volume should have.
9651 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
9652 items:
9653 type: string
9654 type: array
9655 x-kubernetes-list-type: atomic
9656 dataSource:
9657 description: |-
9658 dataSource field can be used to specify either:
9659 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
9660 * An existing PVC (PersistentVolumeClaim)
9661 If the provisioner or an external controller can support the specified data source,
9662 it will create a new volume based on the contents of the specified data source.
9663 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
9664 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
9665 If the namespace is specified, then dataSourceRef will not be copied to dataSource.
9666 properties:
9667 apiGroup:
9668 description: |-
9669 APIGroup is the group for the resource being referenced.
9670 If APIGroup is not specified, the specified Kind must be in the core API group.
9671 For any other third-party types, APIGroup is required.
9672 type: string
9673 kind:
9674 description: Kind is the type of resource being
9675 referenced
9676 type: string
9677 name:
9678 description: Name is the name of resource being
9679 referenced
9680 type: string
9681 required:
9682 - kind
9683 - name
9684 type: object
9685 x-kubernetes-map-type: atomic
9686 dataSourceRef:
9687 description: |-
9688 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
9689 volume is desired. This may be any object from a non-empty API group (non
9690 core object) or a PersistentVolumeClaim object.
9691 When this field is specified, volume binding will only succeed if the type of
9692 the specified object matches some installed volume populator or dynamic
9693 provisioner.
9694 This field will replace the functionality of the dataSource field and as such
9695 if both fields are non-empty, they must have the same value. For backwards
9696 compatibility, when namespace isn't specified in dataSourceRef,
9697 both fields (dataSource and dataSourceRef) will be set to the same
9698 value automatically if one of them is empty and the other is non-empty.
9699 When namespace is specified in dataSourceRef,
9700 dataSource isn't set to the same value and must be empty.
9701 There are three important differences between dataSource and dataSourceRef:
9702 * While dataSource only allows two specific types of objects, dataSourceRef
9703 allows any non-core object, as well as PersistentVolumeClaim objects.
9704 * While dataSource ignores disallowed values (dropping them), dataSourceRef
9705 preserves all values, and generates an error if a disallowed value is
9706 specified.
9707 * While dataSource only allows local objects, dataSourceRef allows objects
9708 in any namespaces.
9709 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
9710 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
9711 properties:
9712 apiGroup:
9713 description: |-
9714 APIGroup is the group for the resource being referenced.
9715 If APIGroup is not specified, the specified Kind must be in the core API group.
9716 For any other third-party types, APIGroup is required.
9717 type: string
9718 kind:
9719 description: Kind is the type of resource being
9720 referenced
9721 type: string
9722 name:
9723 description: Name is the name of resource being
9724 referenced
9725 type: string
9726 namespace:
9727 description: |-
9728 Namespace is the namespace of resource being referenced
9729 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
9730 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
9731 type: string
9732 required:
9733 - kind
9734 - name
9735 type: object
9736 resources:
9737 description: |-
9738 resources represents the minimum resources the volume should have.
9739 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
9740 that are lower than previous value but must still be higher than capacity recorded in the
9741 status field of the claim.
9742 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
9743 properties:
9744 limits:
9745 additionalProperties:
9746 anyOf:
9747 - type: integer
9748 - type: string
9749 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
9750 x-kubernetes-int-or-string: true
9751 description: |-
9752 Limits describes the maximum amount of compute resources allowed.
9753 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
9754 type: object
9755 requests:
9756 additionalProperties:
9757 anyOf:
9758 - type: integer
9759 - type: string
9760 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
9761 x-kubernetes-int-or-string: true
9762 description: |-
9763 Requests describes the minimum amount of compute resources required.
9764 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
9765 otherwise to an implementation-defined value. Requests cannot exceed Limits.
9766 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
9767 type: object
9768 type: object
9769 selector:
9770 description: selector is a label query over volumes
9771 to consider for binding.
9772 properties:
9773 matchExpressions:
9774 description: matchExpressions is a list of label
9775 selector requirements. The requirements are
9776 ANDed.
9777 items:
9778 description: |-
9779 A label selector requirement is a selector that contains values, a key, and an operator that
9780 relates the key and values.
9781 properties:
9782 key:
9783 description: key is the label key that
9784 the selector applies to.
9785 type: string
9786 operator:
9787 description: |-
9788 operator represents a key's relationship to a set of values.
9789 Valid operators are In, NotIn, Exists and DoesNotExist.
9790 type: string
9791 values:
9792 description: |-
9793 values is an array of string values. If the operator is In or NotIn,
9794 the values array must be non-empty. If the operator is Exists or DoesNotExist,
9795 the values array must be empty. This array is replaced during a strategic
9796 merge patch.
9797 items:
9798 type: string
9799 type: array
9800 x-kubernetes-list-type: atomic
9801 required:
9802 - key
9803 - operator
9804 type: object
9805 type: array
9806 x-kubernetes-list-type: atomic
9807 matchLabels:
9808 additionalProperties:
9809 type: string
9810 description: |-
9811 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
9812 map is equivalent to an element of matchExpressions, whose key field is "key", the
9813 operator is "In", and the values array contains only "value". The requirements are ANDed.
9814 type: object
9815 type: object
9816 x-kubernetes-map-type: atomic
9817 storageClassName:
9818 description: |-
9819 storageClassName is the name of the StorageClass required by the claim.
9820 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
9821 type: string
9822 volumeAttributesClassName:
9823 description: |-
9824 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
9825 If specified, the CSI driver will create or update the volume with the attributes defined
9826 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
9827 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
9828 will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
9829 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
9830 will be set by the persistentvolume controller if it exists.
9831 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
9832 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
9833 exists.
9834 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
9835 (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
9836 type: string
9837 volumeMode:
9838 description: |-
9839 volumeMode defines what type of volume is required by the claim.
9840 Value of Filesystem is implied when not included in claim spec.
9841 type: string
9842 volumeName:
9843 description: volumeName is the binding reference
9844 to the PersistentVolume backing this claim.
9845 type: string
9846 type: object
9847 required:
9848 - spec
9849 type: object
9850 type: object
9851 fc:
9852 description: fc represents a Fibre Channel resource that is
9853 attached to a kubelet's host machine and then exposed to the
9854 pod.
