diff --git a/monitoring/jsonnetfile.json b/monitoring/jsonnetfile.json index 31f58bf..d1e1b3b 100644 --- a/monitoring/jsonnetfile.json +++ b/monitoring/jsonnetfile.json @@ -8,7 +8,7 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "master", + "version": "main", "name": "kube-prometheus" }, { diff --git a/monitoring/jsonnetfile.lock.json b/monitoring/jsonnetfile.lock.json index 04be782..67abc8b 100644 --- a/monitoring/jsonnetfile.lock.json +++ b/monitoring/jsonnetfile.lock.json @@ -8,18 +8,18 @@ "subdir": "grafana" } }, - "version": "8024f4fdaeb3a3a7d72f77e2ed87deb92c79aeda", - "sum": "WXrJQtWuU5lJVc4jXkJGddPMpPP0+4eMcIB5cauZGgM=" + "version": "8ea4e7bc04b1bf5e9bd99918ca28c6271b42be0e", + "sum": "muenICtKXABk6MZZHCZD2wCbmtiE96GwWRMGa1Rg+wA=" }, { "source": { "git": { "remote": "https://github.com/etcd-io/etcd", - "subdir": "Documentation/etcd-mixin" + "subdir": "contrib/mixin" } }, - "version": "ca866c02422ff3f3d1f0876898a30c33dd7bcccf", - "sum": "bLqTqEr0jky9zz5MV/7ucn6H5mph2NlXas0TVnGNB1Y=" + "version": "562d645ac923388ff5b8d270b0536764d34b0e0f", + "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { "source": { @@ -28,8 +28,8 @@ "subdir": "grafonnet" } }, - "version": "356bd73e4792ffe107725776ca8946895969c191", - "sum": "CSMZ3dJrpJpwvffie8BqcfrIVVwiKNqdPEN+1XWRBGU=" + "version": "55cf4ee53ced2b6d3ce96ecce9fb813b4465be98", + "sum": "4/sUV0Kk+o8I+wlYxL9R6EPhL/NiLfYHk+NXlU64RUk=" }, { "source": { @@ -38,8 +38,8 @@ "subdir": "grafana-builder" } }, - "version": "216bc806bb512f218e3cf5ed3d4f5699b07f04d6", - "sum": "9/eJqljTTtJeq9QRjabdKWL6yD8a7VzLmGKBK3ir77k=" + "version": "dbf1211d003d20c7adcdee942c477e648507a398", + "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { "source": { @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "ead45674dba3c8712e422d99223453177aac6bf4", - "sum": "3i0NkntlBluDS1NRF+iSc2e727Alkv3ziuVjAP12/kE=" + "version": "c67c0f19e869f1da34d79b6507c1fa37c23a6e4e", + "sum": "F+RxcI26zeoeI81uot39Jv6IpQ6BOz+xlSHlElJYsz8=" }, { "source": { @@ -69,7 +69,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "ead45674dba3c8712e422d99223453177aac6bf4", + "version": "39a9cda705b5201c35105bd1f24c83923fa839ef", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -79,8 +79,8 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "89aaf6c524ee891140c4c8f2a05b1b16f5847309", - "sum": "zD/pbQLnQq+5hegEelaheHS8mn1h09GTktFO74iwlBI=" + "version": "b1889aa1561ee269f628e2b9659155e7714dbbf0", + "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { "source": { @@ -89,7 +89,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "7bdd62593c9273b5179cf3c9d2d819e9d997aaa4", + "version": "b1889aa1561ee269f628e2b9659155e7714dbbf0", "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" }, { @@ -99,8 +99,8 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "7d7d40b4dee70ecd3328dcdee2ed0cc8f806df93", - "sum": "6PhhQPWilq4skfe+z/hXKEg1pRqHnwvMR1Au6W136U0=" + "version": "5b2740d517095a6ae9ad51bcb9c53e5ef28c62a0", + "sum": "+6VkkR44AC3Qnwfr9cWYCKs+uRi5JaIOda/3X1JEzAg=" }, { "source": { @@ -109,8 +109,9 @@ "subdir": "jsonnet/mixin" } }, - "version": "117c9a2cd905479022a66ddd92a41f599cccf10d", - "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" + "version": "b7ca32169844f0b5143f3e5e318fc05fa025df18", + "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", + "name": "prometheus-operator-mixin" }, { "source": { @@ -119,8 +120,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "d8b7d3766225908d0239fd0d78258892cd0fc384", - "sum": "Nl+N/h76bzD9tZ8tx7tuNIKHwCIJ9zyOsAWplH8HvAE=" + "version": "b7ca32169844f0b5143f3e5e318fc05fa025df18", + "sum": "MRwyChXdKG3anL2OWpbUu3qWc97w9J6YsjUWjLFQyB0=" }, { "source": { @@ -129,8 +130,8 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "193ebba04d1e70d971047e983a0b489112610460", - "sum": "QcftU7gjCQyj7B6M4YJeCAeaPd0kwxd4J4rolo7AnLE=", + "version": "99f64e944b1043c790784cf5373c8fb349816fc4", + "sum": "V8jcZQ1Qrlm7AQ6wjbuQQsacPb0NvrcZovKyplmzW5w=", "name": "alertmanager" }, { @@ -140,8 +141,8 @@ "subdir": "docs/node-mixin" } }, - "version": "8b466360a35581e0301bd22918be7011cf4203c3", - "sum": "rvyiD/yCB4BeYAWqYF53bP8c+aCUt2ipLHW2Ea8ELO8=" + "version": "b597c1244d7bef49e6f3359c87a56dd7707f6719", + "sum": "cZTNXQMUCLB5FGYpMn845dcqGdkcYt58qCqOFIV/BoQ=" }, { "source": { @@ -150,8 +151,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "26d89b4b0776fe4cd5a3656dfa520f119a375273", - "sum": "1VRVMuxAEZ9vdGHFlndmG9iQzDD6AoIXrX80CDpGDaU=", + "version": "3cafc58827d1ebd1a67749f88be4218f0bab3d8d", + "sum": "VK0c3sQ3ksiM6JQsAVfWmL5NbzGv9llMfXFNXfFdJ+A=", "name": "prometheus" }, { @@ -161,8 +162,9 @@ "subdir": "mixin" } }, - "version": "37e6ef61566c7c70793ba6d128f00c4c66cb2402", - "sum": "OptiWUMOHFrRGTZhSfxV1RCeXZ90qsefGNTD4lDYVG0=" + "version": "ba6c5c4726ff52807c7383c68f2159b1af7980bb", + "sum": "XP3uq7xcfKHsnWsz1v992csZhhZR3jQma6hFOfSViTs=", + "name": "thanos-mixin" }, { "source": { diff --git a/monitoring/k3s.libsonnet b/monitoring/k3s.libsonnet index b38aa67..9bbaf3e 100644 --- a/monitoring/k3s.libsonnet +++ b/monitoring/k3s.libsonnet @@ -72,7 +72,7 @@ local masterIP = '185.95.218.11'; { port: 'http-metrics', interval: '30s', - metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet') + [ + metricRelabelings: (import 'kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet') + [ { sourceLabels: ['__name__'], regex: 'etcd_(debugging|disk|request|server).*', diff --git a/monitoring/manifests/alertmanager-alertmanager.yaml b/monitoring/manifests/alertmanager-alertmanager.yaml index 4267b40..a8bb2e4 100644 --- a/monitoring/manifests/alertmanager-alertmanager.yaml +++ b/monitoring/manifests/alertmanager-alertmanager.yaml @@ -3,17 +3,34 @@ kind: Alertmanager metadata: labels: alertmanager: main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 name: main - namespace: monitoring + namespace: default spec: configSecret: alertmanager-tbrnt-config image: quay.io/prometheus/alertmanager:v0.21.0 nodeSelector: kubernetes.io/os: linux - replicas: 1 + podMetadata: + labels: + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 + replicas: 3 + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 4m + memory: 100Mi securityContext: fsGroup: 2000 runAsNonRoot: true runAsUser: 1000 serviceAccountName: alertmanager-main - version: v0.21.0 + version: 0.21.0 diff --git a/monitoring/manifests/alertmanager-podDisruptionBudget.yaml b/monitoring/manifests/alertmanager-podDisruptionBudget.yaml new file mode 100644 index 0000000..fa53d26 --- /dev/null +++ b/monitoring/manifests/alertmanager-podDisruptionBudget.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 + name: alertmanager-main + namespace: default +spec: + maxUnavailable: 1 + selector: + matchLabels: + alertmanager: main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/alertmanager-prometheusRule.yaml b/monitoring/manifests/alertmanager-prometheusRule.yaml new file mode 100644 index 0000000..3c1eed3 --- /dev/null +++ b/monitoring/manifests/alertmanager-prometheusRule.yaml @@ -0,0 +1,156 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 + prometheus: k8s + role: alert-rules + name: alertmanager-main-rules + namespace: default +spec: + groups: + - name: alertmanager.rules + rules: + - alert: AlertmanagerFailedReload + annotations: + description: Configuration has failed to load for {{ $labels.namespace }}/{{ + $labels.pod}}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedreload + summary: Reloading an Alertmanager configuration has failed. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(alertmanager_config_last_reload_successful{job="alertmanager-main",namespace="default"}[5m]) == 0 + for: 10m + labels: + severity: critical + - alert: AlertmanagerMembersInconsistent + annotations: + description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} has only + found {{ $value }} members of the {{$labels.job}} cluster. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagermembersinconsistent + summary: A member of an Alertmanager cluster has not found all other cluster + members. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="default"}[5m]) + < on (namespace,service) group_left + count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="default"}[5m])) + for: 10m + labels: + severity: critical + - alert: AlertmanagerFailedToSendAlerts + annotations: + description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} failed + to send {{ $value | humanizePercentage }} of notifications to {{ $labels.integration + }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedtosendalerts + summary: An Alertmanager instance failed to send notifications. + expr: | + ( + rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="default"}[5m]) + / + rate(alertmanager_notifications_total{job="alertmanager-main",namespace="default"}[5m]) + ) + > 0.01 + for: 5m + labels: + severity: warning + - alert: AlertmanagerClusterFailedToSendAlerts + annotations: + description: The minimum notification failure rate to {{ $labels.integration + }} sent from any instance in the {{$labels.job}} cluster is {{ $value | + humanizePercentage }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterfailedtosendalerts + summary: All Alertmanager instances in a cluster failed to send notifications + to a critical integration. + expr: | + min by (namespace,service, integration) ( + rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="default", integration=~`.*`}[5m]) + / + rate(alertmanager_notifications_total{job="alertmanager-main",namespace="default", integration=~`.*`}[5m]) + ) + > 0.01 + for: 5m + labels: + severity: critical + - alert: AlertmanagerClusterFailedToSendAlerts + annotations: + description: The minimum notification failure rate to {{ $labels.integration + }} sent from any instance in the {{$labels.job}} cluster is {{ $value | + humanizePercentage }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterfailedtosendalerts + summary: All Alertmanager instances in a cluster failed to send notifications + to a non-critical integration. + expr: | + min by (namespace,service, integration) ( + rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="default", integration!~`.*`}[5m]) + / + rate(alertmanager_notifications_total{job="alertmanager-main",namespace="default", integration!~`.*`}[5m]) + ) + > 0.01 + for: 5m + labels: + severity: warning + - alert: AlertmanagerConfigInconsistent + annotations: + description: Alertmanager instances within the {{$labels.job}} cluster have + different configurations. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerconfiginconsistent + summary: Alertmanager instances within the same cluster have different configurations. + expr: | + count by (namespace,service) ( + count_values by (namespace,service) ("config_hash", alertmanager_config_hash{job="alertmanager-main",namespace="default"}) + ) + != 1 + for: 20m + labels: + severity: critical + - alert: AlertmanagerClusterDown + annotations: + description: '{{ $value | humanizePercentage }} of Alertmanager instances + within the {{$labels.job}} cluster have been up for less than half of the + last 5m.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterdown + summary: Half or more of the Alertmanager instances within the same cluster + are down. + expr: | + ( + count by (namespace,service) ( + avg_over_time(up{job="alertmanager-main",namespace="default"}[5m]) < 0.5 + ) + / + count by (namespace,service) ( + up{job="alertmanager-main",namespace="default"} + ) + ) + >= 0.5 + for: 5m + labels: + severity: critical + - alert: AlertmanagerClusterCrashlooping + annotations: + description: '{{ $value | humanizePercentage }} of Alertmanager instances + within the {{$labels.job}} cluster have restarted at least 5 times in the + last 10m.