Prometheus defines a Prometheus deployment.
Prometheus defines a Prometheus deployment.
object
spec
Property | Type | Description |
---|---|---|
|
|
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the ReST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
|
Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
|
|
Most recent observed status of the Prometheus cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
object
Property | Type | Description |
---|---|---|
|
|
AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config The user is responsible for making sure that the configurations are valid Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. |
|
|
AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs The user is responsible for making sure that the configurations are valid Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade. |
|
|
AdditionalArgs allows setting additional arguments for the 'prometheus' container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. |
|
|
Argument as part of the AdditionalArgs list. |
|
|
AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade. |
|
|
Defines the Pods' affinity scheduling rules if specified. |
|
|
Defines the settings related to Alertmanager. |
|
|
AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. |
|
|
APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. |
|
|
When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor’s endpoint specifies a |
|
|
Deprecated: use 'spec.image' instead. |
|
|
BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. |
|
|
ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. each ConfigMap is added to the StatefulSet definition as a volume named |
|
|
Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch.
The names of containers managed by the operator are: * |
|
|
A single application container that you want to run within a pod. |
|
|
When true, the Prometheus compaction is disabled. |
|
|
enables access to the Prometheus web admin API. WARNING: enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis |
|
|
enable access to Prometheus feature flags. By default, no features are enabled. enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ |
|
|
enable Prometheus to be used as a receiver for the Prometheus remote write protocol. WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver It requires Prometheus >= v2.33.0. |
|
|
When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. It requires Prometheus >= v2.28.0. |
|
|
When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any |
|
|
When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any |
|
|
When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any |
|
|
When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any |
|
|
When not empty, a label will be added to
1. All metrics scraped from |
|
|
When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any |
|
|
When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any |
|
|
Interval between rule evaluations. Default: "30s" |
|
|
List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin.
It is only applicable if |
|
|
ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object. |
|
|
exemplars related settings that are runtime reloadable. It requires to enable the |
|
|
The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by |
|
|
The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource). |
|
|
Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified. |
|
|
HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file. |
|
|
Use the host’s network namespace if true.
Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).
When hostNetwork is enabled, this will set the DNS policy to |
|
|
When true, |
|
|
Container image name for Prometheus. If specified, it takes precedence over the |
|
|
Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. |
|
|
An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod |
|
|
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. |
|
|
InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch.
The names of init container name managed by the operator are: * |
|
|
A single application container that you want to run within a pod. |
|
|
Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. |
|
|
Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. |
|
|
Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. |
|
|
Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. |
|
|
When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address. |
|
|
Log format for Log level for Prometheus and the config-reloader sidecar. |
|
|
Log level for Prometheus and the config-reloader sidecar. |
|
|
Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. |
|
|
Defines on which Nodes the Pods are scheduled. |
|
|
When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to "exported_<label value>" for all targets created from service and pod monitors. Otherwise the HonorLabels field of the service or pod monitor applies. |
|
|
When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies. |
|
|
When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. |
|
|
The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate. |
|
|
PodMetadata configures labels and annotations which are propagated to the Prometheus pods. The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/name" label, set to "prometheus". * "app.kubernetes.io/version" label, set to the Prometheus version. * "operator.prometheus.io/name" label, set to the name of the Prometheus object. * "operator.prometheus.io/shard" label, set to the shard number of the Prometheus object. * "kubectl.kubernetes.io/default-container" annotation, set to "prometheus". |
|
|
Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. |
|
|
experimental PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.
If |
|
|
PodTargetLabels are appended to the |
|
|
Port name used for the pods and governing service. Default: "web" |
|
|
Priority class assigned to the Pods. |
|
|
experimental Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. |
|
|
experimental Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.
If |
|
|
Name of Prometheus external label used to denote the Prometheus instance name. The external label will not be added when the field is set to the empty string ( |
|
|
Defines the list of PrometheusRule objects to which the namespace label enforcement doesn’t apply. This is only relevant when |
|
|
PrometheusRuleexcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. |
|
|
QuerySpec defines the configuration of the Promethus query service. |
|
|
queryLogFile specifies where the file to which PromQL queries are logged.
If the filename has an empty path, e.g. 'query.log', The Prometheus Pods will mount the file into an emptyDir volume at |
|
|
Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint. |
|
|
Defines the list of remote read configurations. |
|
|
RemoteReadSpec defines the configuration for Prometheus to read back samples from a remote endpoint. |
|
|
Defines the list of remote write configurations. |
|
|
RemoteWriteSpec defines the configuration to write samples from Prometheus to a remote endpoint. |
|
|
Name of Prometheus external label used to denote the replica name. The external label will not be added when the field is set to the empty string ( |
|
|
Number of replicas of each shard to deploy for a Prometheus deployment. |
|
|
Defines the resources requests and limits of the 'prometheus' container. |
|
|
How long to retain the Prometheus data.
Default: "24h" if |
|
|
Maximum number of bytes used by the Prometheus data. |
|
|
The route prefix Prometheus registers HTTP handlers for.
This is useful when using |
|
|
Namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. |
|
|
PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects. |
|
|
Defines the configuration of the Prometheus rules' engine. |
|
|
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. |
|
|
Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current current namespace only. |
|
|
experimental ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.
If |
|
|
Interval between consecutive scrapes. Default: "30s" |
|
|
Number of seconds to wait until a scrape request times out. |
|
|
Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. each Secret is added to the StatefulSet definition as a volume named |
|
|
SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. |
|
|
ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. |
|
|
Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. |
|
|
ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.
If |
|
|
Deprecated: use 'spec.image' instead. The image’s digest can be specified as part of the image name. |
|
|
eXPeRIMeNTAL: Number of shards to distribute targets onto. |
|
|
Storage defines the storage used by Prometheus. |
|
|
Deprecated: use 'spec.image' instead. The image’s tag can be specified as part of the image name. |
|
|
TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. |
|
|
Defines the configuration of the optional Thanos sidecar. This section is experimental, it may change significantly without deprecation notice in any release. |
|
|
Defines the Pods' tolerations if specified. |
|
|
The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. |
|
|
Defines the pod’s topology spread constraints if specified. |
|
|
TopologySpreadConstraint specifies how to spread matching pods among the given topology. |
|
|
eXPeRIMeNTAL: TracingConfig configures tracing in Prometheus. This is an experimental feature, it may change in any upcoming release in a breaking way. |
|
|
Defines the runtime reloadable configuration of the timeseries database (TSDB). |
|
|
Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. |
|
|
VolumeMounts allows the configuration of additional VolumeMounts. VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects. |
|
|
VolumeMount describes a mounting of a Volume within a container. |
|
|
Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. |
|
|
Volume represents a named volume in a pod that may be accessed by any container in the pod. |
|
|
Configures compression of the write-ahead log (WAL) using Snappy. WAL compression is enabled by default for Prometheus >= 2.20.0 Requires Prometheus v2.11.0 and above. |
|
|
Defines the configuration of the Prometheus web server. |
AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config The user is responsible for making sure that the configurations are valid Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs The user is responsible for making sure that the configurations are valid Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
AdditionalArgs allows setting additional arguments for the 'prometheus' container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.
array
Argument as part of the AdditionalArgs list.
object
name
Property | Type | Description |
---|---|---|
|
|
Name of the argument, e.g. "scrape.discovery-reload-interval". |
|
|
Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) |
AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Defines the Pods' affinity scheduling rules if specified.
object
Property | Type | Description |
---|---|---|
|
|
Describes node affinity scheduling rules for the pod. |
|
|
Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). |
|
|
Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). |
Describes node affinity scheduling rules for the pod.
object
Property | Type | Description |
---|---|---|
|
|
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchexpressions; the node(s) with the highest sum are the most preferred. |
|
|
An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). |
|
|
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. |
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchexpressions; the node(s) with the highest sum are the most preferred.
array
An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
object
preference
weight
Property | Type | Description |
---|---|---|
|
|
A node selector term, associated with the corresponding weight. |
|
|
Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. |
A node selector term, associated with the corresponding weight.
object
Property | Type | Description |
---|---|---|
|
|
A list of node selector requirements by node’s labels. |
|
|
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
A list of node selector requirements by node’s fields. |
|
|
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
A list of node selector requirements by node’s labels.
array
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
The label key that the selector applies to. |
|
|
Represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists, DoesNotexist. Gt, and Lt. |
|
|
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
A list of node selector requirements by node’s fields.
array
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
The label key that the selector applies to. |
|
|
Represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists, DoesNotexist. Gt, and Lt. |
|
|
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
object
nodeSelectorTerms
Property | Type | Description |
---|---|---|
|
|
Required. A list of node selector terms. The terms are ORed. |
|
|
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. |
Required. A list of node selector terms. The terms are ORed.
array
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
object
Property | Type | Description |
---|---|---|
|
|
A list of node selector requirements by node’s labels. |
|
|
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
A list of node selector requirements by node’s fields. |
|
|
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
A list of node selector requirements by node’s labels.
array
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
The label key that the selector applies to. |
|
|
Represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists, DoesNotexist. Gt, and Lt. |
|
|
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
A list of node selector requirements by node’s fields.
array
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
The label key that the selector applies to. |
|
|
Represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists, DoesNotexist. Gt, and Lt. |
|
|
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
object
Property | Type | Description |
---|---|---|
|
|
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. |
|
|
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) |
|
|
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. |
|
|
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running |
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
array
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
object
podAffinityTerm
weight
Property | Type | Description |
---|---|---|
|
|
Required. A pod affinity term, associated with the corresponding weight. |
|
|
weight associated with matching the corresponding podAffinityTerm, in the range 1-100. |
Required. A pod affinity term, associated with the corresponding weight.