9855 properties:
9856 fsType:
9857 description: |-
9858 fsType is the filesystem type to mount.
9859 Must be a filesystem type supported by the host operating system.
9860 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9861 TODO: how do we prevent errors in the filesystem from compromising the machine
9862 type: string
9863 lun:
9864 description: 'lun is Optional: FC target lun number'
9865 format: int32
9866 type: integer
9867 readOnly:
9868 description: |-
9869 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
9870 the ReadOnly setting in VolumeMounts.
9871 type: boolean
9872 targetWWNs:
9873 description: 'targetWWNs is Optional: FC target worldwide
9874 names (WWNs)'
9875 items:
9876 type: string
9877 type: array
9878 x-kubernetes-list-type: atomic
9879 wwids:
9880 description: |-
9881 wwids Optional: FC volume world wide identifiers (wwids)
9882 Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
9883 items:
9884 type: string
9885 type: array
9886 x-kubernetes-list-type: atomic
9887 type: object
9888 flexVolume:
9889 description: |-
9890 flexVolume represents a generic volume resource that is
9891 provisioned/attached using an exec based plugin.
9892 properties:
9893 driver:
9894 description: driver is the name of the driver to use for
9895 this volume.
9896 type: string
9897 fsType:
9898 description: |-
9899 fsType is the filesystem type to mount.
9900 Must be a filesystem type supported by the host operating system.
9901 Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
9902 type: string
9903 options:
9904 additionalProperties:
9905 type: string
9906 description: 'options is Optional: this field holds extra
9907 command options if any.'
9908 type: object
9909 readOnly:
9910 description: |-
9911 readOnly is Optional: defaults to false (read/write). ReadOnly here will force
9912 the ReadOnly setting in VolumeMounts.
9913 type: boolean
9914 secretRef:
9915 description: |-
9916 secretRef is Optional: secretRef is reference to the secret object containing
9917 sensitive information to pass to the plugin scripts. This may be
9918 empty if no secret object is specified. If the secret object
9919 contains more than one secret, all secrets are passed to the plugin
9920 scripts.
9921 properties:
9922 name:
9923 default: ""
9924 description: |-
9925 Name of the referent.
9926 This field is effectively required, but due to backwards compatibility is
9927 allowed to be empty. Instances of this type with an empty value here are
9928 almost certainly wrong.
9929 TODO: Add other useful fields. apiVersion, kind, uid?
9930 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9931 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9932 type: string
9933 type: object
9934 x-kubernetes-map-type: atomic
9935 required:
9936 - driver
9937 type: object
9938 flocker:
9939 description: flocker represents a Flocker volume attached to
9940 a kubelet's host machine. This depends on the Flocker control
9941 service being running
9942 properties:
9943 datasetName:
9944 description: |-
9945 datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
9946 should be considered as deprecated
9947 type: string
9948 datasetUUID:
9949 description: datasetUUID is the UUID of the dataset. This
9950 is unique identifier of a Flocker dataset
9951 type: string
9952 type: object
9953 gcePersistentDisk:
9954 description: |-
9955 gcePersistentDisk represents a GCE Disk resource that is attached to a
9956 kubelet's host machine and then exposed to the pod.
9957 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9958 properties:
9959 fsType:
9960 description: |-
9961 fsType is filesystem type of the volume that you want to mount.
9962 Tip: Ensure that the filesystem type is supported by the host operating system.
9963 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9964 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9965 TODO: how do we prevent errors in the filesystem from compromising the machine
9966 type: string
9967 partition:
9968 description: |-
9969 partition is the partition in the volume that you want to mount.
9970 If omitted, the default is to mount by volume name.
9971 Examples: For volume /dev/sda1, you specify the partition as "1".
9972 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
9973 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9974 format: int32
9975 type: integer
9976 pdName:
9977 description: |-
9978 pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
9979 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9980 type: string
9981 readOnly:
9982 description: |-
9983 readOnly here will force the ReadOnly setting in VolumeMounts.
9984 Defaults to false.
9985 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9986 type: boolean
9987 required:
9988 - pdName
9989 type: object
9990 gitRepo:
9991 description: |-
9992 gitRepo represents a git repository at a particular revision.
9993 DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
9994 EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
9995 into the Pod's container.
9996 properties:
9997 directory:
9998 description: |-
9999 directory is the target directory name.
10000 Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
10001 git repository. Otherwise, if specified, the volume will contain the git repository in
10002 the subdirectory with the given name.
10003 type: string
10004 repository:
10005 description: repository is the URL
10006 type: string
10007 revision:
10008 description: revision is the commit hash for the specified
10009 revision.
10010 type: string
10011 required:
10012 - repository
10013 type: object
10014 glusterfs:
10015 description: |-
10016 glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
10017 More info: https://examples.k8s.io/volumes/glusterfs/README.md
10018 properties:
10019 endpoints:
10020 description: |-
10021 endpoints is the endpoint name that details Glusterfs topology.
10022 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
10023 type: string
10024 path:
10025 description: |-
10026 path is the Glusterfs volume path.
10027 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
10028 type: string
10029 readOnly:
10030 description: |-
10031 readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
10032 Defaults to false.
10033 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
10034 type: boolean
10035 required:
10036 - endpoints
10037 - path
10038 type: object
10039 hostPath:
10040 description: |-
10041 hostPath represents a pre-existing file or directory on the host
10042 machine that is directly exposed to the container. This is generally
10043 used for system agents or other privileged things that are allowed
10044 to see the host machine. Most containers will NOT need this.
10045 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
10046 ---
10047 TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
10048 mount host directories as read/write.
10049 properties:
10050 path:
10051 description: |-
10052 path of the directory on the host.
10053 If the path is a symlink, it will follow the link to the real path.
10054 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
10055 type: string
10056 type:
10057 description: |-
10058 type for HostPath Volume
10059 Defaults to ""
10060 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
10061 type: string
10062 required:
10063 - path
10064 type: object
10065 iscsi:
10066 description: |-
10067 iscsi represents an ISCSI Disk resource that is attached to a
10068 kubelet's host machine and then exposed to the pod.