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclustercrashlooping + summary: Half or more of the Alertmanager instances within the same cluster + are crashlooping. + expr: | + ( + count by (namespace,service) ( + changes(process_start_time_seconds{job="alertmanager-main",namespace="default"}[10m]) > 4 + ) + / + count by (namespace,service) ( + up{job="alertmanager-main",namespace="default"} + ) + ) + >= 0.5 + for: 5m + labels: + severity: critical diff --git a/monitoring/manifests/alertmanager-secret.yaml b/monitoring/manifests/alertmanager-secret.yaml index 20c205f..7f3d78b 100644 --- a/monitoring/manifests/alertmanager-secret.yaml +++ b/monitoring/manifests/alertmanager-secret.yaml @@ -1,8 +1,14 @@ apiVersion: v1 kind: Secret metadata: + labels: + alertmanager: main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 name: alertmanager-main - namespace: monitoring + namespace: default stringData: alertmanager.yaml: |- "global": diff --git a/monitoring/manifests/alertmanager-service.yaml b/monitoring/manifests/alertmanager-service.yaml index df4c9ff..d4bd094 100644 --- a/monitoring/manifests/alertmanager-service.yaml +++ b/monitoring/manifests/alertmanager-service.yaml @@ -3,8 +3,12 @@ kind: Service metadata: labels: alertmanager: main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 name: alertmanager-main - namespace: monitoring + namespace: default spec: ports: - name: web @@ -13,4 +17,7 @@ spec: selector: alertmanager: main app: alertmanager + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus sessionAffinity: ClientIP diff --git a/monitoring/manifests/alertmanager-serviceAccount.yaml b/monitoring/manifests/alertmanager-serviceAccount.yaml index 5c06d5e..c7dbe68 100644 --- a/monitoring/manifests/alertmanager-serviceAccount.yaml +++ b/monitoring/manifests/alertmanager-serviceAccount.yaml @@ -1,5 +1,11 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + alertmanager: main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 name: alertmanager-main - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/alertmanager-serviceMonitor.yaml b/monitoring/manifests/alertmanager-serviceMonitor.yaml index 548af0d..5b29bba 100644 --- a/monitoring/manifests/alertmanager-serviceMonitor.yaml +++ b/monitoring/manifests/alertmanager-serviceMonitor.yaml @@ -2,9 +2,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - k8s-app: alertmanager + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 name: alertmanager - namespace: monitoring + namespace: default spec: endpoints: - interval: 30s @@ -12,3 +15,6 @@ spec: selector: matchLabels: alertmanager: main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/alertmanager-tbrnt-config-secret.yaml b/monitoring/manifests/alertmanager-tbrnt-config-secret.yaml index c14254f..3a2bd98 100644 --- a/monitoring/manifests/alertmanager-tbrnt-config-secret.yaml +++ b/monitoring/manifests/alertmanager-tbrnt-config-secret.yaml @@ -6,11 +6,12 @@ metadata: namespace: monitoring spec: encryptedData: - alertmanager.yaml: AgDHh1Qgrdffl6IFXJuk3ZzNHGARWZLDzbMLKp5Wo/ZYqclCji4T5wx7Fql6FALCvvUBvThxLfiwM2LQHRcWfWnf5AwxipCxpos9oVvlu4aON0WZd/Kjz/ZwDq5pgR/etCrSA2DYNxYq4vnTxUAk29eY5F4dWwRPcCgVZ5/KsTIcNx4x+4einqQbwAhkUtAwQl5fEPmpwNRquJZM29XIEUxZLWne0YmCmEgNGleUU20ByfYMwgtDJGjgr6XNPtTmByAHVrxNuQwAMxgT6GcfDLCNsByaS6CY3wmSTg1GUv/CG8Xx29FwDWyf1Ly2KbmcAAafN5QJGvCCTEt/WB85GtzQisrWFZTykv3Zjuz101p9ShXQZALylaX5h22hHFXuQyiIQZEeM2ixiYQjcPhiPjx1/hkbQ25QRD73/gjalZO8bprDrJxkLlw+hrgJ0LzxWL881U6INLKow+8/GmLleFhMUXRsGqacLreCIAr4uVGEMGMVLhHJKnj597HRnn0UCxVNkDk8QjHyiVgJBrQ3Pz9SFdF7mxvJ9F4rEgGkE4dvfvWxrZFumTLEkVRF9To+rKxsIVkewvoHtN/gMzFMzumP+fz/oB9yAHsxkwVyfqXBg52hNSYIx5Z/67yy3hDRKPBcZgknf9S+F37ET5BABFxazwG8NJjf4td+UsAGuAMzKI/94u7TxuXLPCs/tIGKD7kJnPxAqpalepzABtVCmOrtWwNPb1h4XeuraUS9beJ2zV9oV5nVFJmX94EJ7qpZt0Um7+GGeavQ5SV3XHRolDS5PpZPTAWnc/1rtZ0nsKk8lllEr3aDWveMXma06NKkIXz8+iAonvHsDZuw0W6jUdUUtraIbSua9YkyugqCBGeeXIPLwFxqJTqIX5vedZVMveFiaxtCJjL48SUGxtyugfiYbPa3xpHWWe22BcJyTmAOG9aIq4Tp4nvftLyvWe7c9PotJk/7gdv1IO4RLx//eLtKWw0uADa0ara4hDuI8Yktlti24TlA9XYz00d5WtE+lJsSZN8547BUfFzXSOZSSbfrFLZmEmBTgkbj4szX19bXSctJN3BtOmRfCEPXYQN10HgnhpwqYHbXKUSTZNWLojnFL1/E56wUXGxRg9NGOwSXzTyfoLGxI9NEQpGc0Rj2Wna+JSUhlAUnfYW1eH8yyg5FfkyhQdyZJFvYfF0rk+XG5XNhLumST19uxrAkMWhk+Z9/eWwOaZQMmDcoi2Rs0za+1GGjPW5k56Ip+spwW5cvYmdl1PgkZ4g1mupjiB0FdgZHGR+kGn1lbPtSUd+amh9PXSDWkqfnix62H7374rQ3ZyG7fs9sQNnnRrd/cDCMxAl5Upk8D9dfxRmvuxRd8b89h7EQwUBML7TIriA2Pci5Ftux2R5wyIXjznLC5/kFZg6/Av3uKmKK6dLR2Ooey7/3g14CEjMumdijjySl8Pd2UUxSKVKD7vkq+3xYm0CJZqVvT/iBOccrv0UEiTHBsXrfaugUvqIKTAGYhJy0fUBXKisPdA0HdzrUmx57Du36TGyuEzGtVuDarcWzQYPqKJxOIuofJ+AGTDY53OjdUJ8pwJD6HDz55tu85gaV6ZOvSYqjqeX2FUe7lPhsGUIh/FemfichpypHyFpPYhkwAIO1AinKvsqjUuDXE6n5b7NMbI1gl87fPqT5wUSKXZqwViyFqUA5DFqPTEqvHIGU5Wz0GajEaQ== + alertmanager.yaml: AgBj3KqLiF7EAnGK6c4+Thferv3Sur+fhlwE4wpXD1PBtwlJQsMCqjsLRRFNAESH9/8vhI9E9D8wLJiauNS7CGw5jd5KU1cvxo5EyGeFoVyAB4bHSy/pxptSFq+rn00E99/Tqkbdsgduwusfpi0I9F1+zNucyyamJsEzIcsyHMlBbACz+9KQV9SdbgVEmIeqabrAP9VQaQ+i69yurhPdV7VkZzr0WKcGg3x27+slmtjlJz5fwtv1qmbYt/MQnijF2tc6tJeq19Cm0O4zuQ09meW6DwAZ9SOIFU6LxrqJlKbuleaWmfIE3AQYA6Z+qXyBjT1ILW36RwGyg3YK7nm0MNDQxd6LN3zR0eifPqrPsm7O6LE+NAg4FkurV3lJlrBoU3lSSc+sQZZr00ct9Gp57EEvg9T2TaM1B/KHQNmIhpDGntD4+yTcvK3nU7+sxqG/c4Wk5xiUQyLYnigNy5qYCcsM+t9iCoGxP7uU8GrsvIkojTxzhdc6e5LduThKdGE9jI3R6nCP6kmsU6XyUzgKmxYJVVzhSrm9yxFVDPHriNaEM2hgEd3wStwmRjGjwAPUjQZfSJtmxY6+RQ/77TYGjiskDm6gAZuzkGjdptL2t5F+54y3uePaLHNspMgtZsTARCo3kAhgf61Gk2nvnEY/ws5qFjAnsUEXs86wAk2S+w401QKPKTcDr6e/rnve8IrXW0FPvzR3rzdWOcU8v0Z0sSFijIfXdx+A9WGCJuHNo65FbKSgWhlHBfvWB1qWBnDd/VVHIA2wR8gevAPJHSc0f1WdUDc4w2w8tc/qum1SZo2lWkMopvLaiVHU5dCGtG6+4qsC1DmFzIRGZN4AbdVd5k+OY15Fp+ysjuTpA/HuZ/N0kz/5BXzNbY3u7YKi3EV3Up+eZIi2jlG0XBXWdCouuxRW40qHuShivtbrBgey32kFo85dsrDqN7F2kBVnumOB7kvFOaCkL2AtsakVjUzGoh5eXCSHl0ZcqmW2UjInzZIirBChMW/G4yL/TwpVYbBLqWPfdVMFmq7I4srY2+hUP/5UBt/DKZi5zPlLR8H3q4i02zsNpqdhSa9o6ThhFtVX9/te/DMpyN1fJ1Hn2p3cDhoTsiTLPkvflVOx70flap0v2zzPoDm+yXhFllpWp/5avHy9pKf/RzpAodbNr/EydkC+KDKI88MhVUtxS27WbKFsq+vUkmHQj+KtGyRFjg2/CnmM8YbdRsMe8p39PVGLxj1RTnyYzlMltOTbJo3rhDzjmpzGVUpWokwTMGC1WgTenrS4IcCK61ri9bsBIL9n9sMLF1lT8NVKnQfluDTaHNzsQgJ1HTSwQOcAfugqlUrSeTLt3q6U4pSjjlF8P7wYpqzWc+bhOaHed9NxrGXFBC5Wh6+BULuCaCA6TtkLpUfABYHVUa4OS3huNsOeBhZ3aCCQXrc0jOOq2DQzxvdGu4YAQnvMHwJRVyKVcw0pOS5RjIqJW6IOn0MGHzAo7qNv6LUyJ9a7huT2W4ibrHFkMck1zKxbBekPQ9FxpufSXrEqEqNuB3j7Gi7lVDVbPySr1rr2KXLzOLsnZhpTpMq2RejglIAMF7WfIMfvHQ2mnjNuYNNQnXx8hPLm88GSxFYKHpUnAswgYuo4XX2drYMzzq3GWDMIHZ/kpLySU+eJGo6VGeFUV1DgaGksLXE3oCfrA1OCUyZ/qke3tzj8ixjwuprCmFPWsg== template: metadata: creationTimestamp: null name: alertmanager-tbrnt-config namespace: monitoring type: Opaque +status: {} diff --git a/monitoring/manifests/grafana-dashboardDatasources.yaml b/monitoring/manifests/grafana-dashboardDatasources.yaml index 59a9c46..4f22976 100644 --- a/monitoring/manifests/grafana-dashboardDatasources.yaml +++ b/monitoring/manifests/grafana-dashboardDatasources.yaml @@ -1,8 +1,13 @@ apiVersion: v1 data: - datasources.yaml: ewogICAgImFwaVZlcnNpb24iOiAxLAogICAgImRhdGFzb3VyY2VzIjogWwogICAgICAgIHsKICAgICAgICAgICAgImFjY2VzcyI6ICJwcm94eSIsCiAgICAgICAgICAgICJlZGl0YWJsZSI6IGZhbHNlLAogICAgICAgICAgICAibmFtZSI6ICJwcm9tZXRoZXVzIiwKICAgICAgICAgICAgIm9yZ0lkIjogMSwKICAgICAgICAgICAgInR5cGUiOiAicHJvbWV0aGV1cyIsCiAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovL3Byb21ldGhldXMtazhzLm1vbml0b3Jpbmcuc3ZjOjkwOTAiLAogICAgICAgICAgICAidmVyc2lvbiI6IDEKICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImFjY2VzcyI6ICJwcm94eSIsCiAgICAgICAgICAgICJlZGl0YWJsZSI6IGZhbHNlLAogICAgICAgICAgICAibmFtZSI6ICJMb2tpIiwKICAgICAgICAgICAgIm9yZ0lkIjogMSwKICAgICAgICAgICAgInR5cGUiOiAibG9raSIsCiAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovL2xva2kubG9raTozMTAwIiwKICAgICAgICAgICAgInZlcnNpb24iOiAxCiAgICAgICAgfQogICAgXQp9 + datasources.yaml: ewogICAgImFwaVZlcnNpb24iOiAxLAogICAgImRhdGFzb3VyY2VzIjogWwogICAgICAgIHsKICAgICAgICAgICAgImFjY2VzcyI6ICJwcm94eSIsCiAgICAgICAgICAgICJlZGl0YWJsZSI6IGZhbHNlLAogICAgICAgICAgICAibmFtZSI6ICJwcm9tZXRoZXVzIiwKICAgICAgICAgICAgIm9yZ0lkIjogMSwKICAgICAgICAgICAgInR5cGUiOiAicHJvbWV0aGV1cyIsCiAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovL3Byb21ldGhldXMtazhzLmRlZmF1bHQuc3ZjOjkwOTAiLAogICAgICAgICAgICAidmVyc2lvbiI6IDEKICAgICAgICB9CiAgICBdCn0= kind: Secret metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-datasources - namespace: monitoring + namespace: default type: Opaque diff --git a/monitoring/manifests/grafana-dashboardDefinitions.yaml b/monitoring/manifests/grafana-dashboardDefinitions.yaml index 65e80b9..367900d 100644 --- a/monitoring/manifests/grafana-dashboardDefinitions.yaml +++ b/monitoring/manifests/grafana-dashboardDefinitions.yaml @@ -1729,8 +1729,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-apiserver - namespace: monitoring + namespace: default - apiVersion: v1 data: cluster-total.json: |- @@ -3546,7 +3551,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -3595,8 +3600,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-cluster-total - namespace: monitoring + namespace: default - apiVersion: v1 data: controller-manager.json: |- @@ -3687,7 +3697,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(up{job=\"kube-controller-manager\"})", + "expr": "sum(up{cluster=\"$cluster\", job=\"kube-controller-manager\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -3756,7 +3766,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(workqueue_adds_total{job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", + "expr": "sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} {{name}}", @@ -3862,7 +3872,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(workqueue_depth{job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", + "expr": "sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} {{name}}", @@ -3968,7 +3978,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name, le))", + "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} {{name}}", @@ -4188,7 +4198,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -4294,7 +4304,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -4400,7 +4410,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "process_resident_memory_bytes{job=\"kube-controller-manager\",instance=~\"$instance\"}", + "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -4493,7 +4503,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(process_cpu_seconds_total{job=\"kube-controller-manager\",instance=~\"$instance\"}[5m])", + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -4586,7 +4596,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "go_goroutines{job=\"kube-controller-manager\",instance=~\"$instance\"}", + "expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -4670,6 +4680,32 @@ items: "allValue": null, "current": { + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + }, "datasource": "$datasource", "hide": 0, @@ -4680,7 +4716,7 @@ items: "options": [ ], - "query": "label_values(process_cpu_seconds_total{job=\"kube-controller-manager\"}, instance)", + "query": "label_values(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\"}, instance)", "refresh": 2, "regex": "", "sort": 1, @@ -4730,8 +4766,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-controller-manager - namespace: monitoring + namespace: default - apiVersion: v1 data: k8s-resources-cluster.json: |- @@ -4878,7 +4919,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", + "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -4962,7 +5003,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5046,7 +5087,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5130,7 +5171,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5214,7 +5255,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5609,7 +5650,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -5618,7 +5659,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -5627,7 +5668,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -5636,7 +5677,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6036,7 +6077,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6045,7 +6086,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6054,7 +6095,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6063,7 +6104,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6420,7 +6461,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Current Network Usage", "titleSize": "h6" }, { @@ -6460,7 +6501,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6512,19 +6553,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -6558,7 +6587,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6616,7 +6645,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -6656,7 +6685,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6708,19 +6737,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -6754,7 +6771,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6812,7 +6829,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Average Container Bandwidth by Namespace", "titleSize": "h6" }, { @@ -6852,7 +6869,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6904,19 +6921,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -6950,7 +6955,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -7008,7 +7013,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -7048,7 +7053,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -7100,19 +7105,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -7146,7 +7139,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -7204,7 +7197,497 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS(Reads+Writes)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 21, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut(Read+Write)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "sort": { + "col": 4, + "desc": true + }, + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "IOPS(Reads)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Reads + Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Throughput(Read)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Read + Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Storage IO", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution", "titleSize": "h6" } ], @@ -7296,8 +7779,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-cluster - namespace: monitoring + namespace: default - apiVersion: v1 data: k8s-resources-namespace.json: |- @@ -7359,7 +7847,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"})", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7443,7 +7931,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"})", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7527,7 +8015,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"})", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7611,7 +8099,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"})", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7703,8 +8191,9 @@ items: "color": "#F2495C", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -7713,8 +8202,9 @@ items: "color": "#FF9830", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -7985,7 +8475,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -7994,7 +8484,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8003,7 +8493,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8012,7 +8502,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8109,8 +8599,9 @@ items: "color": "#F2495C", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -8119,8 +8610,9 @@ items: "color": "#FF9830", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -8448,7 +8940,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8457,7 +8949,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8466,7 +8958,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8475,7 +8967,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8859,7 +9351,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Current Network Usage", "titleSize": "h6" }, { @@ -8899,7 +9391,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -8951,19 +9443,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -8997,7 +9477,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9055,7 +9535,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -9095,7 +9575,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9147,19 +9627,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -9193,7 +9661,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9251,7 +9719,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -9291,7 +9759,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9343,19 +9811,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -9389,7 +9845,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9447,7 +9903,497 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS(Reads+Writes)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut(Read+Write)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "sort": { + "col": 4, + "desc": true + }, + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "IOPS(Reads)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Reads + Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Throughput(Read)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Read + Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to containers", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Storage IO", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution", "titleSize": "h6" } ], @@ -9490,7 +10436,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -9517,7 +10463,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -9566,8 +10512,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-namespace - namespace: monitoring + namespace: default - apiVersion: v1 data: k8s-resources-node.json: |- @@ -9872,7 +10823,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9881,7 +10832,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9890,7 +10841,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9899,7 +10850,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10300,7 +11251,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10309,7 +11260,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10318,7 +11269,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10327,7 +11278,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10452,7 +11403,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -10479,7 +11430,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, node)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -10528,8 +11479,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-node - namespace: monitoring + namespace: default - apiVersion: v1 data: k8s-resources-pod.json: |- @@ -10607,7 +11563,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", cluster=\"$cluster\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{container}}", @@ -10615,7 +11571,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "requests", @@ -10623,7 +11579,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "limits", @@ -10721,7 +11677,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(increase(container_cpu_cfs_throttled_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container)", + "expr": "sum(increase(container_cpu_cfs_throttled_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{container}}", @@ -10963,7 +11919,7 @@ items: ], "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10972,7 +11928,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10981,7 +11937,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10990,7 +11946,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10999,7 +11955,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11097,7 +12053,7 @@ items: "dashes": true, "fill": 0, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -11107,7 +12063,7 @@ items: "dashes": true, "fill": 0, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -11118,7 +12074,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", image!=\"\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{container}}", @@ -11126,7 +12082,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "requests", @@ -11134,7 +12090,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "limits", @@ -11426,7 +12382,7 @@ items: ], "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", image!=\"\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11435,7 +12391,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11444,7 +12400,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11453,7 +12409,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11462,7 +12418,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11585,12 +12541,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11637,19 +12593,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -11684,12 +12628,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11742,7 +12686,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -11783,12 +12727,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11835,19 +12779,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -11882,12 +12814,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11940,7 +12872,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -11981,12 +12913,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -12033,19 +12965,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -12080,12 +13000,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -12138,7 +13058,698 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Reads", + "legendLink": null, + "step": 10 + }, + { + "expr": "ceil(sum by(pod) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Writes", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Reads", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Writes", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution(Pod - Read & Writes)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS(Reads+Writes)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut(Read+Write)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution(Containers)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "sort": { + "col": 4, + "desc": true + }, + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "IOPS(Reads)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Reads + Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Throughput(Read)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Read + Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Storage IO", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution", "titleSize": "h6" } ], @@ -12181,7 +13792,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -12208,7 +13819,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -12284,8 +13895,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-pod - namespace: monitoring + namespace: default - apiVersion: v1 data: k8s-resources-workload.json: |- @@ -12590,7 +14206,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12599,7 +14215,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12608,7 +14224,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12617,7 +14233,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12961,7 +14577,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12970,7 +14586,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12979,7 +14595,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12988,7 +14604,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -13345,7 +14961,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Current Network Usage", "titleSize": "h6" }, { @@ -13385,7 +15001,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13437,19 +15053,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -13483,7 +15087,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13541,7 +15145,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -13581,7 +15185,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13633,19 +15237,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -13679,7 +15271,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13737,7 +15329,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Average Container Bandwidth by Pod", "titleSize": "h6" }, { @@ -13777,7 +15369,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13829,19 +15421,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -13875,7 +15455,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13933,7 +15513,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -13973,7 +15553,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -14025,19 +15605,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -14071,7 +15639,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -14129,7 +15697,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", "titleSize": "h6" } ], @@ -14172,7 +15740,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -14199,7 +15767,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -14226,7 +15794,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -14253,7 +15821,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -14302,8 +15870,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-workload - namespace: monitoring + namespace: default - apiVersion: v1 data: k8s-resources-workloads-namespace.json: |- @@ -14361,8 +15934,9 @@ items: "color": "#F2495C", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -14371,8 +15945,9 @@ items: "color": "#FF9830", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -14690,7 +16265,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14699,7 +16274,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14708,7 +16283,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14717,7 +16292,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14814,8 +16389,9 @@ items: "color": "#F2495C", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -14824,8 +16400,9 @@ items: "color": "#FF9830", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -15143,7 +16720,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15152,7 +16729,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15161,7 +16738,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15170,7 +16747,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15546,7 +17123,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Current Network Usage", "titleSize": "h6" }, { @@ -15586,7 +17163,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -15638,19 +17215,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -15684,7 +17249,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -15742,7 +17307,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -15782,7 +17347,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -15834,19 +17399,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -15880,7 +17433,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -15938,7 +17491,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Average Container Bandwidth by Workload", "titleSize": "h6" }, { @@ -15978,7 +17531,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -16030,19 +17583,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -16076,7 +17617,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -16134,7 +17675,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -16174,7 +17715,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -16226,19 +17767,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -16272,7 +17801,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -16330,7 +17859,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", "titleSize": "h6" } ], @@ -16357,38 +17886,6 @@ items: "regex": "", "type": "datasource" }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "deployment", - "value": "deployment" - }, - "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "type", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, { "allValue": null, "current": { @@ -16405,7 +17902,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -16416,6 +17913,38 @@ items: "type": "query", "useTags": false }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, { "allValue": null, "current": { @@ -16432,7 +17961,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -16481,8 +18010,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-workloads-namespace - namespace: monitoring + namespace: default - apiVersion: v1 data: kubelet.json: |- @@ -18998,8 +20532,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-kubelet - namespace: monitoring + namespace: default - apiVersion: v1 data: namespace-by-pod.json: |- @@ -20285,7 +21824,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -20316,7 +21855,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -20446,8 +21985,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-namespace-by-pod - namespace: monitoring + namespace: default - apiVersion: v1 data: namespace-by-workload.json: |- @@ -21973,7 +23517,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -22004,7 +23548,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -22036,7 +23580,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 0, @@ -22166,8 +23710,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-namespace-by-workload - namespace: monitoring + namespace: default - apiVersion: v1 data: node-cluster-rsrc-use.json: |- @@ -23107,15 +24656,20 @@ items: "30d" ] }, - "timezone": "UTC", + "timezone": "utc", "title": "USE Method / Cluster", - "uid": "3e97d1d02672cdd0861f4c97c64f89b2", + "uid": "", "version": 0 } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-node-cluster-rsrc-use - namespace: monitoring + namespace: default - apiVersion: v1 data: node-rsrc-use.json: |- @@ -24082,15 +25636,20 @@ items: "30d" ] }, - "timezone": "UTC", + "timezone": "utc", "title": "USE Method / Node", - "uid": "fac67cfbe174d3ef53eb473d73d9212f", + "uid": "", "version": 0 } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-node-rsrc-use - namespace: monitoring + namespace: default - apiVersion: v1 data: nodes.json: |- @@ -24181,7 +25740,7 @@ items: "timeShift": null, "title": "CPU Usage", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24295,7 +25854,7 @@ items: "timeShift": null, "title": "Load Average", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24422,7 +25981,7 @@ items: "timeShift": null, "title": "Memory Usage", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24525,9 +26084,6 @@ items: ], "thresholds": "80, 90", "title": "Memory Usage", - "tooltip": { - "shared": false - }, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ @@ -24636,7 +26192,7 @@ items: "timeShift": null, "title": "Disk I/O", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24743,7 +26299,7 @@ items: "timeShift": null, "title": "Disk Space Usage", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24850,7 +26406,7 @@ items: "timeShift": null, "title": "Network Received", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24944,7 +26500,7 @@ items: "timeShift": null, "title": "Network Transmitted", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -25067,15 +26623,19 @@ items: "30d" ] }, - "timezone": "UTC", + "timezone": "browser", "title": "Nodes", - "uid": "fa49a4706d07a042595b664c87fb33ea", "version": 0 } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-nodes - namespace: monitoring + namespace: default - apiVersion: v1 data: persistentvolumesusage.json: |- @@ -25266,7 +26826,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", + "expr": "max without(instance,node) (\n(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -25463,7 +27023,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", + "expr": "max without(instance,node) (\nkubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -25635,8 +27195,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-persistentvolumesusage - namespace: monitoring + namespace: default - apiVersion: v1 data: pod-total.json: |- @@ -26654,7 +28219,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -26685,7 +28250,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -26717,7 +28282,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -26847,8 +28412,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-pod-total - namespace: monitoring + namespace: default - apiVersion: v1 data: prometheus-remote-write.json: |- @@ -26872,7 +28442,7 @@ items: "links": [ ], - "refresh": "", + "refresh": "60s", "rows": [ { "collapse": false, @@ -27123,7 +28693,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n", + "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -27708,7 +29278,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"}", + "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -28013,7 +29583,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -28106,7 +29676,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -28199,7 +29769,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -28352,7 +29922,7 @@ items: "schemaVersion": 14, "style": "dark", "tags": [ - + "prometheus-mixin" ], "templating": { "list": [ @@ -28496,13 +30066,18 @@ items: ] }, "timezone": "browser", - "title": "Prometheus Remote Write", + "title": "Prometheus / Remote Write", "version": 0 } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-prometheus-remote-write - namespace: monitoring + namespace: default - apiVersion: v1 data: prometheus.json: |- @@ -28519,7 +30094,7 @@ items: "links": [ ], - "refresh": "10s", + "refresh": "60s", "rows": [ { "collapse": false, @@ -28706,7 +30281,7 @@ items: "timeShift": null, "title": "Prometheus Stats", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -28805,7 +30380,7 @@ items: "timeShift": null, "title": "Target Sync", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -28891,7 +30466,7 @@ items: "timeShift": null, "title": "Targets", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -28989,7 +30564,7 @@ items: "timeShift": null, "title": "Average Scrape Interval Duration", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29099,7 +30674,7 @@ items: "timeShift": null, "title": "Scrape failures", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29185,7 +30760,7 @@ items: "timeShift": null, "title": "Appended Samples", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29283,7 +30858,7 @@ items: "timeShift": null, "title": "Head Series", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29369,7 +30944,7 @@ items: "timeShift": null, "title": "Head Chunks", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29467,7 +31042,7 @@ items: "timeShift": null, "title": "Query Rate", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29553,7 +31128,7 @@ items: "timeShift": null, "title": "Stage Duration", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29598,7 +31173,7 @@ items: "schemaVersion": 14, "style": "dark", "tags": [ - + "prometheus-mixin" ], "templating": { "list": [ @@ -29619,7 +31194,7 @@ items: "type": "datasource" }, { - "allValue": null, + "allValue": ".+", "current": { "selected": true, "text": "All", @@ -29647,7 +31222,7 @@ items: "useTags": false }, { - "allValue": null, + "allValue": ".+", "current": { "selected": true, "text": "All", @@ -29706,14 +31281,19 @@ items: ] }, "timezone": "utc", - "title": "Prometheus Overview", + "title": "Prometheus / Overview", "uid": "", "version": 0 } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-prometheus - namespace: monitoring + namespace: default - apiVersion: v1 data: proxy.json: |- @@ -29804,7 +31384,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(up{job=\"kube-proxy\"})", + "expr": "sum(up{cluster=\"$cluster\", job=\"kube-proxy\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -29873,7 +31453,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", + "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "rate", @@ -29966,7 +31546,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", + "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30072,7 +31652,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", + "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "rate", @@ -30165,7 +31745,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{job=\"kube-proxy\", instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30271,28 +31851,28 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-proxy\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"2..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "2xx", "refId": "A" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-proxy\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"3..