object
topologyKey
Property | Type | Description |
---|---|---|
|
|
A label query over a set of resources, in this case pods. |
|
|
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
|
namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. empty topologyKey is not allowed. |
A label query over a set of resources, in this case pods.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
array
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
object
topologyKey
Property | Type | Description |
---|---|---|
|
|
A label query over a set of resources, in this case pods. |
|
|
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
|
namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. empty topologyKey is not allowed. |
A label query over a set of resources, in this case pods.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
object
Property | Type | Description |
---|---|---|
|
|
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. |
|
|
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) |
|
|
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. |
|
|
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running |
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
array
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
object
podAffinityTerm
weight
Property | Type | Description |
---|---|---|
|
|
Required. A pod affinity term, associated with the corresponding weight. |
|
|
weight associated with matching the corresponding podAffinityTerm, in the range 1-100. |
Required. A pod affinity term, associated with the corresponding weight.
object
topologyKey
Property | Type | Description |
---|---|---|
|
|
A label query over a set of resources, in this case pods. |
|
|
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
|
namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. empty topologyKey is not allowed. |
A label query over a set of resources, in this case pods.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
array
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
object
topologyKey
Property | Type | Description |
---|---|---|
|
|
A label query over a set of resources, in this case pods. |
|
|
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
|
namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. empty topologyKey is not allowed. |
A label query over a set of resources, in this case pods.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
Defines the settings related to Alertmanager.
object
alertmanagers
Property | Type | Description |
---|---|---|
|
|
Alertmanagerendpoints Prometheus should fire alerts against. |
|
|
Alertmanagerendpoints defines a selection of a single endpoints object containing Alertmanager IPs to fire alerts against. |
Alertmanagerendpoints Prometheus should fire alerts against.
array
Alertmanagerendpoints defines a selection of a single endpoints object containing Alertmanager IPs to fire alerts against.
object
name
namespace
port
Property | Type | Description |
---|---|---|
|
|
Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". |
|
|
Authorization section for Alertmanager.
Cannot be set at the same time as |
|
|
BasicAuth configuration for Alertmanager.
Cannot be set at the same time as |
|
|
File to read bearer token for Alertmanager.
Cannot be set at the same time as |
|
|
Whether to enable HTTP2. |
|
|
Name of the endpoints object in the namespace. |
|
|
Namespace of the endpoints object. |
|
|
Prefix for the HTTP path alerts are pushed to. |
|
|
Port on which the Alertmanager API is exposed. |
|
|
Scheme to use when firing alerts. |
|
|
Sigv4 allows to configures AWS’s Signature Verification 4 for the URL.
It requires Prometheus >= v2.48.0.
Cannot be set at the same time as |
|
|
Timeout is a per-target Alertmanager timeout when pushing alerts. |
|
|
TLS Config to use for Alertmanager. |
Authorization section for Alertmanager.
Cannot be set at the same time as basicAuth
, bearerTokenFile
or sigv4
.
object
Property | Type | Description |
---|---|---|
|
|
Selects a key of a Secret in the namespace that contains the credentials for authentication. |
|
|
Defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. Default: "Bearer" |
Selects a key of a Secret in the namespace that contains the credentials for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
BasicAuth configuration for Alertmanager.
Cannot be set at the same time as bearerTokenFile
, authorization
or sigv4
.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
password
specifies a key of a Secret containing the password for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
username
specifies a key of a Secret containing the username for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Sigv4 allows to configures AWS’s Signature Verification 4 for the URL.
It requires Prometheus >= v2.48.0.
Cannot be set at the same time as basicAuth
, bearerTokenFile
or authorization
.
object
Property | Type | Description |
---|---|---|
|
|
AccessKey is the AWS API key. If not specified, the environment variable |
|
|
Profile is the named AWS profile used to authenticate. |
|
|
Region is the AWS region. If blank, the region from the default credentials chain used. |
|
|
RoleArn is the named AWS profile used to authenticate. |
|
|
SecretKey is the AWS API secret. If not specified, the environment variable |
AccessKey is the AWS API key. If not specified, the environment variable AWS_ACCeSS_KeY_ID
is used.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
SecretKey is the AWS API secret. If not specified, the environment variable AWS_SeCReT_ACCeSS_KeY
is used.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
TLS Config to use for Alertmanager.
object
Property | Type | Description |
---|---|---|
|
|
Certificate authority used when verifying server certificates. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Client certificate to present when doing client-authentication. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Certificate authority used when verifying server certificates.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Client certificate to present when doing client-authentication.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
object
host
Property | Type | Description |
---|---|---|
|
|
Authorization section for the API server.
Cannot be set at the same time as |
|
|
BasicAuth configuration for the API server.
Cannot be set at the same time as |
|
|
Warning: this field shouldn’t be used because the token value appears in clear-text. Prefer using |
|
|
File to read bearer token for accessing apiserver.
Cannot be set at the same time as |
|
|
Kubernetes API address consisting of a hostname or IP address followed by an optional port number. |
|
|
TLS Config to use for the API server. |
Authorization section for the API server.
Cannot be set at the same time as basicAuth
, bearerToken
, or bearerTokenFile
.
object
Property | Type | Description |
---|---|---|
|
|
Selects a key of a Secret in the namespace that contains the credentials for authentication. |
|
|
File to read a secret from, mutually exclusive with |
|
|
Defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. Default: "Bearer" |
Selects a key of a Secret in the namespace that contains the credentials for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
BasicAuth configuration for the API server.
Cannot be set at the same time as authorization
, bearerToken
, or bearerTokenFile
.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
password
specifies a key of a Secret containing the password for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
username
specifies a key of a Secret containing the username for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
TLS Config to use for the API server.
object
Property | Type | Description |
---|---|---|
|
|
Certificate authority used when verifying server certificates. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Client certificate to present when doing client-authentication. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Certificate authority used when verifying server certificates.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Client certificate to present when doing client-authentication.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor’s endpoint specifies a bearerTokenFile
value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a malicious target can get access to the Prometheus service account’s token in the Prometheus' scrape request. Setting spec.arbitraryFSAccessThroughSM
to 'true' would prevent the attack. Users should instead provide the credentials using the spec.bearerTokenSecret
field.
object
Property | Type | Description |
---|---|---|
|
|
Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch.
The names of containers managed by the operator are: * prometheus
* config-reloader
* thanos-sidecar
Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
array
A single application container that you want to run within a pod.
object
name
Property | Type | Description |
---|---|---|
|
|
Arguments to the entrypoint. The container image’s CMD is used if this is not provided. Variable references $(VAR_NAMe) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double are reduced to a single $, which allows for escaping the $(VAR_NAMe) syntax: i.e. "(VAR_NAMe)" will produce the string literal "$(VAR_NAMe)". escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
|
|
entrypoint array. Not executed within a shell. The container image’s eNTRYPOINT is used if this is not provided. Variable references $(VAR_NAMe) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double are reduced to a single $, which allows for escaping the $(VAR_NAMe) syntax: i.e. "(VAR_NAMe)" will produce the string literal "$(VAR_NAMe)". escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
|
|
List of environment variables to set in the container. Cannot be updated. |
|
|
envVar represents an environment variable present in a Container. |
|
|
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDeNTIFIeR. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an env with a duplicate key will take precedence. Cannot be updated. |
|
|
envFromSource represents the source of a set of ConfigMaps |
|
|
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. |
|
|
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
|
|
Actions that the management system should take in response to container lifecycle events. Cannot be updated. |
|
|
Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Name of the container specified as a DNS_LABeL. each container in a pod must have a unique name (DNS_LABeL). Cannot be updated. |
|
|
List of ports to expose from the container. Not specifying a port here DOeS NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. |
|
|
ContainerPort represents a network port in a single container. |
|
|
Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Resources resize policy for the container. |
|
|
ContainerResizePolicy represents resource resize policy for the container. |
|
|
Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod’s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. |
|
|
SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
|
|
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in eOF. Default is false. |
|
|
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an eOF. Default is false |
|
|
Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. |
|
|
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnerror will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. |
|
|
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. |
|
|
volumeDevices is the list of block devices to be used by the container. |
|
|
volumeDevice describes a mapping of a raw block device within a container. |
|
|
Pod volumes to mount into the container’s filesystem. Cannot be updated. |
|
|
VolumeMount describes a mounting of a Volume within a container. |
|
|
Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated. |
List of environment variables to set in the container. Cannot be updated.
array
envVar represents an environment variable present in a Container.
object
name
Property | Type | Description |
---|---|---|
|
|
Name of the environment variable. Must be a C_IDeNTIFIeR. |
|
|
Variable references $(VAR_NAMe) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double are reduced to a single $, which allows for escaping the $(VAR_NAMe) syntax: i.e. "(VAR_NAMe)" will produce the string literal "$(VAR_NAMe)". escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". |
|
|
Source for the environment variable’s value. Cannot be used if value is not empty. |
Source for the environment variable’s value. Cannot be used if value is not empty.
object
Property | Type | Description |
---|---|---|
|
|
Selects a key of a ConfigMap. |
|
|
Selects a field of the pod: supports metadata.name, metadata.namespace, |
|
|
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. |
|
|
Selects a key of a secret in the pod’s namespace |
Selects a key of a ConfigMap.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KeY>']
, metadata.annotations['<KeY>']
, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
object
fieldPath
Property | Type | Description |
---|---|---|
|
|
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
|
|
Path of the field to select in the specified API version. |
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
object
resource
Property | Type | Description |
---|---|---|
|
|
Container name: required for volumes, optional for env vars |
|
|
Specifies the output format of the exposed resources, defaults to "1" |
|
|
Required: resource to select |
Selects a key of a secret in the pod’s namespace
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDeNTIFIeR. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an env with a duplicate key will take precedence. Cannot be updated.