10069 More info: https://examples.k8s.io/volumes/iscsi/README.md
10070 properties:
10071 chapAuthDiscovery:
10072 description: chapAuthDiscovery defines whether support iSCSI
10073 Discovery CHAP authentication
10074 type: boolean
10075 chapAuthSession:
10076 description: chapAuthSession defines whether support iSCSI
10077 Session CHAP authentication
10078 type: boolean
10079 fsType:
10080 description: |-
10081 fsType is the filesystem type of the volume that you want to mount.
10082 Tip: Ensure that the filesystem type is supported by the host operating system.
10083 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
10084 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
10085 TODO: how do we prevent errors in the filesystem from compromising the machine
10086 type: string
10087 initiatorName:
10088 description: |-
10089 initiatorName is the custom iSCSI Initiator Name.
10090 If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
10091 <target portal>:<volume name> will be created for the connection.
10092 type: string
10093 iqn:
10094 description: iqn is the target iSCSI Qualified Name.
10095 type: string
10096 iscsiInterface:
10097 description: |-
10098 iscsiInterface is the interface Name that uses an iSCSI transport.
10099 Defaults to 'default' (tcp).
10100 type: string
10101 lun:
10102 description: lun represents iSCSI Target Lun number.
10103 format: int32
10104 type: integer
10105 portals:
10106 description: |-
10107 portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
10108 is other than default (typically TCP ports 860 and 3260).
10109 items:
10110 type: string
10111 type: array
10112 x-kubernetes-list-type: atomic
10113 readOnly:
10114 description: |-
10115 readOnly here will force the ReadOnly setting in VolumeMounts.
10116 Defaults to false.
10117 type: boolean
10118 secretRef:
10119 description: secretRef is the CHAP Secret for iSCSI target
10120 and initiator authentication
10121 properties:
10122 name:
10123 default: ""
10124 description: |-
10125 Name of the referent.
10126 This field is effectively required, but due to backwards compatibility is
10127 allowed to be empty. Instances of this type with an empty value here are
10128 almost certainly wrong.
10129 TODO: Add other useful fields. apiVersion, kind, uid?
10130 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
10131 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
10132 type: string
10133 type: object
10134 x-kubernetes-map-type: atomic
10135 targetPortal:
10136 description: |-
10137 targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
10138 is other than default (typically TCP ports 860 and 3260).
10139 type: string
10140 required:
10141 - iqn
10142 - lun
10143 - targetPortal
10144 type: object
10145 name:
10146 description: |-
10147 name of the volume.
10148 Must be a DNS_LABEL and unique within the pod.
10149 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
10150 type: string
10151 nfs:
10152 description: |-
10153 nfs represents an NFS mount on the host that shares a pod's lifetime
10154 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
10155 properties:
10156 path:
10157 description: |-
10158 path that is exported by the NFS server.
10159 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
10160 type: string
10161 readOnly:
10162 description: |-
10163 readOnly here will force the NFS export to be mounted with read-only permissions.
10164 Defaults to false.
10165 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
10166 type: boolean
10167 server:
10168 description: |-
10169 server is the hostname or IP address of the NFS server.
10170 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
10171 type: string
10172 required:
10173 - path
10174 - server
10175 type: object
10176 persistentVolumeClaim:
10177 description: |-
10178 persistentVolumeClaimVolumeSource represents a reference to a
10179 PersistentVolumeClaim in the same namespace.
10180 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
10181 properties:
10182 claimName:
10183 description: |-
10184 claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
10185 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
10186 type: string
10187 readOnly:
10188 description: |-
10189 readOnly Will force the ReadOnly setting in VolumeMounts.
10190 Default false.
10191 type: boolean
10192 required:
10193 - claimName
10194 type: object
10195 photonPersistentDisk:
10196 description: photonPersistentDisk represents a PhotonController
10197 persistent disk attached and mounted on kubelets host machine
10198 properties:
10199 fsType:
10200 description: |-
10201 fsType is the filesystem type to mount.
10202 Must be a filesystem type supported by the host operating system.
10203 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
10204 type: string
10205 pdID:
10206 description: pdID is the ID that identifies Photon Controller
10207 persistent disk
10208 type: string
10209 required:
10210 - pdID
10211 type: object
10212 portworxVolume:
10213 description: portworxVolume represents a portworx volume attached
10214 and mounted on kubelets host machine
10215 properties:
10216 fsType:
10217 description: |-
10218 fSType represents the filesystem type to mount
10219 Must be a filesystem type supported by the host operating system.
10220 Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
10221 type: string
10222 readOnly:
10223 description: |-
10224 readOnly defaults to false (read/write). ReadOnly here will force
10225 the ReadOnly setting in VolumeMounts.
10226 type: boolean
10227 volumeID:
10228 description: volumeID uniquely identifies a Portworx volume
10229 type: string
10230 required:
10231 - volumeID
10232 type: object
10233 projected:
10234 description: projected items for all in one resources secrets,
10235 configmaps, and downward API
10236 properties:
10237 defaultMode:
10238 description: |-
10239 defaultMode are the mode bits used to set permissions on created files by default.
10240 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
10241 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
10242 Directories within the path are not affected by this setting.
10243 This might be in conflict with other options that affect the file
10244 mode, like fsGroup, and the result can be other mode bits set.
10245 format: int32
10246 type: integer
10247 sources:
10248 description: sources is the list of volume projections
10249 items:
10250 description: Projection that may be projected along with
10251 other supported volume types
10252 properties:
10253 clusterTrustBundle:
10254 description: |-
10255 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
10256 of ClusterTrustBundle objects in an auto-updating file.
10257
10258
10259 Alpha, gated by the ClusterTrustBundleProjection feature gate.
10260
10261
10262 ClusterTrustBundle objects can either be selected by name, or by the
10263 combination of signer name and a label selector.
10264
10265
10266 Kubelet performs aggressive normalization of the PEM contents written
10267 into the pod filesystem. Esoteric PEM features such as inter-block
10268 comments and block headers are stripped. Certificates are deduplicated.
10269 The ordering of certificates within the file is arbitrary, and Kubelet
10270 may change the order over time.
10271 properties:
10272 labelSelector:
10273 description: |-
10274 Select all ClusterTrustBundles that match this label selector. Only has
10275 effect if signerName is set. Mutually-exclusive with name. If unset,
10276 interpreted as "match nothing". If set but empty, interpreted as "match
10277 everything".