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "3xx", "refId": "B" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-proxy\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"4..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "4xx", "refId": "C" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-proxy\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"5..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "5xx", @@ -30385,7 +31965,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-proxy\",instance=~\"$instance\",verb=\"POST\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\",verb=\"POST\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -30491,7 +32071,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-proxy\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -30597,7 +32177,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "process_resident_memory_bytes{job=\"kube-proxy\",instance=~\"$instance\"}", + "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30690,7 +32270,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(process_cpu_seconds_total{job=\"kube-proxy\",instance=~\"$instance\"}[5m])", + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30783,7 +32363,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "go_goroutines{job=\"kube-proxy\",instance=~\"$instance\"}", + "expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30867,6 +32447,32 @@ items: "allValue": null, "current": { + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + }, "datasource": "$datasource", "hide": 0, @@ -30877,7 +32483,7 @@ items: "options": [ ], - "query": "label_values(kubeproxy_network_programming_duration_seconds_bucket{job=\"kube-proxy\"}, instance)", + "query": "label_values(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\"}, instance)", "refresh": 2, "regex": "", "sort": 1, @@ -30927,8 +32533,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-proxy - namespace: monitoring + namespace: default - apiVersion: v1 data: scheduler.json: |- @@ -31019,7 +32630,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(up{job=\"kube-scheduler\"})", + "expr": "sum(up{cluster=\"$cluster\", job=\"kube-scheduler\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -31088,28 +32699,28 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} e2e", "refId": "A" }, { - "expr": "sum(rate(scheduler_binding_duration_seconds_count{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} binding", "refId": "B" }, { - "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} scheduling algorithm", "refId": "C" }, { - "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} volume", @@ -31202,28 +32813,28 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} e2e", "refId": "A" }, { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} binding", "refId": "B" }, { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} scheduling algorithm", "refId": "C" }, { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} volume", @@ -31329,28 +32940,28 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-scheduler\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"2..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "2xx", "refId": "A" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-scheduler\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"3..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "3xx", "refId": "B" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-scheduler\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"4..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "4xx", "refId": "C" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-scheduler\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"5..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "5xx", @@ -31443,7 +33054,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-scheduler\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -31549,7 +33160,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-scheduler\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -31655,7 +33266,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "process_resident_memory_bytes{job=\"kube-scheduler\", instance=~\"$instance\"}", + "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -31748,7 +33359,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(process_cpu_seconds_total{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])", + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -31841,7 +33452,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "go_goroutines{job=\"kube-scheduler\",instance=~\"$instance\"}", + "expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -31925,6 +33536,32 @@ items: "allValue": null, "current": { + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + }, "datasource": "$datasource", "hide": 0, @@ -31935,7 +33572,7 @@ items: "options": [ ], - "query": "label_values(process_cpu_seconds_total{job=\"kube-scheduler\"}, instance)", + "query": "label_values(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-scheduler\"}, instance)", "refresh": 2, "regex": "", "sort": 1, @@ -31985,8 +33622,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-scheduler - namespace: monitoring + namespace: default - apiVersion: v1 data: statefulset.json: |- @@ -32897,797 +34539,13 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-statefulset - namespace: monitoring -- apiVersion: v1 - data: - traefik.json: |- - { - "__inputs": [ - { - "description": "", - "label": "Prometheus", - "name": "DS_PROMETHEUS", - "pluginId": "prometheus", - "pluginName": "Prometheus", - "type": "datasource" - } - ], - "__requires": [ - { - "id": "grafana", - "name": "Grafana", - "type": "grafana", - "version": "5.2.4" - }, - { - "id": "grafana-piechart-panel", - "name": "Pie Chart", - "type": "panel", - "version": "1.1.6" - }, - { - "id": "graph", - "name": "Graph", - "type": "panel", - "version": "5.0.0" - }, - { - "id": "prometheus", - "name": "Prometheus", - "type": "datasource", - "version": "5.0.0" - }, - { - "id": "singlestat", - "name": "Singlestat", - "type": "panel", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Traefik dashboard prometheus", - "editable": true, - "gnetId": 4475, - "graphTooltip": 0, - "id": null, - "iteration": 1538662098977, - "links": [ - - ], - "panels": [ - { - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 10, - "title": "$backend stats", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "#d44a3a", - "rgba(237, 129, 40, 0.89)", - "#299c46" - ], - "datasource": "prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 1, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(traefik_backend_server_up{backend=\"$backend\"})/count(traefik_config_reloads_total)", - "format": "time_series", - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "0,1", - "title": "$backend status", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "OK", - "value": "1" - } - ], - "valueName": "current" - }, - { - "aliasColors": { - - }, - "breakPoint": "50%", - "cacheTimeout": null, - "combine": { - "label": "Others", - "threshold": 0 - }, - "datasource": "prometheus", - "fontSize": "80%", - "format": "short", - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 2, - "interval": null, - "legend": { - "percentage": true, - "show": true, - "values": true - }, - "legendType": "Right side", - "links": [ - - ], - "maxDataPoints": 3, - "nullPointMode": "connected", - "pieType": "pie", - "strokeWidth": 1, - "targets": [ - { - "expr": "traefik_backend_requests_total{backend=\"$backend\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{method}} : {{code}}", - "refId": "A" - } - ], - "title": "$backend return code", - "type": "grafana-piechart-panel", - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "prometheus", - "format": "ms", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 1 - }, - "id": 4, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(traefik_backend_request_duration_seconds_sum{backend=\"$backend\"}) / sum(traefik_backend_requests_total{backend=\"$backend\"}) * 1000", - "format": "time_series", - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "", - "title": "$backend response time", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 3, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(traefik_backend_requests_total{backend=\"$backend\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total requests $backend", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Total requests over 5min $backend", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 15 - }, - "id": 12, - "panels": [ - - ], - "title": "Global stats", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 16 - }, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(traefik_entrypoint_requests_total{entrypoint=~\"$entrypoint\",code=\"200\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{method}} : {{code}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Status code 200 over 5min", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 16 - }, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(traefik_entrypoint_requests_total{entrypoint=~\"$entrypoint\",code!=\"200\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ method }} : {{code}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Others status code over 5min", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - - }, - "breakPoint": "50%", - "cacheTimeout": null, - "combine": { - "label": "Others", - "threshold": 0 - }, - "datasource": "prometheus", - "fontSize": "80%", - "format": "short", - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 23 - }, - "id": 7, - "interval": null, - "legend": { - "show": true, - "values": true - }, - "legendType": "Right side", - "links": [ - - ], - "maxDataPoints": 3, - "nullPointMode": "connected", - "pieType": "pie", - "strokeWidth": 1, - "targets": [ - { - "expr": "sum(rate(traefik_backend_requests_total[5m])) by (backend) ", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ backend }}", - "refId": "A" - } - ], - "title": "Requests by service", - "type": "grafana-piechart-panel", - "valueName": "total" - }, - { - "aliasColors": { - - }, - "breakPoint": "50%", - "cacheTimeout": null, - "combine": { - "label": "Others", - "threshold": 0 - }, - "datasource": "prometheus", - "fontSize": "80%", - "format": "short", - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 23 - }, - "id": 8, - "interval": null, - "legend": { - "show": true, - "values": true - }, - "legendType": "Right side", - "links": [ - - ], - "maxDataPoints": 3, - "nullPointMode": "connected", - "pieType": "pie", - "strokeWidth": 1, - "targets": [ - { - "expr": "sum(rate(traefik_entrypoint_requests_total{entrypoint =~ \"$entrypoint\"}[5m])) by (entrypoint) ", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ entrypoint }}", - "refId": "A" - } - ], - "title": "Requests by protocol", - "type": "grafana-piechart-panel", - "valueName": "total" - } - ], - "schemaVersion": 16, - "style": "dark", - "tags": [ - "traefik", - "prometheus" - ], - "templating": { - "list": [ - { - "allValue": null, - "current": { - - }, - "datasource": "prometheus", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "backend", - "options": [ - - ], - "query": "label_values(backend)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "prometheus", - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "entrypoint", - "options": [ - - ], - "query": "label_values(entrypoint)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Traefik", - "uid": "qPdAviJmz", - "version": 5 - } - kind: ConfigMap - metadata: - name: grafana-dashboard-traefik - namespace: monitoring + namespace: default - apiVersion: v1 data: workload-total.json: |- @@ -34883,7 +35741,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -34914,7 +35772,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -34946,7 +35804,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -34978,7 +35836,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 0, @@ -35108,6 +35966,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-workload-total - namespace: monitoring + namespace: default kind: ConfigMapList diff --git a/monitoring/manifests/grafana-dashboardSources.yaml b/monitoring/manifests/grafana-dashboardSources.yaml index fffec98..5c3c586 100644 --- a/monitoring/manifests/grafana-dashboardSources.yaml +++ b/monitoring/manifests/grafana-dashboardSources.yaml @@ -17,5 +17,10 @@ data: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana-dashboards - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/grafana-deployment.yaml b/monitoring/manifests/grafana-deployment.yaml index 2b6e518..82a271b 100644 --- a/monitoring/manifests/grafana-deployment.yaml +++ b/monitoring/manifests/grafana-deployment.yaml @@ -2,26 +2,32 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - app: grafana + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana - namespace: monitoring + namespace: default spec: replicas: 1 selector: matchLabels: - app: grafana + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus template: metadata: annotations: - checksum/grafana-datasources: 7103d054a6e94f976ca59b4ede77cf88 + checksum/grafana-datasources: b822d7b1a1070f322d0773c043985b4a labels: - app: grafana + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 spec: containers: - - env: - - name: GF_INSTALL_PLUGINS - value: grafana-piechart-panel - image: grafana/grafana:7.3.5 + - env: [] + image: grafana/grafana:7.5.4 name: grafana ports: - containerPort: 3000 @@ -113,9 +119,6 @@ spec: - mountPath: /grafana-dashboard-definitions/0/statefulset name: grafana-dashboard-statefulset readOnly: false - - mountPath: /grafana-dashboard-definitions/0/traefik - name: grafana-dashboard-traefik - readOnly: false - mountPath: /grafana-dashboard-definitions/0/workload-total name: grafana-dashboard-workload-total readOnly: false @@ -201,9 +204,6 @@ spec: - configMap: name: grafana-dashboard-statefulset name: grafana-dashboard-statefulset - - configMap: - name: grafana-dashboard-traefik - name: grafana-dashboard-traefik - configMap: name: grafana-dashboard-workload-total name: grafana-dashboard-workload-total diff --git a/monitoring/manifests/grafana-service.yaml b/monitoring/manifests/grafana-service.yaml index 5e7e145..a9f1a05 100644 --- a/monitoring/manifests/grafana-service.yaml +++ b/monitoring/manifests/grafana-service.yaml @@ -2,14 +2,18 @@ apiVersion: v1 kind: Service metadata: labels: - app: grafana + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana - namespace: monitoring + namespace: default spec: ports: - name: http port: 3000 targetPort: http selector: - app: grafana - type: NodePort + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/grafana-serviceAccount.yaml b/monitoring/manifests/grafana-serviceAccount.yaml index 3ed3e03..7563751 100644 --- a/monitoring/manifests/grafana-serviceAccount.yaml +++ b/monitoring/manifests/grafana-serviceAccount.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: grafana - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/grafana-serviceMonitor.yaml b/monitoring/manifests/grafana-serviceMonitor.yaml index 7ede266..da88f17 100644 --- a/monitoring/manifests/grafana-serviceMonitor.yaml +++ b/monitoring/manifests/grafana-serviceMonitor.yaml @@ -1,12 +1,17 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 name: grafana - namespace: monitoring + namespace: default spec: endpoints: - interval: 15s port: http selector: matchLabels: - app: grafana + app.kubernetes.io/name: grafana diff --git a/monitoring/manifests/healthchecks-io-secret.yaml b/monitoring/manifests/healthchecks-io-secret.yaml index 4f04e66..948d736 100644 --- a/monitoring/manifests/healthchecks-io-secret.yaml +++ b/monitoring/manifests/healthchecks-io-secret.yaml @@ -13,4 +13,5 @@ spec: name: healthchecks-io namespace: monitoring type: Opaque +status: {} diff --git a/monitoring/manifests/kube-state-metrics-clusterRole.yaml b/monitoring/manifests/kube-state-metrics-clusterRole.yaml index c04db29..c7f14e2 100644 --- a/monitoring/manifests/kube-state-metrics-clusterRole.yaml +++ b/monitoring/manifests/kube-state-metrics-clusterRole.yaml @@ -2,8 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics rules: - apiGroups: @@ -24,16 +26,6 @@ rules: verbs: - list - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - - ingresses - verbs: - - list - - watch - apiGroups: - apps resources: @@ -105,6 +97,14 @@ rules: - networking.k8s.io resources: - networkpolicies + - ingresses + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: - list - watch diff --git a/monitoring/manifests/kube-state-metrics-clusterRoleBinding.yaml b/monitoring/manifests/kube-state-metrics-clusterRoleBinding.yaml index c8f9434..8b153bf 100644 --- a/monitoring/manifests/kube-state-metrics-clusterRoleBinding.yaml +++ b/monitoring/manifests/kube-state-metrics-clusterRoleBinding.yaml @@ -2,8 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io @@ -12,4 +14,4 @@ roleRef: subjects: - kind: ServiceAccount name: kube-state-metrics - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/kube-state-metrics-deployment.yaml b/monitoring/manifests/kube-state-metrics-deployment.yaml index 9bda5c6..8d45fd6 100644 --- a/monitoring/manifests/kube-state-metrics-deployment.yaml +++ b/monitoring/manifests/kube-state-metrics-deployment.yaml @@ -2,20 +2,28 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics - namespace: monitoring + namespace: default spec: replicas: 1 selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-prometheus template: metadata: + annotations: + kubectl.kubernetes.io/default-container: kube-state-metrics labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.0.0 spec: containers: - args: @@ -23,8 +31,17 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: quay.io/coreos/kube-state-metrics:v1.9.7 + image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0 name: kube-state-metrics + resources: + limits: + cpu: 100m + memory: 250Mi + requests: + cpu: 10m + memory: 190Mi + securityContext: + runAsUser: 65534 - args: - --logtostderr - --secure-listen-address=:8443 @@ -35,6 +52,13 @@ spec: ports: - containerPort: 8443 name: https-main + resources: + limits: + cpu: 40m + memory: 40Mi + requests: + cpu: 20m + memory: 20Mi securityContext: runAsGroup: 65532 runAsNonRoot: true @@ -49,6 +73,13 @@ spec: ports: - containerPort: 9443 name: https-self + resources: + limits: + cpu: 20m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi securityContext: runAsGroup: 65532 runAsNonRoot: true diff --git a/monitoring/manifests/kube-state-metrics-prometheusRule.yaml b/monitoring/manifests/kube-state-metrics-prometheusRule.yaml new file mode 100644 index 0000000..03139ae --- /dev/null +++ b/monitoring/manifests/kube-state-metrics-prometheusRule.yaml @@ -0,0 +1,46 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.0.0 + prometheus: k8s + role: alert-rules + name: kube-state-metrics-rules + namespace: default +spec: + groups: + - name: kube-state-metrics + rules: + - alert: KubeStateMetricsListErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate + in list operations. This is likely causing it to not be able to expose metrics + about Kubernetes objects correctly or at all. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricslisterrors + summary: kube-state-metrics is experiencing errors in list operations. + expr: | + (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical + - alert: KubeStateMetricsWatchErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate + in watch operations. This is likely causing it to not be able to expose + metrics about Kubernetes objects correctly or at all. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricswatcherrors + summary: kube-state-metrics is experiencing errors in watch operations. + expr: | + (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical diff --git a/monitoring/manifests/kube-state-metrics-service.yaml b/monitoring/manifests/kube-state-metrics-service.yaml index d734a19..8f05f55 100644 --- a/monitoring/manifests/kube-state-metrics-service.yaml +++ b/monitoring/manifests/kube-state-metrics-service.yaml @@ -2,10 +2,12 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics - namespace: monitoring + namespace: default spec: clusterIP: None ports: @@ -16,4 +18,6 @@ spec: port: 9443 targetPort: https-self selector: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/kube-state-metrics-serviceAccount.yaml b/monitoring/manifests/kube-state-metrics-serviceAccount.yaml index c23b36c..f003f05 100644 --- a/monitoring/manifests/kube-state-metrics-serviceAccount.yaml +++ b/monitoring/manifests/kube-state-metrics-serviceAccount.yaml @@ -2,7 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/kube-state-metrics-serviceMonitor.yaml b/monitoring/manifests/kube-state-metrics-serviceMonitor.yaml index b860f4c..c81be12 100644 --- a/monitoring/manifests/kube-state-metrics-serviceMonitor.yaml +++ b/monitoring/manifests/kube-state-metrics-serviceMonitor.yaml @@ -2,10 +2,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: 1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics - namespace: monitoring + namespace: default spec: endpoints: - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token @@ -28,4 +30,6 @@ spec: jobLabel: app.kubernetes.io/name selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/node-exporter-clusterRole.yaml b/monitoring/manifests/node-exporter-clusterRole.yaml index ad783ae..18ac861 100644 --- a/monitoring/manifests/node-exporter-clusterRole.yaml +++ b/monitoring/manifests/node-exporter-clusterRole.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.1.2 name: node-exporter rules: - apiGroups: diff --git a/monitoring/manifests/node-exporter-clusterRoleBinding.yaml b/monitoring/manifests/node-exporter-clusterRoleBinding.yaml index a5a2050..e084949 100644 --- a/monitoring/manifests/node-exporter-clusterRoleBinding.yaml +++ b/monitoring/manifests/node-exporter-clusterRoleBinding.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.1.2 name: node-exporter roleRef: apiGroup: rbac.authorization.k8s.io @@ -9,4 +14,4 @@ roleRef: subjects: - kind: ServiceAccount name: node-exporter - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/node-exporter-daemonset.yaml b/monitoring/manifests/node-exporter-daemonset.yaml index 9a6f163..1534f22 100644 --- a/monitoring/manifests/node-exporter-daemonset.yaml +++ b/monitoring/manifests/node-exporter-daemonset.yaml @@ -2,30 +2,37 @@ apiVersion: apps/v1 kind: DaemonSet metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.1.2 name: node-exporter - namespace: monitoring + namespace: default spec: selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus template: metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.1.2 spec: containers: - args: - --web.listen-address=127.0.0.1:9100 - - --path.procfs=/host/proc - --path.sysfs=/host/sys - --path.rootfs=/host/root - --no-collector.wifi - --no-collector.hwmon - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - image: quay.io/prometheus/node-exporter:v1.0.1 + - --collector.netclass.ignored-devices=^(veth.*)$ + - --collector.netdev.device-exclude=^(veth.*)$ + image: quay.io/prometheus/node-exporter:v1.1.2 name: node-exporter resources: limits: @@ -35,10 +42,6 @@ spec: cpu: 102m memory: 180Mi volumeMounts: - - mountPath: /host/proc - mountPropagation: HostToContainer - name: proc - readOnly: true - mountPath: /host/sys mountPropagation: HostToContainer name: sys @@ -85,9 +88,6 @@ spec: tolerations: - operator: Exists volumes: - - hostPath: - path: /proc - name: proc - hostPath: path: /sys name: sys diff --git a/monitoring/manifests/node-exporter-prometheusRule.yaml b/monitoring/manifests/node-exporter-prometheusRule.yaml new file mode 100644 index 0000000..849f179 --- /dev/null +++ b/monitoring/manifests/node-exporter-prometheusRule.yaml @@ -0,0 +1,301 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.1.2 + prometheus: k8s + role: alert-rules + name: node-exporter-rules + namespace: default +spec: + groups: + - name: node-exporter + rules: + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available space left and is filling + up. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup + summary: Filesystem is predicted to run out of space within the next 24 hours. + expr: | + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available space left and is filling + up fast. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup + summary: Filesystem is predicted to run out of space within the next 4 hours. + expr: | + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available space left. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace + summary: Filesystem has less than 5% space left. + expr: | + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available space left. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace + summary: Filesystem has less than 3% space left. + expr: | + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available inodes left and is filling + up. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup + summary: Filesystem is predicted to run out of inodes within the next 24 hours. + expr: | + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available inodes left and is filling + up fast. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup + summary: Filesystem is predicted to run out of inodes within the next 4 hours. + expr: | + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available inodes left. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles + summary: Filesystem has less than 5% inodes left. + expr: | + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available inodes left. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles + summary: Filesystem has less than 3% inodes left. + expr: | + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical + - alert: NodeNetworkReceiveErrs + annotations: + description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered + {{ printf "%.0f" $value }} receive errors in the last two minutes.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkreceiveerrs + summary: Network interface is reporting many receive errors. + expr: | + rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning + - alert: NodeNetworkTransmitErrs + annotations: + description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered + {{ printf "%.0f" $value }} transmit errors in the last two minutes.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworktransmiterrs + summary: Network interface is reporting many transmit errors. + expr: | + rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning + - alert: NodeHighNumberConntrackEntriesUsed + annotations: + description: '{{ $value | humanizePercentage }} of conntrack entries are used.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodehighnumberconntrackentriesused + summary: Number of conntrack are getting close to the limit. + expr: | + (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 + labels: + severity: warning + - alert: NodeTextFileCollectorScrapeError + annotations: + description: Node Exporter text file collector failed to scrape. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodetextfilecollectorscrapeerror + summary: Node Exporter text file collector failed to scrape. + expr: | + node_textfile_scrape_error{job="node-exporter"} == 1 + labels: + severity: warning + - alert: NodeClockSkewDetected + annotations: + description: Clock on {{ $labels.instance }} is out of sync by more than 300s. + Ensure NTP is configured correctly on this host. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclockskewdetected + summary: Clock skew detected. + expr: | + ( + node_timex_offset_seconds > 0.05 + and + deriv(node_timex_offset_seconds[5m]) >= 0 + ) + or + ( + node_timex_offset_seconds < -0.05 + and + deriv(node_timex_offset_seconds[5m]) <= 0 + ) + for: 10m + labels: + severity: warning + - alert: NodeClockNotSynchronising + annotations: + description: Clock on {{ $labels.instance }} is not synchronising. Ensure + NTP is configured on this host. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclocknotsynchronising + summary: Clock not synchronising. + expr: | + min_over_time(node_timex_sync_status[5m]) == 0 + and + node_timex_maxerror_seconds >= 16 + for: 10m + labels: + severity: warning + - alert: NodeRAIDDegraded + annotations: + description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is + in degraded state due to one or more disks failures. Number of spare drives + is insufficient to fix issue automatically. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddegraded + summary: RAID Array is degraded + expr: | + node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 + for: 15m + labels: + severity: critical + - alert: NodeRAIDDiskFailure + annotations: + description: At least one device in RAID array on {{ $labels.instance }} failed. + Array '{{ $labels.device }}' needs attention and possibly a disk swap. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddiskfailure + summary: Failed device in RAID array + expr: | + node_md_disks{state="failed"} > 0 + labels: + severity: warning + - name: node-exporter.rules + rules: + - expr: | + count without (cpu) ( + count without (mode) ( + node_cpu_seconds_total{job="node-exporter"} + ) + ) + record: instance:node_num_cpu:sum + - expr: | + 1 - avg without (cpu, mode) ( + rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[1m]) + ) + record: instance:node_cpu_utilisation:rate1m + - expr: | + ( + node_load1{job="node-exporter"} + / + instance:node_num_cpu:sum{job="node-exporter"} + ) + record: instance:node_load1_per_cpu:ratio + - expr: | + 1 - ( + node_memory_MemAvailable_bytes{job="node-exporter"} + / + node_memory_MemTotal_bytes{job="node-exporter"} + ) + record: instance:node_memory_utilisation:ratio + - expr: | + rate(node_vmstat_pgmajfault{job="node-exporter"}[1m]) + record: instance:node_vmstat_pgmajfault:rate1m + - expr: | + rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_seconds:rate1m + - expr: | + rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_weighted_seconds:rate1m + - expr: | + sum without (device) ( + rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_bytes_excluding_lo:rate1m + - expr: | + sum without (device) ( + rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_bytes_excluding_lo:rate1m + - expr: | + sum without (device) ( + rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_drop_excluding_lo:rate1m + - expr: | + sum without (device) ( + rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_drop_excluding_lo:rate1m diff --git a/monitoring/manifests/node-exporter-service.yaml b/monitoring/manifests/node-exporter-service.yaml index cb96660..9ac16ce 100644 --- a/monitoring/manifests/node-exporter-service.yaml +++ b/monitoring/manifests/node-exporter-service.yaml @@ -2,10 +2,12 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.1.2 name: node-exporter - namespace: monitoring + namespace: default spec: clusterIP: None ports: @@ -13,4 +15,6 @@ spec: port: 9100 targetPort: https selector: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/node-exporter-serviceAccount.yaml b/monitoring/manifests/node-exporter-serviceAccount.yaml index 8a03ac1..5aa519c 100644 --- a/monitoring/manifests/node-exporter-serviceAccount.yaml +++ b/monitoring/manifests/node-exporter-serviceAccount.yaml @@ -1,5 +1,10 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.1.2 name: node-exporter - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/node-exporter-serviceMonitor.yaml b/monitoring/manifests/node-exporter-serviceMonitor.yaml index 8e5a97c..6611728 100644 --- a/monitoring/manifests/node-exporter-serviceMonitor.yaml +++ b/monitoring/manifests/node-exporter-serviceMonitor.yaml @@ -2,10 +2,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.1.2 name: node-exporter - namespace: monitoring + namespace: default spec: endpoints: - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token @@ -24,4 +26,6 @@ spec: jobLabel: app.kubernetes.io/name selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/prometheus-adapter-apiService.yaml b/monitoring/manifests/prometheus-adapter-apiService.yaml index a215efe..e9273e1 100644 --- a/monitoring/manifests/prometheus-adapter-apiService.yaml +++ b/monitoring/manifests/prometheus-adapter-apiService.yaml @@ -1,6 +1,11 @@ apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io @@ -8,6 +13,6 @@ spec: insecureSkipTLSVerify: true service: name: prometheus-adapter - namespace: monitoring + namespace: default version: v1beta1 versionPriority: 100 diff --git a/monitoring/manifests/prometheus-adapter-clusterRole.yaml b/monitoring/manifests/prometheus-adapter-clusterRole.yaml index a02d2bb..d011b3c 100644 --- a/monitoring/manifests/prometheus-adapter-clusterRole.yaml +++ b/monitoring/manifests/prometheus-adapter-clusterRole.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter rules: - apiGroups: diff --git a/monitoring/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml b/monitoring/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml index 9f0dbb3..03e7692 100644 --- a/monitoring/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml +++ b/monitoring/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml @@ -2,6 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" diff --git a/monitoring/manifests/prometheus-adapter-clusterRoleBinding.yaml b/monitoring/manifests/prometheus-adapter-clusterRoleBinding.yaml index 7e8f3da..addfdc0 100644 --- a/monitoring/manifests/prometheus-adapter-clusterRoleBinding.yaml +++ b/monitoring/manifests/prometheus-adapter-clusterRoleBinding.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter roleRef: apiGroup: rbac.authorization.k8s.io @@ -9,4 +14,4 @@ roleRef: subjects: - kind: ServiceAccount name: prometheus-adapter - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml b/monitoring/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml index 4295b50..88f2a57 100644 --- a/monitoring/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml +++ b/monitoring/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: resource-metrics:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io @@ -9,4 +14,4 @@ roleRef: subjects: - kind: ServiceAccount name: prometheus-adapter - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/prometheus-adapter-clusterRoleServerResources.yaml b/monitoring/manifests/prometheus-adapter-clusterRoleServerResources.yaml index fcb914c..f4fb9c3 100644 --- a/monitoring/manifests/prometheus-adapter-clusterRoleServerResources.yaml +++ b/monitoring/manifests/prometheus-adapter-clusterRoleServerResources.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: resource-metrics-server-resources rules: - apiGroups: diff --git a/monitoring/manifests/prometheus-adapter-configMap.yaml b/monitoring/manifests/prometheus-adapter-configMap.yaml index b2bde3c..b3700bc 100644 --- a/monitoring/manifests/prometheus-adapter-configMap.yaml +++ b/monitoring/manifests/prometheus-adapter-configMap.yaml @@ -4,8 +4,8 @@ data: "resourceRules": "cpu": "containerLabel": "container" - "containerQuery": "sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!=\"POD\",container!=\"\",pod!=\"\"}[5m])) by (<<.GroupBy>>)" - "nodeQuery": "sum(1 - irate(node_cpu_seconds_total{mode=\"idle\"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)" + "containerQuery": "sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!=\"\",pod!=\"\"}[5m])) by (<<.GroupBy>>)" + "nodeQuery": "sum(1 - irate(node_cpu_seconds_total{mode=\"idle\"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode=\"idle\", job=\"windows-exporter\",<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>)" "resources": "overrides": "namespace": @@ -16,8 +16,8 @@ data: "resource": "pod" "memory": "containerLabel": "container" - "containerQuery": "sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!=\"POD\",container!