array
envFromSource represents the source of a set of ConfigMaps
object
Property | Type | Description |
---|---|---|
|
|
The ConfigMap to select from |
|
|
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDeNTIFIeR. |
|
|
The Secret to select from |
The ConfigMap to select from
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap must be defined |
The Secret to select from
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret must be defined |
Actions that the management system should take in response to container lifecycle events. Cannot be updated.
object
Property | Type | Description |
---|---|---|
|
|
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |
|
|
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod’s termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod’s termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
GRPC specifies an action involving a GRPC port. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. |
|
|
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod’s terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
GRPC specifies an action involving a GRPC port.
object
port
Property | Type | Description |
---|---|---|
|
|
Port number of the gRPC service. Number must be in the range 1 to 65535. |
|
|
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
List of ports to expose from the container. Not specifying a port here DOeS NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
array
ContainerPort represents a network port in a single container.
object
containerPort
Property | Type | Description |
---|---|---|
|
|
Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536. |
|
|
What host IP to bind the external port to. |
|
|
Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. |
|
|
If specified, this must be an IANA_SVC_NAMe and unique within the pod. each named port in a pod must have a unique name. Name for the port that can be referred to by services. |
|
|
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". |
Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
GRPC specifies an action involving a GRPC port. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. |
|
|
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod’s terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
GRPC specifies an action involving a GRPC port.
object
port
Property | Type | Description |
---|---|---|
|
|
Port number of the gRPC service. Number must be in the range 1 to 65535. |
|
|
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
ContainerResizePolicy represents resource resize policy for the container.
object
resourceName
restartPolicy
Property | Type | Description |
---|---|---|
|
|
Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. |
|
|
Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. |
Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
object
Property | Type | Description |
---|---|---|
|
|
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
|
|
ResourceClaim references one entry in PodSpec.ResourceClaims. |
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
array
ResourceClaim references one entry in PodSpec.ResourceClaims.
object
name
Property | Type | Description |
---|---|---|
|
|
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
object
Property | Type | Description |
---|---|---|
|
|
AllowPrivilegeescalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeescalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. |
|
|
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. |
|
|
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. |
|
|
procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. |
|
|
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. |
|
|
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
|
|
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
|
|
The SeLinux context to be applied to the container. If unspecified, the container runtime will allocate a random SeLinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
|
|
The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. |
|
|
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. |
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
object
Property | Type | Description |
---|---|---|
|
|
Added capabilities |
|
|
Removed capabilities |
The SeLinux context to be applied to the container. If unspecified, the container runtime will allocate a random SeLinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
object
Property | Type | Description |
---|---|---|
|
|
Level is SeLinux level label that applies to the container. |
|
|
Role is a SeLinux role label that applies to the container. |
|
|
Type is a SeLinux type label that applies to the container. |
|
|
User is a SeLinux user label that applies to the container. |
The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
object
type
Property | Type | Description |
---|---|---|
|
|
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. |
|
|
type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. |
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
object
Property | Type | Description |
---|---|---|
|
|
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. |
|
|
GMSACredentialSpecName is the name of the GMSA credential spec to use. |
|
|
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod’s containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. |
|
|
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
GRPC specifies an action involving a GRPC port. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. |
|
|
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod’s terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
GRPC specifies an action involving a GRPC port.
object
port
Property | Type | Description |
---|---|---|
|
|
Port number of the gRPC service. Number must be in the range 1 to 65535. |
|
|
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
volumeDevices is the list of block devices to be used by the container.
array
volumeDevice describes a mapping of a raw block device within a container.
object
devicePath
name
Property | Type | Description |
---|---|---|
|
|
devicePath is the path inside of the container that the device will be mapped to. |
|
|
name must match the name of a persistentVolumeClaim in the pod |
Pod volumes to mount into the container’s filesystem. Cannot be updated.
array
VolumeMount describes a mounting of a Volume within a container.
object
mountPath
name
Property | Type | Description |
---|---|---|
|
|
Path within the container at which the volume should be mounted. Must not contain ':'. |
|
|
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. |
|
|
This must match the Name of a Volume. |
|
|
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. |
|
|
Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root). |
|
|
expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAMe) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathexpr and SubPath are mutually exclusive. |
List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin.
It is only applicable if spec.enforcedNamespaceLabel
set to true.
array
ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.
object
namespace
resource
Property | Type | Description |
---|---|---|
|
|
Group of the referent. When not specified, it defaults to |
|
|
Name of the referent. When not set, all resources in the namespace are matched. |
|
|
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
|
Resource of the referent. |
exemplars related settings that are runtime reloadable. It requires to enable the exemplar-storage
feature flag to be effective.
object
Property | Type | Description |
---|---|---|
|
|
Maximum number of exemplars stored in memory for all series.
exemplar-storage itself must be enabled using the |
Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified.
array
HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.
object
hostnames
ip
Property | Type | Description |
---|---|---|
|
|
Hostnames for the above IP address. |
|
|
IP address of the host file entry. |
An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
array
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch.
The names of init container name managed by the operator are: * init-config-reloader
.
Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
array
A single application container that you want to run within a pod.
object
name
Property | Type | Description |
---|---|---|
|
|
Arguments to the entrypoint. The container image’s CMD is used if this is not provided. Variable references $(VAR_NAMe) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double are reduced to a single $, which allows for escaping the $(VAR_NAMe) syntax: i.e. "(VAR_NAMe)" will produce the string literal "$(VAR_NAMe)". escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
|
|
entrypoint array. Not executed within a shell. The container image’s eNTRYPOINT is used if this is not provided. Variable references $(VAR_NAMe) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double are reduced to a single $, which allows for escaping the $(VAR_NAMe) syntax: i.e. "(VAR_NAMe)" will produce the string literal "$(VAR_NAMe)". escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
|
|
List of environment variables to set in the container. Cannot be updated. |
|
|
envVar represents an environment variable present in a Container. |
|
|
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDeNTIFIeR. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an env with a duplicate key will take precedence. Cannot be updated. |
|
|
envFromSource represents the source of a set of ConfigMaps |
|
|
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. |
|
|
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
|
|
Actions that the management system should take in response to container lifecycle events. Cannot be updated. |
|
|
Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Name of the container specified as a DNS_LABeL. each container in a pod must have a unique name (DNS_LABeL). Cannot be updated. |
|
|
List of ports to expose from the container. Not specifying a port here DOeS NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. |
|
|
ContainerPort represents a network port in a single container. |
|
|
Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Resources resize policy for the container. |
|
|
ContainerResizePolicy represents resource resize policy for the container. |
|
|
Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod’s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. |
|
|
SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
|
|
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in eOF. Default is false. |
|
|
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an eOF. Default is false |
|
|
Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. |
|
|
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnerror will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. |
|
|
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. |
|
|
volumeDevices is the list of block devices to be used by the container. |
|
|
volumeDevice describes a mapping of a raw block device within a container. |
|
|
Pod volumes to mount into the container’s filesystem. Cannot be updated. |
|
|
VolumeMount describes a mounting of a Volume within a container. |
|
|
Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated. |
List of environment variables to set in the container. Cannot be updated.
array
envVar represents an environment variable present in a Container.
object
name
Property | Type | Description |
---|---|---|
|
|
Name of the environment variable. Must be a C_IDeNTIFIeR. |
|
|
Variable references $(VAR_NAMe) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double are reduced to a single $, which allows for escaping the $(VAR_NAMe) syntax: i.e. "(VAR_NAMe)" will produce the string literal "$(VAR_NAMe)". escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". |
|
|
Source for the environment variable’s value. Cannot be used if value is not empty. |
Source for the environment variable’s value. Cannot be used if value is not empty.
object
Property | Type | Description |
---|---|---|
|
|
Selects a key of a ConfigMap. |
|
|
Selects a field of the pod: supports metadata.name, metadata.namespace, |
|
|
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. |
|
|
Selects a key of a secret in the pod’s namespace |
Selects a key of a ConfigMap.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KeY>']
, metadata.annotations['<KeY>']
, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
object
fieldPath
Property | Type | Description |
---|---|---|
|
|
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
|
|
Path of the field to select in the specified API version. |
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
object
resource
Property | Type | Description |
---|---|---|
|
|
Container name: required for volumes, optional for env vars |
|
|
Specifies the output format of the exposed resources, defaults to "1" |
|
|
Required: resource to select |
Selects a key of a secret in the pod’s namespace
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDeNTIFIeR. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an env with a duplicate key will take precedence. Cannot be updated.
array
envFromSource represents the source of a set of ConfigMaps
object
Property | Type | Description |
---|---|---|
|
|
The ConfigMap to select from |
|
|
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDeNTIFIeR. |
|
|
The Secret to select from |
The ConfigMap to select from
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap must be defined |
The Secret to select from
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret must be defined |
Actions that the management system should take in response to container lifecycle events. Cannot be updated.
object
Property | Type | Description |
---|---|---|
|
|
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |
|
|
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod’s termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod’s termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
GRPC specifies an action involving a GRPC port. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. |
|
|
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod’s terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
GRPC specifies an action involving a GRPC port.
object
port
Property | Type | Description |
---|---|---|
|
|
Port number of the gRPC service. Number must be in the range 1 to 65535. |
|
|
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
List of ports to expose from the container. Not specifying a port here DOeS NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
array
ContainerPort represents a network port in a single container.