10278 properties:
10279 matchExpressions:
10280 description: matchExpressions is a list of
10281 label selector requirements. The requirements
10282 are ANDed.
10283 items:
10284 description: |-
10285 A label selector requirement is a selector that contains values, a key, and an operator that
10286 relates the key and values.
10287 properties:
10288 key:
10289 description: key is the label key that
10290 the selector applies to.
10291 type: string
10292 operator:
10293 description: |-
10294 operator represents a key's relationship to a set of values.
10295 Valid operators are In, NotIn, Exists and DoesNotExist.
10296 type: string
10297 values:
10298 description: |-
10299 values is an array of string values. If the operator is In or NotIn,
10300 the values array must be non-empty. If the operator is Exists or DoesNotExist,
10301 the values array must be empty. This array is replaced during a strategic
10302 merge patch.
10303 items:
10304 type: string
10305 type: array
10306 x-kubernetes-list-type: atomic
10307 required:
10308 - key
10309 - operator
10310 type: object
10311 type: array
10312 x-kubernetes-list-type: atomic
10313 matchLabels:
10314 additionalProperties:
10315 type: string
10316 description: |-
10317 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
10318 map is equivalent to an element of matchExpressions, whose key field is "key", the
10319 operator is "In", and the values array contains only "value". The requirements are ANDed.
10320 type: object
10321 type: object
10322 x-kubernetes-map-type: atomic
10323 name:
10324 description: |-
10325 Select a single ClusterTrustBundle by object name. Mutually-exclusive
10326 with signerName and labelSelector.
10327 type: string
10328 optional:
10329 description: |-
10330 If true, don't block pod startup if the referenced ClusterTrustBundle(s)
10331 aren't available. If using name, then the named ClusterTrustBundle is
10332 allowed not to exist. If using signerName, then the combination of
10333 signerName and labelSelector is allowed to match zero
10334 ClusterTrustBundles.
10335 type: boolean
10336 path:
10337 description: Relative path from the volume root
10338 to write the bundle.
10339 type: string
10340 signerName:
10341 description: |-
10342 Select all ClusterTrustBundles that match this signer name.
10343 Mutually-exclusive with name. The contents of all selected
10344 ClusterTrustBundles will be unified and deduplicated.
10345 type: string
10346 required:
10347 - path
10348 type: object
10349 configMap:
10350 description: configMap information about the configMap
10351 data to project
10352 properties:
10353 items:
10354 description: |-
10355 items if unspecified, each key-value pair in the Data field of the referenced
10356 ConfigMap will be projected into the volume as a file whose name is the
10357 key and content is the value. If specified, the listed keys will be
10358 projected into the specified paths, and unlisted keys will not be
10359 present. If a key is specified which is not present in the ConfigMap,
10360 the volume setup will error unless it is marked optional. Paths must be
10361 relative and may not contain the '..' path or start with '..'.
10362 items:
10363 description: Maps a string key to a path within
10364 a volume.
10365 properties:
10366 key:
10367 description: key is the key to project.
10368 type: string
10369 mode:
10370 description: |-
10371 mode is Optional: mode bits used to set permissions on this file.
10372 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
10373 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
10374 If not specified, the volume defaultMode will be used.
10375 This might be in conflict with other options that affect the file
10376 mode, like fsGroup, and the result can be other mode bits set.
10377 format: int32
10378 type: integer
10379 path:
10380 description: |-
10381 path is the relative path of the file to map the key to.
10382 May not be an absolute path.
10383 May not contain the path element '..'.
10384 May not start with the string '..'.
10385 type: string
10386 required:
10387 - key
10388 - path
10389 type: object
10390 type: array
10391 x-kubernetes-list-type: atomic
10392 name:
10393 default: ""
10394 description: |-
10395 Name of the referent.
10396 This field is effectively required, but due to backwards compatibility is
10397 allowed to be empty. Instances of this type with an empty value here are
10398 almost certainly wrong.
10399 TODO: Add other useful fields. apiVersion, kind, uid?
10400 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
10401 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
10402 type: string
10403 optional:
10404 description: optional specify whether the ConfigMap
10405 or its keys must be defined
10406 type: boolean
10407 type: object
10408 x-kubernetes-map-type: atomic
10409 downwardAPI:
10410 description: downwardAPI information about the downwardAPI
10411 data to project
10412 properties:
10413 items:
10414 description: Items is a list of DownwardAPIVolume
10415 file
10416 items:
10417 description: DownwardAPIVolumeFile represents
10418 information to create the file containing
10419 the pod field
10420 properties:
10421 fieldRef:
10422 description: 'Required: Selects a field
10423 of the pod: only annotations, labels,
10424 name, namespace and uid are supported.'
10425 properties:
10426 apiVersion:
10427 description: Version of the schema the
10428 FieldPath is written in terms of,
10429 defaults to "v1".
10430 type: string
10431 fieldPath:
10432 description: Path of the field to select
10433 in the specified API version.
10434 type: string
10435 required:
10436 - fieldPath
10437 type: object
10438 x-kubernetes-map-type: atomic
10439 mode:
10440 description: |-
10441 Optional: mode bits used to set permissions on this file, must be an octal value
10442 between 0000 and 0777 or a decimal value between 0 and 511.
10443 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
10444 If not specified, the volume defaultMode will be used.
10445 This might be in conflict with other options that affect the file
10446 mode, like fsGroup, and the result can be other mode bits set.
10447 format: int32
10448 type: integer
10449 path:
10450 description: 'Required: Path is the relative
10451 path name of the file to be created. Must
10452 not be absolute or contain the ''..''
10453 path. Must be utf-8 encoded. The first
10454 item of the relative path must not start
10455 with ''..'''