object
containerPort
Property | Type | Description |
---|---|---|
|
|
Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536. |
|
|
What host IP to bind the external port to. |
|
|
Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. |
|
|
If specified, this must be an IANA_SVC_NAMe and unique within the pod. each named port in a pod must have a unique name. Name for the port that can be referred to by services. |
|
|
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". |
Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
GRPC specifies an action involving a GRPC port. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. |
|
|
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod’s terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
GRPC specifies an action involving a GRPC port.
object
port
Property | Type | Description |
---|---|---|
|
|
Port number of the gRPC service. Number must be in the range 1 to 65535. |
|
|
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
Resources resize policy for the container.
array
ContainerResizePolicy represents resource resize policy for the container.
object
resourceName
restartPolicy
Property | Type | Description |
---|---|---|
|
|
Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. |
|
|
Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. |
Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
object
Property | Type | Description |
---|---|---|
|
|
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
|
|
ResourceClaim references one entry in PodSpec.ResourceClaims. |
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
array
ResourceClaim references one entry in PodSpec.ResourceClaims.
object
name
Property | Type | Description |
---|---|---|
|
|
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
object
Property | Type | Description |
---|---|---|
|
|
AllowPrivilegeescalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeescalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. |
|
|
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. |
|
|
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. |
|
|
procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. |
|
|
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. |
|
|
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
|
|
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
|
|
The SeLinux context to be applied to the container. If unspecified, the container runtime will allocate a random SeLinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
|
|
The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. |
|
|
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. |
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
object
Property | Type | Description |
---|---|---|
|
|
Added capabilities |
|
|
Removed capabilities |
The SeLinux context to be applied to the container. If unspecified, the container runtime will allocate a random SeLinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
object
Property | Type | Description |
---|---|---|
|
|
Level is SeLinux level label that applies to the container. |
|
|
Role is a SeLinux role label that applies to the container. |
|
|
Type is a SeLinux type label that applies to the container. |
|
|
User is a SeLinux user label that applies to the container. |
The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
object
type
Property | Type | Description |
---|---|---|
|
|
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. |
|
|
type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. |
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
object
Property | Type | Description |
---|---|---|
|
|
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. |
|
|
GMSACredentialSpecName is the name of the GMSA credential spec to use. |
|
|
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod’s containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. |
|
|
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
GRPC specifies an action involving a GRPC port. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. |
|
|
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod’s terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
GRPC specifies an action involving a GRPC port.
object
port
Property | Type | Description |
---|---|---|
|
|
Port number of the gRPC service. Number must be in the range 1 to 65535. |
|
|
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port.
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAMe. |
volumeDevices is the list of block devices to be used by the container.
array
volumeDevice describes a mapping of a raw block device within a container.
object
devicePath
name
Property | Type | Description |
---|---|---|
|
|
devicePath is the path inside of the container that the device will be mapped to. |
|
|
name must match the name of a persistentVolumeClaim in the pod |
Pod volumes to mount into the container’s filesystem. Cannot be updated.
array
VolumeMount describes a mounting of a Volume within a container.
object
mountPath
name
Property | Type | Description |
---|---|---|
|
|
Path within the container at which the volume should be mounted. Must not contain ':'. |
|
|
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. |
|
|
This must match the Name of a Volume. |
|
|
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. |
|
|
Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root). |
|
|
expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAMe) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathexpr and SubPath are mutually exclusive. |
The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.
object
Property | Type | Description |
---|---|---|
|
|
WhenDeleted specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is deleted. The default policy of |
|
|
WhenScaled specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is scaled down. The default policy of |
PodMetadata configures labels and annotations which are propagated to the Prometheus pods. The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/name" label, set to "prometheus". * "app.kubernetes.io/version" label, set to the Prometheus version. * "operator.prometheus.io/name" label, set to the name of the Prometheus object. * "operator.prometheus.io/shard" label, set to the shard number of the Prometheus object. * "kubectl.kubernetes.io/default-container" annotation, set to "prometheus".
object
Property | Type | Description |
---|---|---|
|
|
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations |
|
|
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels |
|
|
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
experimental PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.
If spec.serviceMonitorSelector
, spec.podMonitorSelector
, spec.probeSelector
and spec.scrapeConfigSelector
are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz
key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs
instead.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
experimental Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
experimental Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.
If spec.serviceMonitorSelector
, spec.podMonitorSelector
, spec.probeSelector
and spec.scrapeConfigSelector
are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz
key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs
instead.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
Defines the list of PrometheusRule objects to which the namespace label enforcement doesn’t apply. This is only relevant when spec.enforcedNamespaceLabel
is set to true. Deprecated: use spec.excludedFromenforcement
instead.
array
PrometheusRuleexcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics.
object
ruleName
ruleNamespace
Property | Type | Description |
---|---|---|
|
|
Name of the excluded PrometheusRule object. |
|
|
Namespace of the excluded PrometheusRule object. |
QuerySpec defines the configuration of the Promethus query service.
object
Property | Type | Description |
---|---|---|
|
|
The delta difference allowed for retrieving metrics during expression evaluations. |
|
|
Number of concurrent queries that can be run at once. |
|
|
Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. |
|
|
Maximum time a query may take before being aborted. |
RemoteReadSpec defines the configuration for Prometheus to read back samples from a remote endpoint.
object
url
Property | Type | Description |
---|---|---|
|
|
Authorization section for the URL.
It requires Prometheus >= v2.26.0.
Cannot be set at the same time as |
|
|
BasicAuth configuration for the URL.
Cannot be set at the same time as |
|
|
Warning: this field shouldn’t be used because the token value appears in clear-text. Prefer using |
|
|
File from which to read the bearer token for the URL.
Deprecated: this will be removed in a future release. Prefer using |
|
|
Whether to use the external labels as selectors for the remote read endpoint. It requires Prometheus >= v2.34.0. |
|
|
Configure whether HTTP requests follow HTTP 3xx redirects. It requires Prometheus >= v2.26.0. |
|
|
Custom HTTP headers to be sent along with each remote read request. Be aware that headers that are set by Prometheus itself can’t be overwritten. Only valid in Prometheus versions 2.26.0 and newer. |
|
|
The name of the remote read queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. It requires Prometheus >= v2.15.0. |
|
|
OAuth2 configuration for the URL.
It requires Prometheus >= v2.27.0.
Cannot be set at the same time as |
|
|
Optional ProxyURL. |
|
|
Whether reads should be made for queries for time ranges that the local storage should have complete data for. |
|
|
Timeout for requests to the remote read endpoint. |
|
|
An optional list of equality matchers which have to be present in a selector to query the remote read endpoint. |
|
|
TLS Config to use for the URL. |
|
|
The URL of the endpoint to query from. |
Authorization section for the URL.
It requires Prometheus >= v2.26.0.
Cannot be set at the same time as basicAuth
, or oauth2
.
object
Property | Type | Description |
---|---|---|
|
|
Selects a key of a Secret in the namespace that contains the credentials for authentication. |
|
|
File to read a secret from, mutually exclusive with |
|
|
Defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. Default: "Bearer" |
Selects a key of a Secret in the namespace that contains the credentials for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
BasicAuth configuration for the URL.
Cannot be set at the same time as authorization
, or oauth2
.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
password
specifies a key of a Secret containing the password for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
username
specifies a key of a Secret containing the username for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
OAuth2 configuration for the URL.
It requires Prometheus >= v2.27.0.
Cannot be set at the same time as authorization
, or basicAuth
.
object
clientId
clientSecret
tokenUrl
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
clientId
specifies a key of a Secret or ConfigMap containing the OAuth2 client’s ID.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
clientSecret
specifies a key of a Secret containing the OAuth2 client’s secret.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
TLS Config to use for the URL.
object
Property | Type | Description |
---|---|---|
|
|
Certificate authority used when verifying server certificates. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Client certificate to present when doing client-authentication. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Certificate authority used when verifying server certificates.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Client certificate to present when doing client-authentication.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
RemoteWriteSpec defines the configuration to write samples from Prometheus to a remote endpoint.
object
url
Property | Type | Description |
---|---|---|
|
|
Authorization section for the URL.
It requires Prometheus >= v2.26.0.
Cannot be set at the same time as |
|
|
AzureAD for the URL.
It requires Prometheus >= v2.45.0.
Cannot be set at the same time as |
|
|
BasicAuth configuration for the URL.
Cannot be set at the same time as |
|
|
Warning: this field shouldn’t be used because the token value appears in clear-text. Prefer using |
|
|
File from which to read bearer token for the URL.
Deprecated: this will be removed in a future release. Prefer using |
|
|
Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can’t be overwritten. It requires Prometheus >= v2.25.0. |
|
|
MetadataConfig configures the sending of series metadata to the remote storage. |
|
|
The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. It requires Prometheus >= v2.15.0. |
|
|
OAuth2 configuration for the URL.
It requires Prometheus >= v2.27.0.
Cannot be set at the same time as |
|
|
Optional ProxyURL. |
|
|
QueueConfig allows tuning of the remote write queue parameters. |
|
|
Timeout for requests to the remote write endpoint. |
|
|
enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the |
|
|
enables sending of native histograms, also known as sparse histograms over remote write. It requires Prometheus >= v2.40.0. |
|
|
Sigv4 allows to configures AWS’s Signature Verification 4 for the URL.
It requires Prometheus >= v2.26.0.
Cannot be set at the same time as |
|
|
TLS Config to use for the URL. |
|
|
The URL of the endpoint to send samples to. |
|
|
The list of remote write relabel configurations. |
|
|
RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
Authorization section for the URL.
It requires Prometheus >= v2.26.0.
Cannot be set at the same time as sigv4
, basicAuth
, oauth2
, or azureAd
.
object
Property | Type | Description |
---|---|---|
|
|
Selects a key of a Secret in the namespace that contains the credentials for authentication. |
|
|
File to read a secret from, mutually exclusive with |
|
|
Defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. Default: "Bearer" |
Selects a key of a Secret in the namespace that contains the credentials for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
AzureAD for the URL.
It requires Prometheus >= v2.45.0.
Cannot be set at the same time as authorization
, basicAuth
, oauth2
, or sigv4
.
object
Property | Type | Description |
---|---|---|
|
|
The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'. |
|
|
ManagedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as |
|
|
OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as |
ManagedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as oauth
.
object
clientId
Property | Type | Description |
---|---|---|
|
|
The client id |
OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as managedIdentity
.
It requires Prometheus >= v2.48.0.
object
clientId
clientSecret
tenantId
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
clientSecret
specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
BasicAuth configuration for the URL.
Cannot be set at the same time as sigv4
, authorization
, oauth2
, or azureAd
.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
password
specifies a key of a Secret containing the password for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
username
specifies a key of a Secret containing the username for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
MetadataConfig configures the sending of series metadata to the remote storage.
object
Property | Type | Description |
---|---|---|
|
|
Defines whether metric metadata is sent to the remote storage or not. |
|
|
Defines how frequently metric metadata is sent to the remote storage. |
OAuth2 configuration for the URL.
It requires Prometheus >= v2.27.0.
Cannot be set at the same time as sigv4
, authorization
, basicAuth
, or azureAd
.
object
clientId
clientSecret
tokenUrl
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
clientId
specifies a key of a Secret or ConfigMap containing the OAuth2 client’s ID.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
clientSecret
specifies a key of a Secret containing the OAuth2 client’s secret.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
QueueConfig allows tuning of the remote write queue parameters.
object
Property | Type | Description |
---|---|---|
|
|
BatchSendDeadline is the maximum time a sample will wait in buffer. |
|
|
Capacity is the number of samples to buffer per shard before we start dropping them. |
|
|
MaxBackoff is the maximum retry delay. |
|
|
MaxRetries is the maximum number of times to retry a batch on recoverable errors. |
|
|
MaxSamplesPerSend is the maximum number of samples per send. |
|
|
MaxShards is the maximum number of shards, i.e. amount of concurrency. |
|
|
MinBackoff is the initial retry delay. Gets doubled for every retry. |
|
|
MinShards is the minimum number of shards, i.e. amount of concurrency. |
|
|
Retry upon receiving a 429 status code from the remote-write storage. This is experimental feature and might change in the future. |
Sigv4 allows to configures AWS’s Signature Verification 4 for the URL.
It requires Prometheus >= v2.26.0.
Cannot be set at the same time as authorization
, basicAuth
, oauth2
, or azureAd
.
object
Property | Type | Description |
---|---|---|
|
|
AccessKey is the AWS API key. If not specified, the environment variable |
|
|
Profile is the named AWS profile used to authenticate. |
|
|
Region is the AWS region. If blank, the region from the default credentials chain used. |
|
|
RoleArn is the named AWS profile used to authenticate. |
|
|
SecretKey is the AWS API secret. If not specified, the environment variable |
AccessKey is the AWS API key. If not specified, the environment variable AWS_ACCeSS_KeY_ID
is used.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
SecretKey is the AWS API secret. If not specified, the environment variable AWS_SeCReT_ACCeSS_KeY
is used.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
TLS Config to use for the URL.
object
Property | Type | Description |
---|---|---|
|
|
Certificate authority used when verifying server certificates. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Client certificate to present when doing client-authentication. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Certificate authority used when verifying server certificates.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Client certificate to present when doing client-authentication.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
The list of remote write relabel configurations.
array
RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
object
Property | Type | Description |
---|---|---|
|
|
Action to perform based on the regex matching.
|
|
|
Modulus to take of the hash of the source label values.
Only applicable when the action is |
|
|
Regular expression against which the extracted value is matched. |
|
|
Replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. |
|
|
Separator is the string between concatenated SourceLabels. |
|
|
The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. |
|
|
Label to which the resulting string is written in a replacement.
It is mandatory for |
Defines the resources requests and limits of the 'prometheus' container.
object
Property | Type | Description |
---|---|---|
|
|
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
|
|
ResourceClaim references one entry in PodSpec.ResourceClaims. |
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
array
ResourceClaim references one entry in PodSpec.ResourceClaims.
object
name
Property | Type | Description |
---|---|---|
|
|
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
Namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
Defines the configuration of the Prometheus rules' engine.
object
Property | Type | Description |
---|---|---|
|
|
Defines the parameters of the Prometheus rules' engine. Any update to these parameters trigger a restart of the pods. |
Defines the parameters of the Prometheus rules' engine. Any update to these parameters trigger a restart of the pods.
object
Property | Type | Description |
---|---|---|
|
|
Minimum duration between alert and restored 'for' state. This is maintained only for alerts with a configured 'for' time greater than the grace period. |
|
|
Max time to tolerate prometheus outage for restoring 'for' state of alert. |
|
|
Minimum amount of time to wait before resending an alert to Alertmanager. |
Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current current namespace only.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
experimental ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.
If spec.serviceMonitorSelector
, spec.podMonitorSelector
, spec.probeSelector
and spec.scrapeConfigSelector
are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz
key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs
instead.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
object
Property | Type | Description |
---|---|---|
|
|
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. |
|
|
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. |
|
|
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. |
|
|
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. |
|
|
The SeLinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SeLinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. |
|
|
The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. |
|
|
A list of groups applied to the first process run in each container, in addition to the container’s primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. |
|
|
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. |
|
|
Sysctl defines a kernel parameter to be set |
|
|
The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. |
The SeLinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SeLinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
object
Property | Type | Description |
---|---|---|
|
|
Level is SeLinux level label that applies to the container. |
|
|
Role is a SeLinux role label that applies to the container. |
|
|
Type is a SeLinux type label that applies to the container. |
|
|
User is a SeLinux user label that applies to the container. |
The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
object
type
Property | Type | Description |
---|---|---|
|
|
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. |
|
|
type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. |
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
array
Sysctl defines a kernel parameter to be set
object
name
value
Property | Type | Description |
---|---|---|
|
|
Name of a property to set |
|
|
Value of a property to set |
The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
object
Property | Type | Description |
---|---|---|
|
|
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. |
|
|
GMSACredentialSpecName is the name of the GMSA credential spec to use. |
|
|
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod’s containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. |
|
|
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.
If spec.serviceMonitorSelector
, spec.podMonitorSelector
, spec.probeSelector
and spec.scrapeConfigSelector
are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz
key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs
instead.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
Storage defines the storage used by Prometheus.
object
Property | Type | Description |
---|---|---|
|
|
Deprecated: subPath usage will be removed in a future release. |
|
|
emptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over |
|
|
ephemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericephemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes |
|
|
Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. |
emptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over ephemeral
and volumeClaimTemplate
. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
object
Property | Type | Description |
---|---|---|
|
|
medium represents what type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |
|
|
sizeLimit is the total amount of local storage required for this emptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium emptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |
ephemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericephemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
object
Property | Type | Description |
---|---|---|
|
|
Will be used to create a stand-alone PVC to provision the volume. The pod in which this ephemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be |
Will be used to create a stand-alone PVC to provision the volume. The pod in which this ephemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be <pod name>-<volume name>
where <volume name>
is the name from the PodSpec.Volumes
array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.
This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.
Required, must not be nil.
object
spec
Property | Type | Description |
---|---|---|
|
|
May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. |
|
|
The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. |
May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
object
The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
object
Property | Type | Description |
---|---|---|
|
|
accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 |
|
|
dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. |
|
|
dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn’t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn’t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |
|
|
resources represents the minimum resources the volume should have. If RecoverVolumeexpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources |
|
|
selector is a label query over volumes to consider for binding. |
|
|
storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 |
|
|
volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. |
|
|
volumeName is the binding reference to the PersistentVolume backing this claim. |
dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
object
kind
name
Property | Type | Description |
---|---|---|
|
|
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. |
|
|
Kind is the type of resource being referenced |
|
|
Name is the name of resource being referenced |
dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn’t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn’t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
object
kind
name
Property | Type | Description |
---|---|---|
|
|
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. |
|
|
Kind is the type of resource being referenced |
|
|
Name is the name of resource being referenced |
|
|
Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace’s owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |
resources represents the minimum resources the volume should have. If RecoverVolumeexpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
object
Property | Type | Description |
---|---|---|
|
|
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
|
|
ResourceClaim references one entry in PodSpec.ResourceClaims. |
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
array
ResourceClaim references one entry in PodSpec.ResourceClaims.
object
name
Property | Type | Description |
---|---|---|
|
|
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
selector is a label query over volumes to consider for binding.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes.
object
Property | Type | Description |
---|---|---|
|
|
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the ReST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
|
embeddedMetadata contains metadata relevant to an embeddedResource. |
|
|
Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims |
|
|
Deprecated: this field is never set. |
embeddedMetadata contains metadata relevant to an embeddedResource.