10456 type: string
10457 resourceFieldRef:
10458 description: |-
10459 Selects a resource of the container: only resources limits and requests
10460 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
10461 properties:
10462 containerName:
10463 description: 'Container name: required
10464 for volumes, optional for env vars'
10465 type: string
10466 divisor:
10467 anyOf:
10468 - type: integer
10469 - type: string
10470 description: Specifies the output format
10471 of the exposed resources, defaults
10472 to "1"
10473 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
10474 x-kubernetes-int-or-string: true
10475 resource:
10476 description: 'Required: resource to
10477 select'
10478 type: string
10479 required:
10480 - resource
10481 type: object
10482 x-kubernetes-map-type: atomic
10483 required:
10484 - path
10485 type: object
10486 type: array
10487 x-kubernetes-list-type: atomic
10488 type: object
10489 secret:
10490 description: secret information about the secret data
10491 to project
10492 properties:
10493 items:
10494 description: |-
10495 items if unspecified, each key-value pair in the Data field of the referenced
10496 Secret will be projected into the volume as a file whose name is the
10497 key and content is the value. If specified, the listed keys will be
10498 projected into the specified paths, and unlisted keys will not be
10499 present. If a key is specified which is not present in the Secret,
10500 the volume setup will error unless it is marked optional. Paths must be
10501 relative and may not contain the '..' path or start with '..'.
10502 items:
10503 description: Maps a string key to a path within
10504 a volume.
10505 properties:
10506 key:
10507 description: key is the key to project.
10508 type: string
10509 mode:
10510 description: |-
10511 mode is Optional: mode bits used to set permissions on this file.
10512 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
10513 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
10514 If not specified, the volume defaultMode will be used.
10515 This might be in conflict with other options that affect the file
10516 mode, like fsGroup, and the result can be other mode bits set.
10517 format: int32
10518 type: integer
10519 path:
10520 description: |-
10521 path is the relative path of the file to map the key to.
10522 May not be an absolute path.
10523 May not contain the path element '..'.
10524 May not start with the string '..'.
10525 type: string
10526 required:
10527 - key
10528 - path
10529 type: object
10530 type: array
10531 x-kubernetes-list-type: atomic
10532 name:
10533 default: ""
10534 description: |-
10535 Name of the referent.
10536 This field is effectively required, but due to backwards compatibility is
10537 allowed to be empty. Instances of this type with an empty value here are
10538 almost certainly wrong.
10539 TODO: Add other useful fields. apiVersion, kind, uid?
10540 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
10541 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
10542 type: string
10543 optional:
10544 description: optional field specify whether the
10545 Secret or its key must be defined
10546 type: boolean
10547 type: object
10548 x-kubernetes-map-type: atomic
10549 serviceAccountToken:
10550 description: serviceAccountToken is information about
10551 the serviceAccountToken data to project
10552 properties:
10553 audience:
10554 description: |-
10555 audience is the intended audience of the token. A recipient of a token
10556 must identify itself with an identifier specified in the audience of the
10557 token, and otherwise should reject the token. The audience defaults to the
10558 identifier of the apiserver.
10559 type: string
10560 expirationSeconds:
10561 description: |-
10562 expirationSeconds is the requested duration of validity of the service
10563 account token. As the token approaches expiration, the kubelet volume
10564 plugin will proactively rotate the service account token. The kubelet will
10565 start trying to rotate the token if the token is older than 80 percent of
10566 its time to live or if the token is older than 24 hours.Defaults to 1 hour
10567 and must be at least 10 minutes.
10568 format: int64
10569 type: integer
10570 path:
10571 description: |-
10572 path is the path relative to the mount point of the file to project the
10573 token into.
10574 type: string
10575 required:
10576 - path
10577 type: object
10578 type: object
10579 type: array
10580 x-kubernetes-list-type: atomic
10581 type: object
10582 quobyte:
10583 description: quobyte represents a Quobyte mount on the host
10584 that shares a pod's lifetime
10585 properties:
10586 group:
10587 description: |-
10588 group to map volume access to
10589 Default is no group
10590 type: string
10591 readOnly:
10592 description: |-
10593 readOnly here will force the Quobyte volume to be mounted with read-only permissions.
10594 Defaults to false.
10595 type: boolean
10596 registry:
10597 description: |-
10598 registry represents a single or multiple Quobyte Registry services
10599 specified as a string as host:port pair (multiple entries are separated with commas)
10600 which acts as the central registry for volumes
10601 type: string
10602 tenant:
10603 description: |-
10604 tenant owning the given Quobyte volume in the Backend
10605 Used with dynamically provisioned Quobyte volumes, value is set by the plugin
10606 type: string
10607 user:
10608 description: |-
10609 user to map volume access to
10610 Defaults to serivceaccount user
10611 type: string
10612 volume:
10613 description: volume is a string that references an already
10614 created Quobyte volume by name.
10615 type: string
10616 required:
10617 - registry
10618 - volume
10619 type: object
10620 rbd:
10621 description: |-
10622 rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
10623 More info: https://examples.k8s.io/volumes/rbd/README.md
10624 properties:
10625 fsType:
10626 description: |-
10627 fsType is the filesystem type of the volume that you want to mount.
10628 Tip: Ensure that the filesystem type is supported by the host operating system.
10629 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
10630 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
10631 TODO: how do we prevent errors in the filesystem from compromising the machine
10632 type: string
10633 image:
10634 description: |-
10635 image is the rados image name.
10636 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
10637 type: string
10638 keyring:
10639 description: |-
10640 keyring is the path to key ring for RBDUser.
10641 Default is /etc/ceph/keyring.
10642 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
10643 type: string
10644 monitors:
10645 description: |-
10646 monitors is a collection of Ceph monitors.
10647 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
10648 items:
10649 type: string
10650 type: array
10651 x-kubernetes-list-type: atomic
10652 pool:
10653 description: |-
10654 pool is the rados pool name.
10655 Default is rbd.
10656 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
10657 type: string
10658 readOnly:
10659 description: |-
10660 readOnly here will force the ReadOnly setting in VolumeMounts.
10661 Defaults to false.
10662 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
10663 type: boolean
10664 secretRef:
10665 description: |-
10666 secretRef is name of the authentication secret for RBDUser. If provided
10667 overrides keyring.
10668 Default is nil.
10669 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
10670 properties:
10671 name:
10672 default: ""
10673 description: |-
10674 Name of the referent.
10675 This field is effectively required, but due to backwards compatibility is
10676 allowed to be empty. Instances of this type with an empty value here are
10677 almost certainly wrong.
10678 TODO: Add other useful fields. apiVersion, kind, uid?
10679 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
10680 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
10681 type: string
10682 type: object
10683 x-kubernetes-map-type: atomic
10684 user:
10685 description: |-
10686 user is the rados user name.
10687 Default is admin.
10688 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
10689 type: string
10690 required:
10691 - image
10692 - monitors
10693 type: object
10694 scaleIO:
10695 description: scaleIO represents a ScaleIO persistent volume
10696 attached and mounted on Kubernetes nodes.
10697 properties:
10698 fsType:
10699 description: |-
10700 fsType is the filesystem type to mount.
10701 Must be a filesystem type supported by the host operating system.
10702 Ex. "ext4", "xfs", "ntfs".
10703 Default is "xfs".
10704 type: string
10705 gateway:
10706 description: gateway is the host address of the ScaleIO
10707 API Gateway.
10708 type: string
10709 protectionDomain:
10710 description: protectionDomain is the name of the ScaleIO
10711 Protection Domain for the configured storage.
10712 type: string
10713 readOnly:
10714 description: |-
10715 readOnly Defaults to false (read/write). ReadOnly here will force
10716 the ReadOnly setting in VolumeMounts.
10717 type: boolean
10718 secretRef:
10719 description: |-
10720 secretRef references to the secret for ScaleIO user and other
10721 sensitive information. If this is not provided, Login operation will fail.
10722 properties:
10723 name:
10724 default: ""
10725 description: |-
10726 Name of the referent.
10727 This field is effectively required, but due to backwards compatibility is
10728 allowed to be empty. Instances of this type with an empty value here are
10729 almost certainly wrong.
10730 TODO: Add other useful fields. apiVersion, kind, uid?
10731 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
10732 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
10733 type: string
10734 type: object
10735 x-kubernetes-map-type: atomic
10736 sslEnabled:
10737 description: sslEnabled Flag enable/disable SSL communication
10738 with Gateway, default false
10739 type: boolean
10740 storageMode:
10741 description: |-
10742 storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
10743 Default is ThinProvisioned.
10744 type: string
10745 storagePool:
10746 description: storagePool is the ScaleIO Storage Pool associated
10747 with the protection domain.
10748 type: string
10749 system:
10750 description: system is the name of the storage system as
10751 configured in ScaleIO.
10752 type: string
10753 volumeName:
10754 description: |-
10755 volumeName is the name of a volume already created in the ScaleIO system
10756 that is associated with this volume source.
10757 type: string
10758 required:
10759 - gateway
10760 - secretRef
10761 - system
10762 type: object
10763 secret:
10764 description: |-
10765 secret represents a secret that should populate this volume.
10766 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
10767 properties:
10768 defaultMode:
10769 description: |-
10770 defaultMode is Optional: mode bits used to set permissions on created files by default.
10771 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
10772 YAML accepts both octal and decimal values, JSON requires decimal values
10773 for mode bits. Defaults to 0644.
10774 Directories within the path are not affected by this setting.
10775 This might be in conflict with other options that affect the file
10776 mode, like fsGroup, and the result can be other mode bits set.
10777 format: int32
10778 type: integer
10779 items:
10780 description: |-
10781 items If unspecified, each key-value pair in the Data field of the referenced
10782 Secret will be projected into the volume as a file whose name is the
10783 key and content is the value. If specified, the listed keys will be
10784 projected into the specified paths, and unlisted keys will not be
10785 present. If a key is specified which is not present in the Secret,
10786 the volume setup will error unless it is marked optional. Paths must be
10787 relative and may not contain the '..' path or start with '..'.
10788 items:
10789 description: Maps a string key to a path within a volume.
10790 properties:
10791 key:
10792 description: key is the key to project.
10793 type: string
10794 mode:
10795 description: |-
10796 mode is Optional: mode bits used to set permissions on this file.
10797 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
10798 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
10799 If not specified, the volume defaultMode will be used.
10800 This might be in conflict with other options that affect the file
10801 mode, like fsGroup, and the result can be other mode bits set.
10802 format: int32
10803 type: integer
10804 path:
10805 description: |-
10806 path is the relative path of the file to map the key to.
10807 May not be an absolute path.
10808 May not contain the path element '..'.
10809 May not start with the string '..'.
10810 type: string
10811 required:
10812 - key
10813 - path
10814 type: object
10815 type: array
10816 x-kubernetes-list-type: atomic
10817 optional:
10818 description: optional field specify whether the Secret or
10819 its keys must be defined
10820 type: boolean
10821 secretName:
10822 description: |-
10823 secretName is the name of the secret in the pod's namespace to use.
10824 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
10825 type: string
10826 type: object
10827 storageos:
10828 description: storageOS represents a StorageOS volume attached
10829 and mounted on Kubernetes nodes.
10830 properties:
10831 fsType:
10832 description: |-
10833 fsType is the filesystem type to mount.
10834 Must be a filesystem type supported by the host operating system.
10835 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
10836 type: string
10837 readOnly:
10838 description: |-
10839 readOnly defaults to false (read/write). ReadOnly here will force
10840 the ReadOnly setting in VolumeMounts.
10841 type: boolean
10842 secretRef:
10843 description: |-
10844 secretRef specifies the secret to use for obtaining the StorageOS API
10845 credentials. If not specified, default values will be attempted.
10846 properties:
10847 name:
10848 default: ""
10849 description: |-
10850 Name of the referent.
10851 This field is effectively required, but due to backwards compatibility is
10852 allowed to be empty. Instances of this type with an empty value here are
10853 almost certainly wrong.
10854 TODO: Add other useful fields. apiVersion, kind, uid?
10855 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
10856 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
10857 type: string
10858 type: object
10859 x-kubernetes-map-type: atomic
10860 volumeName:
10861 description: |-
10862 volumeName is the human-readable name of the StorageOS volume. Volume
10863 names are only unique within a namespace.
10864 type: string
10865 volumeNamespace:
10866 description: |-
10867 volumeNamespace specifies the scope of the volume within StorageOS. If no
10868 namespace is specified then the Pod's namespace will be used. This allows the
10869 Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
10870 Set VolumeName to any name to override the default behaviour.
10871 Set to "default" if you are not using namespaces within StorageOS.
10872 Namespaces that do not pre-exist within StorageOS will be created.
10873 type: string
10874 type: object
10875 vsphereVolume:
10876 description: vsphereVolume represents a vSphere volume attached
10877 and mounted on kubelets host machine
10878 properties:
10879 fsType:
10880 description: |-
10881 fsType is filesystem type to mount.