object
Property | Type | Description |
---|---|---|
|
|
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations |
|
|
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels |
|
|
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
object
Property | Type | Description |
---|---|---|
|
|
accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 |
|
|
dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. |
|
|
dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn’t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn’t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |
|
|
resources represents the minimum resources the volume should have. If RecoverVolumeexpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources |
|
|
selector is a label query over volumes to consider for binding. |
|
|
storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 |
|
|
volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. |
|
|
volumeName is the binding reference to the PersistentVolume backing this claim. |
dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
object
kind
name
Property | Type | Description |
---|---|---|
|
|
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. |
|
|
Kind is the type of resource being referenced |
|
|
Name is the name of resource being referenced |
dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn’t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn’t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
object
kind
name
Property | Type | Description |
---|---|---|
|
|
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. |
|
|
Kind is the type of resource being referenced |
|
|
Name is the name of resource being referenced |
|
|
Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace’s owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |
resources represents the minimum resources the volume should have. If RecoverVolumeexpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
object
Property | Type | Description |
---|---|---|
|
|
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
|
|
ResourceClaim references one entry in PodSpec.ResourceClaims. |
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
array
ResourceClaim references one entry in PodSpec.ResourceClaims.
object
name
Property | Type | Description |
---|---|---|
|
|
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
selector is a label query over volumes to consider for binding.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
Deprecated: this field is never set.
object
Property | Type | Description |
---|---|---|
|
|
accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 |
|
|
allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don’t set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC. A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeexpansionFailure feature. |
|
|
allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeexpansionFailure feature. |
|
|
capacity represents the actual resources of the underlying volume. |
|
|
conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. |
|
|
PersistentVolumeClaimCondition contains details about state of pvc |
|
|
phase represents the current phase of PersistentVolumeClaim. |
conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
array
PersistentVolumeClaimCondition contains details about state of pvc
object
status
type
Property | Type | Description |
---|---|---|
|
|
lastProbeTime is the time we probed the condition. |
|
|
lastTransitionTime is the time the condition transitioned from one status to another. |
|
|
message is the human-readable message indicating details about last transition. |
|
|
reason is a unique, this should be a short, machine understandable string that gives the reason for condition’s last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. |
|
|
|
|
|
PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type |
Defines the configuration of the optional Thanos sidecar. This section is experimental, it may change significantly without deprecation notice in any release.
object
Property | Type | Description |
---|---|---|
|
|
AdditionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. |
|
|
Argument as part of the AdditionalArgs list. |
|
|
Deprecated: use 'image' instead. |
|
|
BlockDuration controls the size of TSDB blocks produced by Prometheus. The default value is 2h to match the upstream Prometheus defaults. WARNING: Changing the block duration can impact the performance and efficiency of the entire Prometheus/Thanos stack due to how it interacts with memory and Thanos compactors. It is recommended to keep this value set to a multiple of 120 times your longest scrape or rule interval. For example, 30s * 120 = 1h. |
|
|
How often to retrieve the Prometheus configuration. |
|
|
Maximum time to wait when retrieving the Prometheus configuration. |
|
|
When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP’s address for the gRPC endpoints.
It has no effect if |
|
|
Configures the TLS parameters for the gRPC server providing the StoreAPI.
Note: Currently only the |
|
|
When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP’s address for the HTTP endpoints.
It has no effect if |
|
|
Container image name for Thanos. If specified, it takes precedence over the |
|
|
Deprecated: use |
|
|
Log format for the Thanos sidecar. |
|
|
Log level for the Thanos sidecar. |
|
|
Defines the start of time range limit served by the Thanos sidecar’s StoreAPI. The field’s value should be a constant time in RFC3339 format or a time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. |
|
|
Defines the Thanos sidecar’s configuration to upload TSDB blocks to object storage. More info: https://thanos.io/tip/thanos/storage.md/ objectStorageConfigFile takes precedence over this field. |
|
|
Defines the Thanos sidecar’s configuration file to upload TSDB blocks to object storage. More info: https://thanos.io/tip/thanos/storage.md/ This field takes precedence over objectStorageConfig. |
|
|
ReadyTimeout is the maximum time that the Thanos sidecar will wait for Prometheus to start. |
|
|
Defines the resources requests and limits of the Thanos sidecar. |
|
|
Deprecated: use 'image' instead. The image digest can be specified as part of the image name. |
|
|
Deprecated: use 'image' instead. The image’s tag can be specified as part of the image name. |
|
|
Defines the tracing configuration for the Thanos sidecar. More info: https://thanos.io/tip/thanos/tracing.md/ This is an experimental feature, it may change in any upcoming release in a breaking way. tracingConfigFile takes precedence over this field. |
|
|
Defines the tracing configuration file for the Thanos sidecar. More info: https://thanos.io/tip/thanos/tracing.md/ This is an experimental feature, it may change in any upcoming release in a breaking way. This field takes precedence over tracingConfig. |
|
|
Version of Thanos being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. If not specified, the operator assumes the latest upstream release of Thanos available at the time when the version of the operator was released. |
|
|
VolumeMounts allows configuration of additional VolumeMounts for Thanos. VolumeMounts specified will be appended to other VolumeMounts in the 'thanos-sidecar' container. |
|
|
VolumeMount describes a mounting of a Volume within a container. |
AdditionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.
array
Argument as part of the AdditionalArgs list.
object
name
Property | Type | Description |
---|---|---|
|
|
Name of the argument, e.g. "scrape.discovery-reload-interval". |
|
|
Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) |
Configures the TLS parameters for the gRPC server providing the StoreAPI.
Note: Currently only the caFile
, certFile
, and keyFile
fields are supported.
object
Property | Type | Description |
---|---|---|
|
|
Certificate authority used when verifying server certificates. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Client certificate to present when doing client-authentication. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Certificate authority used when verifying server certificates.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Client certificate to present when doing client-authentication.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Defines the Thanos sidecar’s configuration to upload TSDB blocks to object storage. More info: https://thanos.io/tip/thanos/storage.md/ objectStorageConfigFile takes precedence over this field.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Defines the resources requests and limits of the Thanos sidecar.
object
Property | Type | Description |
---|---|---|
|
|
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
|
|
ResourceClaim references one entry in PodSpec.ResourceClaims. |
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
array
ResourceClaim references one entry in PodSpec.ResourceClaims.
object
name
Property | Type | Description |
---|---|---|
|
|
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
Defines the tracing configuration for the Thanos sidecar. More info: https://thanos.io/tip/thanos/tracing.md/ This is an experimental feature, it may change in any upcoming release in a breaking way. tracingConfigFile takes precedence over this field.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
VolumeMounts allows configuration of additional VolumeMounts for Thanos. VolumeMounts specified will be appended to other VolumeMounts in the 'thanos-sidecar' container.
array
VolumeMount describes a mounting of a Volume within a container.
object
mountPath
name
Property | Type | Description |
---|---|---|
|
|
Path within the container at which the volume should be mounted. Must not contain ':'. |
|
|
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. |
|
|
This must match the Name of a Volume. |
|
|
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. |
|
|
Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root). |
|
|
expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAMe) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathexpr and SubPath are mutually exclusive. |
The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
object
Property | Type | Description |
---|---|---|
|
|
effect indicates the taint effect to match. empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and Noexecute. |
|
|
Key is the taint key that the toleration applies to. empty means match all taint keys. If the key is empty, operator must be exists; this combination means to match all values and all keys. |
|
|
Operator represents a key’s relationship to the value. Valid operators are exists and equal. Defaults to equal. exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. |
|
|
TolerationSeconds represents the period of time the toleration (which must be of effect Noexecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. |
|
|
Value is the taint value the toleration matches to. If the operator is exists, the value should be empty, otherwise just a regular string. |
Defines the pod’s topology spread constraints if specified.
array
TopologySpreadConstraint specifies how to spread matching pods among the given topology.
object
maxSkew
topologyKey
whenUnsatisfiable
Property | Type | Description |
---|---|---|
|
|
LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. |
|
|
MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn’t set. Keys that don’t exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). |
|
|
MaxSkew describes the degree to which pods may be unevenly distributed. When |
|
|
MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won’t schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). |
|
|
NodeAffinityPolicy indicates how we will treat Pod’s nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. |
|
|
NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. |
|
|
TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It’s a required field. |
|
|
WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won’t make it more imbalanced. It’s a required field. |
LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
eXPeRIMeNTAL: TracingConfig configures tracing in Prometheus. This is an experimental feature, it may change in any upcoming release in a breaking way.
object
endpoint
Property | Type | Description |
---|---|---|
|
|
Client used to export the traces. Supported values are |
|
|
Compression key for supported compression types. The only supported value is |
|
|
endpoint to send the traces to. Should be provided in format <host>:<port>. |
|
|
Key-value pairs to be used as headers associated with gRPC or HTTP requests. |
|
|
If disabled, the client will use a secure connection. |
|
|
Sets the probability a given trace will be sampled. Must be a float from 0 through 1. |
|
|
Maximum time the exporter will wait for each batch export. |
|
|
TLS Config to use when sending traces. |
TLS Config to use when sending traces.
object
Property | Type | Description |
---|---|---|
|
|
Certificate authority used when verifying server certificates. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Client certificate to present when doing client-authentication. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Certificate authority used when verifying server certificates.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Client certificate to present when doing client-authentication.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Defines the runtime reloadable configuration of the timeseries database (TSDB).
object
Property | Type | Description |
---|---|---|
|
|
Configures how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time. An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). Out of order ingestion is an experimental feature. It requires Prometheus >= v2.39.0. |
VolumeMounts allows the configuration of additional VolumeMounts. VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects.
array
VolumeMount describes a mounting of a Volume within a container.
object
mountPath
name
Property | Type | Description |
---|---|---|
|
|
Path within the container at which the volume should be mounted. Must not contain ':'. |
|
|
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. |
|
|
This must match the Name of a Volume. |
|
|
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. |
|
|
Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root). |
|
|
expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAMe) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathexpr and SubPath are mutually exclusive. |
Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
array
Volume represents a named volume in a pod that may be accessed by any container in the pod.
object
name
Property | Type | Description |
---|---|---|
|
|
awselasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
|
|
azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. |
|
|
azureFile represents an Azure File Service mount on the host and bind mount to the pod. |
|
|
cephFS represents a Ceph FS mount on the host that shares a pod’s lifetime |
|
|
cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/ReADMe.md |
|
|
configMap represents a configMap that should populate this volume |
|
|
csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). |
|
|
downwardAPI represents downward API about the pod that should populate this volume |
|
|
emptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |
|
|
ephemeral represents a volume that is handled by a cluster storage driver. The volume’s lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see ephemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. |
|
|
fc represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod. |
|
|
flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. |
|
|
flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running |
|
|
gcePersistentDisk represents a GCe Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
|
|
gitRepo represents a git repository at a particular revision. DePReCATeD: GitRepo is deprecated. To provision a container with a git repo, mount an emptyDir into an InitContainer that clones the repo using git, then mount the emptyDir into the Pod’s container. |
|
|
glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/ReADMe.md |
|
|
hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. |
|
|
iscsi represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/ReADMe.md |
|
|
name of the volume. Must be a DNS_LABeL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
|
nfs represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs |
|
|
persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims |
|
|
photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine |
|
|
portworxVolume represents a portworx volume attached and mounted on kubelets host machine |
|
|
projected items for all in one resources secrets, configmaps, and downward API |
|
|
quobyte represents a Quobyte mount on the host that shares a pod’s lifetime |
|
|
rbd represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md |
|
|
scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. |
|
|
secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret |
|
|
storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. |
|
|
vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine |
awselasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
object
volumeID
Property | Type | Description |
---|---|---|
|
|
fsType is the filesystem type of the volume that you want to mount. Tip: ensure that the filesystem type is supported by the host operating system. examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). |
|
|
readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
|
|
volumeID is unique ID of the persistent disk resource in AWS (Amazon eBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
object
diskName
diskURI
Property | Type | Description |
---|---|---|
|
|
cachingMode is the Host Caching mode: None, Read Only, Read Write. |
|
|
diskName is the Name of the data disk in the blob storage |
|
|
diskURI is the URI of data disk in the blob storage |
|
|
fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared |
|
|
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
azureFile represents an Azure File Service mount on the host and bind mount to the pod.
object
secretName
shareName
Property | Type | Description |
---|---|---|
|
|
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
secretName is the name of secret that contains Azure Storage Account Name and Key |
|
|
shareName is the azure share Name |
cephFS represents a Ceph FS mount on the host that shares a pod’s lifetime
object
monitors
Property | Type | Description |
---|---|---|
|
|
monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/ReADMe.md#how-to-use-it |
|
|
path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / |
|
|
readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/ReADMe.md#how-to-use-it |
|
|
secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/ReADMe.md#how-to-use-it |
|
|
secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/ReADMe.md#how-to-use-it |
|
|
user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/ReADMe.md#how-to-use-it |
secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/ReADMe.md#how-to-use-it
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/ReADMe.md
object
volumeID
Property | Type | Description |
---|---|---|
|
|
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/ReADMe.md |
|
|
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/ReADMe.md |
|
|
secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. |
|
|
volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/ReADMe.md |
secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
configMap represents a configMap that should populate this volume
object
Property | Type | Description |
---|---|---|
|
|
defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. |
|
|
Maps a string key to a path within a volume. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
optional specify whether the ConfigMap or its keys must be defined |
items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
array
Maps a string key to a path within a volume.
object
key
path
Property | Type | Description |
---|---|---|
|
|
key is the key to project. |
|
|
mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. |
csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
object
driver
Property | Type | Description |
---|---|---|
|
|
driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. |
|
|
fsType to mount. ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. |
|
|
nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. |
|
|
readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). |
|
|
volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values. |
nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
downwardAPI represents downward API about the pod that should populate this volume
object
Property | Type | Description |
---|---|---|
|
|
Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
Items is a list of downward API volume file |
|
|
DownwardAPIVolumeFile represents information to create the file containing the pod field |
Items is a list of downward API volume file
array
DownwardAPIVolumeFile represents information to create the file containing the pod field
object
path
Property | Type | Description |
---|---|---|
|
|
Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. |
|
|
Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' |
|
|
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. |
Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
object
fieldPath
Property | Type | Description |
---|---|---|
|
|
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
|
|
Path of the field to select in the specified API version. |
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
object
resource
Property | Type | Description |
---|---|---|
|
|
Container name: required for volumes, optional for env vars |
|
|
Specifies the output format of the exposed resources, defaults to "1" |
|
|
Required: resource to select |
emptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
object
Property | Type | Description |
---|---|---|
|
|
medium represents what type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |
|
|
sizeLimit is the total amount of local storage required for this emptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium emptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |
ephemeral represents a volume that is handled by a cluster storage driver. The volume’s lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see ephemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time.
object
Property | Type | Description |
---|---|---|
|
|
Will be used to create a stand-alone PVC to provision the volume. The pod in which this ephemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be |
Will be used to create a stand-alone PVC to provision the volume. The pod in which this ephemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be <pod name>-<volume name>
where <volume name>
is the name from the PodSpec.Volumes
array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).
An existing PVC with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.
This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.
Required, must not be nil.
object
spec
Property | Type | Description |
---|---|---|
|
|
May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. |
|
|
The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. |
May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
object
The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
object
Property | Type | Description |
---|---|---|
|
|
accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 |
|
|
dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. |
|
|
dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn’t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn’t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |
|
|
resources represents the minimum resources the volume should have. If RecoverVolumeexpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources |
|
|
selector is a label query over volumes to consider for binding. |
|
|
storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 |
|
|
volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. |
|
|
volumeName is the binding reference to the PersistentVolume backing this claim. |
dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
object
kind
name
Property | Type | Description |
---|---|---|
|
|
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. |
|
|
Kind is the type of resource being referenced |
|
|
Name is the name of resource being referenced |
dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn’t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn’t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
object
kind
name
Property | Type | Description |
---|---|---|
|
|
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. |
|
|
Kind is the type of resource being referenced |
|
|
Name is the name of resource being referenced |
|
|
Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace’s owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |
resources represents the minimum resources the volume should have. If RecoverVolumeexpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
object
Property | Type | Description |
---|---|---|
|
|
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
|
|
ResourceClaim references one entry in PodSpec.ResourceClaims. |
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
array
ResourceClaim references one entry in PodSpec.ResourceClaims.
object
name
Property | Type | Description |
---|---|---|
|
|
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
selector is a label query over volumes to consider for binding.
object
Property | Type | Description |
---|---|---|
|
|
matchexpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchexpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch. |
fc represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.
object
Property | Type | Description |
---|---|---|
|
|
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
lun is Optional: FC target lun number |
|
|
readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
targetWWNs is Optional: FC target worldwide names (WWNs) |
|
|
wwids Optional: FC volume world wide identifiers (wwids) either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. |
flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
object
driver
Property | Type | Description |
---|---|---|
|
|
driver is the name of the driver to use for this volume. |
|
|
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. |
|
|
options is Optional: this field holds extra command options if any. |
|
|
readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. |
secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running
object
Property | Type | Description |
---|---|---|
|
|
datasetName is Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated |
|
|
datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset |
gcePersistentDisk represents a GCe Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
object
pdName
Property | Type | Description |
---|---|---|
|
|
fsType is filesystem type of the volume that you want to mount. Tip: ensure that the filesystem type is supported by the host operating system. examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
|
|
pdName is unique name of the PD resource in GCe. Used to identify the disk in GCe. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
|
|
readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
gitRepo represents a git repository at a particular revision. DePReCATeD: GitRepo is deprecated. To provision a container with a git repo, mount an emptyDir into an InitContainer that clones the repo using git, then mount the emptyDir into the Pod’s container.
object
repository
Property | Type | Description |
---|---|---|
|
|
directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. |
|
|
repository is the URL |
|
|
revision is the commit hash for the specified revision. |
glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/ReADMe.md
object
endpoints
path
Property | Type | Description |
---|---|---|
|
|
endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/ReADMe.md#create-a-pod |
|
|
path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/ReADMe.md#create-a-pod |
|
|
readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/ReADMe.md#create-a-pod |
hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
object
path
Property | Type | Description |
---|---|---|
|
|
path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
|
|
type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
iscsi represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/ReADMe.md
object
iqn
lun
targetPortal
Property | Type | Description |
---|---|---|
|
|
chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication |
|
|
chapAuthSession defines whether support iSCSI Session CHAP authentication |
|
|
fsType is the filesystem type of the volume that you want to mount. Tip: ensure that the filesystem type is supported by the host operating system. examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. |
|
|
iqn is the target iSCSI Qualified Name. |
|
|
iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). |
|
|
lun represents iSCSI Target Lun number. |
|
|
portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). |
|
|
readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. |
|
|
secretRef is the CHAP Secret for iSCSI target and initiator authentication |
|
|
targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). |
secretRef is the CHAP Secret for iSCSI target and initiator authentication
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
nfs represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
object
path
server
Property | Type | Description |
---|---|---|
|
|
path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs |
|
|
readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs |
|
|
server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs |
persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
object
claimName
Property | Type | Description |
---|---|---|
|
|
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims |
|
|
readOnly Will force the ReadOnly setting in VolumeMounts. Default false. |
photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
object
pdID
Property | Type | Description |
---|---|---|
|
|
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
pdID is the ID that identifies Photon Controller persistent disk |
portworxVolume represents a portworx volume attached and mounted on kubelets host machine
object
volumeID
Property | Type | Description |
---|---|---|
|
|
fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
volumeID uniquely identifies a Portworx volume |
projected items for all in one resources secrets, configmaps, and downward API
object
Property | Type | Description |
---|---|---|
|
|
defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
sources is the list of volume projections |
|
|
Projection that may be projected along with other supported volume types |
Projection that may be projected along with other supported volume types
object
Property | Type | Description |
---|---|---|
|
|
configMap information about the configMap data to project |
|
|
downwardAPI information about the downwardAPI data to project |
|
|
secret information about the secret data to project |
|
|
serviceAccountToken is information about the serviceAccountToken data to project |
configMap information about the configMap data to project
object
Property | Type | Description |
---|---|---|
|
|
items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. |
|
|
Maps a string key to a path within a volume. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
optional specify whether the ConfigMap or its keys must be defined |
items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
array
Maps a string key to a path within a volume.