10882 Must be a filesystem type supported by the host operating system.
10883 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
10884 type: string
10885 storagePolicyID:
10886 description: storagePolicyID is the storage Policy Based
10887 Management (SPBM) profile ID associated with the StoragePolicyName.
10888 type: string
10889 storagePolicyName:
10890 description: storagePolicyName is the storage Policy Based
10891 Management (SPBM) profile name.
10892 type: string
10893 volumePath:
10894 description: volumePath is the path that identifies vSphere
10895 volume vmdk
10896 type: string
10897 required:
10898 - volumePath
10899 type: object
10900 required:
10901 - name
10902 type: object
10903 type: array
10904 walCompression:
10905 description: |-
10906 Configures compression of the write-ahead log (WAL) using Snappy.
10907
10908
10909 WAL compression is enabled by default for Prometheus >= 2.20.0
10910
10911
10912 Requires Prometheus v2.11.0 and above.
10913 type: boolean
10914 web:
10915 description: Defines the configuration of the Prometheus web server.
10916 properties:
10917 httpConfig:
10918 description: Defines HTTP parameters for web server.
10919 properties:
10920 headers:
10921 description: List of headers that can be added to HTTP responses.
10922 properties:
10923 contentSecurityPolicy:
10924 description: |-
10925 Set the Content-Security-Policy header to HTTP responses.
10926 Unset if blank.
10927 type: string
10928 strictTransportSecurity:
10929 description: |-
10930 Set the Strict-Transport-Security header to HTTP responses.
10931 Unset if blank.
10932 Please make sure that you use this with care as this header might force
10933 browsers to load Prometheus and the other applications hosted on the same
10934 domain and subdomains over HTTPS.
10935 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
10936 type: string
10937 xContentTypeOptions:
10938 description: |-
10939 Set the X-Content-Type-Options header to HTTP responses.
10940 Unset if blank. Accepted value is nosniff.
10941 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
10942 enum:
10943 - ""
10944 - NoSniff
10945 type: string
10946 xFrameOptions:
10947 description: |-
10948 Set the X-Frame-Options header to HTTP responses.
10949 Unset if blank. Accepted values are deny and sameorigin.
10950 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
10951 enum:
10952 - ""
10953 - Deny
10954 - SameOrigin
10955 type: string
10956 xXSSProtection:
10957 description: |-
10958 Set the X-XSS-Protection header to all responses.
10959 Unset if blank.
10960 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
10961 type: string
10962 type: object
10963 http2:
10964 description: |-
10965 Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.
10966 When TLSConfig is not configured, HTTP/2 will be disabled.
10967 Whenever the value of the field changes, a rolling update will be triggered.
10968 type: boolean
10969 type: object
10970 maxConnections:
10971 description: |-
10972 Defines the maximum number of simultaneous connections
10973 A zero value means that Prometheus doesn't accept any incoming connection.
10974 format: int32
10975 minimum: 0
10976 type: integer
10977 pageTitle:
10978 description: The prometheus web page title.
10979 type: string
10980 tlsConfig:
10981 description: Defines the TLS parameters for HTTPS.
10982 properties:
10983 cert:
10984 description: Contains the TLS certificate for the server.
10985 properties:
10986 configMap:
10987 description: ConfigMap containing data to use for the
10988 targets.
10989 properties:
10990 key:
10991 description: The key to select.
10992 type: string
10993 name:
10994 default: ""
10995 description: |-
10996 Name of the referent.
10997 This field is effectively required, but due to backwards compatibility is
10998 allowed to be empty. Instances of this type with an empty value here are
10999 almost certainly wrong.
11000 TODO: Add other useful fields. apiVersion, kind, uid?
11001 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
11002 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
11003 type: string
11004 optional:
11005 description: Specify whether the ConfigMap or its
11006 key must be defined
11007 type: boolean
11008 required:
11009 - key
11010 type: object
11011 x-kubernetes-map-type: atomic
11012 secret:
11013 description: Secret containing data to use for the targets.
11014 properties:
11015 key:
11016 description: The key of the secret to select from. Must
11017 be a valid secret key.
11018 type: string
11019 name:
11020 default: ""
11021 description: |-
11022 Name of the referent.
11023 This field is effectively required, but due to backwards compatibility is
11024 allowed to be empty. Instances of this type with an empty value here are
11025 almost certainly wrong.
11026 TODO: Add other useful fields. apiVersion, kind, uid?
11027 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
11028 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
11029 type: string
11030 optional:
11031 description: Specify whether the Secret or its key
11032 must be defined
11033 type: boolean
11034 required:
11035 - key
11036 type: object
11037 x-kubernetes-map-type: atomic
11038 type: object
11039 cipherSuites:
11040 description: |-
11041 List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
11042 Go default cipher suites are used. Available cipher suites are documented
11043 in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants
11044 items:
11045 type: string
11046 type: array
11047 client_ca:
11048 description: Contains the CA certificate for client certificate
11049 authentication to the server.
11050 properties:
11051 configMap:
11052 description: ConfigMap containing data to use for the
11053 targets.
11054 properties:
11055 key:
11056 description: The key to select.
11057 type: string
11058 name:
11059 default: ""
11060 description: |-
11061 Name of the referent.
11062 This field is effectively required, but due to backwards compatibility is
11063 allowed to be empty. Instances of this type with an empty value here are
11064 almost certainly wrong.
11065 TODO: Add other useful fields. apiVersion, kind, uid?
11066 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
11067 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
11068 type: string
11069 optional:
11070 description: Specify whether the ConfigMap or its
11071 key must be defined
11072 type: boolean
11073 required:
11074 - key
11075 type: object
11076 x-kubernetes-map-type: atomic
11077 secret:
11078 description: Secret containing data to use for the targets.
11079 properties:
11080 key:
11081 description: The key of the secret to select from. Must
11082 be a valid secret key.