object
key
path
Property | Type | Description |
---|---|---|
|
|
key is the key to project. |
|
|
mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. |
downwardAPI information about the downwardAPI data to project
object
Property | Type | Description |
---|---|---|
|
|
Items is a list of DownwardAPIVolume file |
|
|
DownwardAPIVolumeFile represents information to create the file containing the pod field |
Items is a list of DownwardAPIVolume file
array
DownwardAPIVolumeFile represents information to create the file containing the pod field
object
path
Property | Type | Description |
---|---|---|
|
|
Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. |
|
|
Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' |
|
|
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. |
Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
object
fieldPath
Property | Type | Description |
---|---|---|
|
|
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
|
|
Path of the field to select in the specified API version. |
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
object
resource
Property | Type | Description |
---|---|---|
|
|
Container name: required for volumes, optional for env vars |
|
|
Specifies the output format of the exposed resources, defaults to "1" |
|
|
Required: resource to select |
secret information about the secret data to project
object
Property | Type | Description |
---|---|---|
|
|
items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. |
|
|
Maps a string key to a path within a volume. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
optional field specify whether the Secret or its key must be defined |
items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
array
Maps a string key to a path within a volume.
object
key
path
Property | Type | Description |
---|---|---|
|
|
key is the key to project. |
|
|
mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. |
serviceAccountToken is information about the serviceAccountToken data to project
object
path
Property | Type | Description |
---|---|---|
|
|
audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. |
|
|
expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. |
|
|
path is the path relative to the mount point of the file to project the token into. |
quobyte represents a Quobyte mount on the host that shares a pod’s lifetime
object
registry
volume
Property | Type | Description |
---|---|---|
|
|
group to map volume access to Default is no group |
|
|
readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. |
|
|
registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes |
|
|
tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin |
|
|
user to map volume access to Defaults to serivceaccount user |
|
|
volume is a string that references an already created Quobyte volume by name. |
rbd represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md
object
image
monitors
Property | Type | Description |
---|---|---|
|
|
fsType is the filesystem type of the volume that you want to mount. Tip: ensure that the filesystem type is supported by the host operating system. examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md#how-to-use-it |
|
|
keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md#how-to-use-it |
|
|
monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md#how-to-use-it |
|
|
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md#how-to-use-it |
|
|
readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md#how-to-use-it |
|
|
secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md#how-to-use-it |
|
|
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md#how-to-use-it |
secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/ReADMe.md#how-to-use-it
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
object
gateway
secretRef
system
Property | Type | Description |
---|---|---|
|
|
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. ex. "ext4", "xfs", "ntfs". Default is "xfs". |
|
|
gateway is the host address of the ScaleIO API Gateway. |
|
|
protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. |
|
|
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. |
|
|
sslenabled Flag enable/disable SSL communication with Gateway, default false |
|
|
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. |
|
|
storagePool is the ScaleIO Storage Pool associated with the protection domain. |
|
|
system is the name of the storage system as configured in ScaleIO. |
|
|
volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. |
secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
object
Property | Type | Description |
---|---|---|
|
|
defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. |
|
|
Maps a string key to a path within a volume. |
|
|
optional field specify whether the Secret or its keys must be defined |
|
|
secretName is the name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret |
items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
array
Maps a string key to a path within a volume.
object
key
path
Property | Type | Description |
---|---|---|
|
|
key is the key to project. |
|
|
mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. |
storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
object
Property | Type | Description |
---|---|---|
|
|
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. |
|
|
volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. |
|
|
volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. |
secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
object
volumePath
Property | Type | Description |
---|---|---|
|
|
fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. |
|
|
storagePolicyName is the storage Policy Based Management (SPBM) profile name. |
|
|
volumePath is the path that identifies vSphere volume vmdk |
Defines the configuration of the Prometheus web server.
object
Property | Type | Description |
---|---|---|
|
|
Defines HTTP parameters for web server. |
|
|
Defines the maximum number of simultaneous connections A zero value means that Prometheus doesn’t accept any incoming connection. |
|
|
The prometheus web page title. |
|
|
Defines the TLS parameters for HTTPS. |
Defines HTTP parameters for web server.
object
Property | Type | Description |
---|---|---|
|
|
List of headers that can be added to HTTP responses. |
|
|
enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered. |
List of headers that can be added to HTTP responses.
object
Property | Type | Description |
---|---|---|
|
|
Set the Content-Security-Policy header to HTTP responses. Unset if blank. |
|
|
Set the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same domain and subdomains over HTTPS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security |
|
|
Set the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options |
|
|
Set the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options |
|
|
Set the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection |
Defines the TLS parameters for HTTPS.
object
cert
keySecret
Property | Type | Description |
---|---|---|
|
|
Contains the TLS certificate for the server. |
|
|
List of supported cipher suites for TLS versions up to TLS 1.2. If empty, Go default cipher suites are used. Available cipher suites are documented in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants |
|
|
Server policy for client authentication. Maps to ClientAuth Policies. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType |
|
|
Contains the CA certificate for client certificate authentication to the server. |
|
|
elliptic curves that will be used in an eCDHe handshake, in preference order. Available curves are documented in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID |
|
|
Secret containing the TLS key for the server. |
|
|
Maximum TLS version that is acceptable. Defaults to TLS13. |
|
|
Minimum TLS version that is acceptable. Defaults to TLS12. |
|
|
Controls whether the server selects the client’s most preferred cipher suite, or the server’s most preferred cipher suite. If true then the server’s preference, as expressed in the order of elements in cipherSuites, is used. |
Contains the TLS certificate for the server.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Contains the CA certificate for client certificate authentication to the server.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the TLS key for the server.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Most recent observed status of the Prometheus cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
object
availableReplicas
paused
replicas
unavailableReplicas
updatedReplicas
Property | Type | Description |
---|---|---|
|
|
Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. |
|
|
The current state of the Prometheus deployment. |
|
|
Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource. |
|
|
Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. |
|
|
Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). |
|
|
The list has one entry per shard. each entry provides a summary of the shard status. |
|
|
|
|
|
Total number of unavailable pods targeted by this Prometheus deployment. |
|
|
Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. |
Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource.
object
lastTransitionTime
status
type
Property | Type | Description |
---|---|---|
|
|
lastTransitionTime is the time of the last update to the current status property. |
|
|
Human-readable message indicating details for the condition’s last transition. |
|
|
ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if |
|
|
Reason for the condition’s last transition. |
|
|
Status of the condition. |
|
|
Type of the condition being reported. |
The list has one entry per shard. each entry provides a summary of the shard status.
array
object
availableReplicas
replicas
shardID
unavailableReplicas
updatedReplicas
Property | Type | Description |
---|---|---|
|
|
Total number of available pods (ready for at least minReadySeconds) targeted by this shard. |
|
|
Total number of pods targeted by this shard. |
|
|
Identifier of the shard. |
|
|
Total number of unavailable pods targeted by this shard. |
|
|
Total number of non-terminated pods targeted by this shard that have the desired spec. |
The following API endpoints are available:
/apis/monitoring.coreos.com/v1/prometheuses
GeT
: list objects of kind Prometheus
/apis/monitoring.coreos.com/v1/namespaces/{namespace}/prometheuses
DeLeTe
: delete collection of Prometheus
GeT
: list objects of kind Prometheus
POST
: create Prometheus
/apis/monitoring.coreos.com/v1/namespaces/{namespace}/prometheuses/{name}
DeLeTe
: delete Prometheus
GeT
: read the specified Prometheus
PATCH
: partially update the specified Prometheus
PUT
: replace the specified Prometheus
/apis/monitoring.coreos.com/v1/namespaces/{namespace}/prometheuses/{name}/status
GeT
: read status of the specified Prometheus
PATCH
: partially update status of the specified Prometheus
PUT
: replace status of the specified Prometheus
GeT
list objects of kind Prometheus
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
empty |
DeLeTe
delete collection of Prometheus
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
empty |
GeT
list objects of kind Prometheus
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
empty |
POST
create Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized |
empty |
Parameter | Type | Description |
---|---|---|
|
|
name of the Prometheus |
DeLeTe
delete Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized |
empty |
GeT
read the specified Prometheus
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
empty |
PATCH
partially update the specified Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
empty |
PUT
replace the specified Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
empty |
Parameter | Type | Description |
---|---|---|
|
|
name of the Prometheus |
GeT
read status of the specified Prometheus
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
empty |
PATCH
partially update status of the specified Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
empty |
PUT
replace status of the specified Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
empty |