11083 type: string
11084 name:
11085 default: ""
11086 description: |-
11087 Name of the referent.
11088 This field is effectively required, but due to backwards compatibility is
11089 allowed to be empty. Instances of this type with an empty value here are
11090 almost certainly wrong.
11091 TODO: Add other useful fields. apiVersion, kind, uid?
11092 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
11093 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
11094 type: string
11095 optional:
11096 description: Specify whether the Secret or its key
11097 must be defined
11098 type: boolean
11099 required:
11100 - key
11101 type: object
11102 x-kubernetes-map-type: atomic
11103 type: object
11104 clientAuthType:
11105 description: |-
11106 Server policy for client authentication. Maps to ClientAuth Policies.
11107 For more detail on clientAuth options:
11108 https://golang.org/pkg/crypto/tls/#ClientAuthType
11109 type: string
11110 curvePreferences:
11111 description: |-
11112 Elliptic curves that will be used in an ECDHE handshake, in preference
11113 order. Available curves are documented in the go documentation:
11114 https://golang.org/pkg/crypto/tls/#CurveID
11115 items:
11116 type: string
11117 type: array
11118 keySecret:
11119 description: Secret containing the TLS key for the server.
11120 properties:
11121 key:
11122 description: The key of the secret to select from. Must
11123 be a valid secret key.
11124 type: string
11125 name:
11126 default: ""
11127 description: |-
11128 Name of the referent.
11129 This field is effectively required, but due to backwards compatibility is
11130 allowed to be empty. Instances of this type with an empty value here are
11131 almost certainly wrong.
11132 TODO: Add other useful fields. apiVersion, kind, uid?
11133 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
11134 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
11135 type: string
11136 optional:
11137 description: Specify whether the Secret or its key must
11138 be defined
11139 type: boolean
11140 required:
11141 - key
11142 type: object
11143 x-kubernetes-map-type: atomic
11144 maxVersion:
11145 description: Maximum TLS version that is acceptable. Defaults
11146 to TLS13.
11147 type: string
11148 minVersion:
11149 description: Minimum TLS version that is acceptable. Defaults
11150 to TLS12.
11151 type: string
11152 preferServerCipherSuites:
11153 description: |-
11154 Controls whether the server selects the
11155 client's most preferred cipher suite, or the server's most preferred
11156 cipher suite. If true then the server's preference, as expressed in
11157 the order of elements in cipherSuites, is used.
11158 type: boolean
11159 required:
11160 - cert
11161 - keySecret
11162 type: object
11163 type: object
11164 type: object
11165 status:
11166 description: |-
11167 Most recent observed status of the Prometheus cluster. Read-only.
11168 More info:
11169 https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
11170 properties:
11171 availableReplicas:
11172 description: |-
11173 Total number of available pods (ready for at least minReadySeconds)
11174 targeted by this Prometheus deployment.
11175 format: int32
11176 type: integer
11177 conditions:
11178 description: The current state of the Prometheus deployment.
11179 items:
11180 description: |-
11181 Condition represents the state of the resources associated with the
11182 Prometheus, Alertmanager or ThanosRuler resource.
11183 properties:
11184 lastTransitionTime:
11185 description: lastTransitionTime is the time of the last update
11186 to the current status property.
11187 format: date-time
11188 type: string
11189 message:
11190 description: Human-readable message indicating details for the
11191 condition's last transition.
11192 type: string
11193 observedGeneration:
11194 description: |-
11195 ObservedGeneration represents the .metadata.generation that the
11196 condition was set based upon. For instance, if `.metadata.generation` is
11197 currently 12, but the `.status.conditions[].observedGeneration` is 9, the
11198 condition is out of date with respect to the current state of the
11199 instance.
11200 format: int64
11201 type: integer
11202 reason:
11203 description: Reason for the condition's last transition.
11204 type: string
11205 status:
11206 description: Status of the condition.
11207 type: string
11208 type:
11209 description: Type of the condition being reported.
11210 type: string
11211 required:
11212 - lastTransitionTime
11213 - status
11214 - type
11215 type: object
11216 type: array
11217 x-kubernetes-list-map-keys:
11218 - type
11219 x-kubernetes-list-type: map
11220 paused:
11221 description: |-
11222 Represents whether any actions on the underlying managed objects are
11223 being performed. Only delete actions will be performed.
11224 type: boolean
11225 replicas:
11226 description: |-
11227 Total number of non-terminated pods targeted by this Prometheus deployment
11228 (their labels match the selector).
11229 format: int32
11230 type: integer
11231 shardStatuses:
11232 description: The list has one entry per shard. Each entry provides
11233 a summary of the shard status.
11234 items:
11235 properties:
11236 availableReplicas:
11237 description: |-
11238 Total number of available pods (ready for at least minReadySeconds)
11239 targeted by this shard.
11240 format: int32
11241 type: integer
11242 replicas:
11243 description: Total number of pods targeted by this shard.
11244 format: int32
11245 type: integer
11246 shardID:
11247 description: Identifier of the shard.
11248 type: string
11249 unavailableReplicas:
11250 description: Total number of unavailable pods targeted by this
11251 shard.
11252 format: int32
11253 type: integer
11254 updatedReplicas:
11255 description: |-
11256 Total number of non-terminated pods targeted by this shard
11257 that have the desired spec.
11258 format: int32
11259 type: integer
11260 required:
11261 - availableReplicas
11262 - replicas
11263 - shardID
11264 - unavailableReplicas
11265 - updatedReplicas
11266 type: object
11267 type: array
11268 x-kubernetes-list-map-keys:
11269 - shardID
11270 x-kubernetes-list-type: map
11271 unavailableReplicas:
11272 description: Total number of unavailable pods targeted by this Prometheus
11273 deployment.
11274 format: int32
11275 type: integer
11276 updatedReplicas:
11277 description: |-
11278 Total number of non-terminated pods targeted by this Prometheus deployment
11279 that have the desired version spec.
11280 format: int32
11281 type: integer
11282 required:
11283 - availableReplicas
11284 - paused
11285 - replicas
11286 - unavailableReplicas
11287 - updatedReplicas
11288 type: object
11289 required:
11290 - spec
11291 type: object
11292 served: true
11293 storage: true
11294 subresources:
11295 status: {}
View as plain text