=\"\",pod!=\"\"}) by (<<.GroupBy>>)" - "nodeQuery": "sum(node_memory_MemTotal_bytes{job=\"node-exporter\",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job=\"node-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>)" + "containerQuery": "sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!=\"\",pod!=\"\"}) by (<<.GroupBy>>)" + "nodeQuery": "sum(node_memory_MemTotal_bytes{job=\"node-exporter\",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job=\"node-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum(windows_cs_physical_memory_bytes{job=\"windows-exporter\",<<.LabelMatchers>>} - windows_memory_available_bytes{job=\"windows-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>)" "resources": "overrides": "instance": @@ -29,5 +29,10 @@ data: "window": "5m" kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: adapter-config - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/prometheus-adapter-deployment.yaml b/monitoring/manifests/prometheus-adapter-deployment.yaml index bb85e25..0418a0c 100644 --- a/monitoring/manifests/prometheus-adapter-deployment.yaml +++ b/monitoring/manifests/prometheus-adapter-deployment.yaml @@ -1,21 +1,31 @@ apiVersion: apps/v1 kind: Deployment metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter - namespace: monitoring + namespace: default spec: - replicas: 1 + replicas: 2 selector: matchLabels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus strategy: rollingUpdate: maxSurge: 1 - maxUnavailable: 0 + maxUnavailable: 1 template: metadata: labels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 spec: containers: - args: @@ -23,9 +33,9 @@ spec: - --config=/etc/adapter/config.yaml - --logtostderr=true - --metrics-relist-interval=1m - - --prometheus-url=http://prometheus-k8s.monitoring.svc.cluster.local:9090/ + - --prometheus-url=http://prometheus-k8s.default.svc.cluster.local:9090/ - --secure-port=6443 - image: directxman12/k8s-prometheus-adapter:v0.8.2 + image: directxman12/k8s-prometheus-adapter:v0.8.4 name: prometheus-adapter ports: - containerPort: 6443 diff --git a/monitoring/manifests/prometheus-adapter-roleBindingAuthReader.yaml b/monitoring/manifests/prometheus-adapter-roleBindingAuthReader.yaml index 48c8f32..46fc9d6 100644 --- a/monitoring/manifests/prometheus-adapter-roleBindingAuthReader.yaml +++ b/monitoring/manifests/prometheus-adapter-roleBindingAuthReader.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: resource-metrics-auth-reader namespace: kube-system roleRef: @@ -10,4 +15,4 @@ roleRef: subjects: - kind: ServiceAccount name: prometheus-adapter - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/prometheus-adapter-service.yaml b/monitoring/manifests/prometheus-adapter-service.yaml index e786e01..30e9553 100644 --- a/monitoring/manifests/prometheus-adapter-service.yaml +++ b/monitoring/manifests/prometheus-adapter-service.yaml @@ -2,13 +2,18 @@ apiVersion: v1 kind: Service metadata: labels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter - namespace: monitoring + namespace: default spec: ports: - name: https port: 443 targetPort: 6443 selector: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/prometheus-adapter-serviceAccount.yaml b/monitoring/manifests/prometheus-adapter-serviceAccount.yaml index d7e7050..2538845 100644 --- a/monitoring/manifests/prometheus-adapter-serviceAccount.yaml +++ b/monitoring/manifests/prometheus-adapter-serviceAccount.yaml @@ -1,5 +1,10 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/prometheus-adapter-serviceMonitor.yaml b/monitoring/manifests/prometheus-adapter-serviceMonitor.yaml index 91a8d51..54aac89 100644 --- a/monitoring/manifests/prometheus-adapter-serviceMonitor.yaml +++ b/monitoring/manifests/prometheus-adapter-serviceMonitor.yaml @@ -2,9 +2,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter - namespace: monitoring + namespace: default spec: endpoints: - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token @@ -15,4 +18,6 @@ spec: insecureSkipVerify: true selector: matchLabels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/prometheus-clusterRole.yaml b/monitoring/manifests/prometheus-clusterRole.yaml index d5c4598..8baca48 100644 --- a/monitoring/manifests/prometheus-clusterRole.yaml +++ b/monitoring/manifests/prometheus-clusterRole.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s rules: - apiGroups: diff --git a/monitoring/manifests/prometheus-clusterRoleBinding.yaml b/monitoring/manifests/prometheus-clusterRoleBinding.yaml index 554bb6f..cd0e8e3 100644 --- a/monitoring/manifests/prometheus-clusterRoleBinding.yaml +++ b/monitoring/manifests/prometheus-clusterRoleBinding.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io @@ -9,4 +14,4 @@ roleRef: subjects: - kind: ServiceAccount name: prometheus-k8s - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/prometheus-operator-serviceMonitor.yaml b/monitoring/manifests/prometheus-operator-serviceMonitor.yaml index 4412f1a..b92c795 100644 --- a/monitoring/manifests/prometheus-operator-serviceMonitor.yaml +++ b/monitoring/manifests/prometheus-operator-serviceMonitor.yaml @@ -4,9 +4,10 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.47.0 name: prometheus-operator - namespace: monitoring + namespace: default spec: endpoints: - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token @@ -19,4 +20,5 @@ spec: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.47.0 diff --git a/monitoring/manifests/prometheus-podDisruptionBudget.yaml b/monitoring/manifests/prometheus-podDisruptionBudget.yaml new file mode 100644 index 0000000..2c67451 --- /dev/null +++ b/monitoring/manifests/prometheus-podDisruptionBudget.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 + name: prometheus-k8s + namespace: default +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + prometheus: k8s diff --git a/monitoring/manifests/prometheus-prometheus.yaml b/monitoring/manifests/prometheus-prometheus.yaml index fbc47cc..fb3a5ec 100644 --- a/monitoring/manifests/prometheus-prometheus.yaml +++ b/monitoring/manifests/prometheus-prometheus.yaml @@ -2,19 +2,31 @@ apiVersion: monitoring.coreos.com/v1 kind: Prometheus metadata: labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 prometheus: k8s name: k8s - namespace: monitoring + namespace: default spec: alerting: alertmanagers: - - name: alertmanager-main - namespace: monitoring + - apiVersion: v2 + name: alertmanager-main + namespace: default port: web + externalLabels: {} externalUrl: http://prometheus-k8s.monitoring:9090 - image: quay.io/prometheus/prometheus:v2.22.1 + image: quay.io/prometheus/prometheus:v2.26.0 nodeSelector: kubernetes.io/os: linux + podMetadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 podMonitorNamespaceSelector: matchExpressions: - key: prometheus @@ -25,7 +37,7 @@ spec: podMonitorSelector: {} probeNamespaceSelector: {} probeSelector: {} - replicas: 1 + replicas: 2 resources: requests: memory: 400Mi @@ -58,4 +70,4 @@ spec: requests: storage: 10Gi storageClassName: local-path - version: v2.22.1 + version: 2.26.0 diff --git a/monitoring/manifests/prometheus-prometheusRule.yaml b/monitoring/manifests/prometheus-prometheusRule.yaml new file mode 100644 index 0000000..f08c70a --- /dev/null +++ b/monitoring/manifests/prometheus-prometheusRule.yaml @@ -0,0 +1,256 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 + prometheus: k8s + role: alert-rules + name: prometheus-k8s-prometheus-rules + namespace: default +spec: + groups: + - name: prometheus + rules: + - alert: PrometheusBadConfig + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to + reload its configuration. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusbadconfig + summary: Failed Prometheus configuration reload. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_config_last_reload_successful{job="prometheus-k8s",namespace="default"}[5m]) == 0 + for: 10m + labels: + severity: critical + - alert: PrometheusNotificationQueueRunningFull + annotations: + description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} + is running full. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusnotificationqueuerunningfull + summary: Prometheus alert notification queue predicted to run full in less + than 30m. + expr: | + # Without min_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + predict_linear(prometheus_notifications_queue_length{job="prometheus-k8s",namespace="default"}[5m], 60 * 30) + > + min_over_time(prometheus_notifications_queue_capacity{job="prometheus-k8s",namespace="default"}[5m]) + ) + for: 15m + labels: + severity: warning + - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers + annotations: + description: '{{ printf "%.1f" $value }}% errors while sending alerts from + Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheuserrorsendingalertstosomealertmanagers + summary: Prometheus has encountered more than 1% errors sending alerts to + a specific Alertmanager. + expr: | + ( + rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="default"}[5m]) + / + rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="default"}[5m]) + ) + * 100 + > 1 + for: 15m + labels: + severity: warning + - alert: PrometheusNotConnectedToAlertmanagers + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected + to any Alertmanagers. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusnotconnectedtoalertmanagers + summary: Prometheus is not connected to any Alertmanagers. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_notifications_alertmanagers_discovered{job="prometheus-k8s",namespace="default"}[5m]) < 1 + for: 10m + labels: + severity: warning + - alert: PrometheusTSDBReloadsFailing + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected + {{$value | humanize}} reload failures over the last 3h. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustsdbreloadsfailing + summary: Prometheus has issues reloading blocks from disk. + expr: | + increase(prometheus_tsdb_reloads_failures_total{job="prometheus-k8s",namespace="default"}[3h]) > 0 + for: 4h + labels: + severity: warning + - alert: PrometheusTSDBCompactionsFailing + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected + {{$value | humanize}} compaction failures over the last 3h. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustsdbcompactionsfailing + summary: Prometheus has issues compacting blocks. + expr: | + increase(prometheus_tsdb_compactions_failed_total{job="prometheus-k8s",namespace="default"}[3h]) > 0 + for: 4h + labels: + severity: warning + - alert: PrometheusNotIngestingSamples + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting + samples. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusnotingestingsamples + summary: Prometheus is not ingesting samples. + expr: | + ( + rate(prometheus_tsdb_head_samples_appended_total{job="prometheus-k8s",namespace="default"}[5m]) <= 0 + and + ( + sum without(scrape_job) (prometheus_target_metadata_cache_entries{job="prometheus-k8s",namespace="default"}) > 0 + or + sum without(rule_group) (prometheus_rule_group_rules{job="prometheus-k8s",namespace="default"}) > 0 + ) + ) + for: 10m + labels: + severity: warning + - alert: PrometheusDuplicateTimestamps + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping + {{ printf "%.4g" $value }} samples/s with different values but duplicated + timestamp. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusduplicatetimestamps + summary: Prometheus is dropping samples with duplicate timestamps. + expr: | + rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="prometheus-k8s",namespace="default"}[5m]) > 0 + for: 10m + labels: + severity: warning + - alert: PrometheusOutOfOrderTimestamps + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping + {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoutofordertimestamps + summary: Prometheus drops samples with out-of-order timestamps. + expr: | + rate(prometheus_target_scrapes_sample_out_of_order_total{job="prometheus-k8s",namespace="default"}[5m]) > 0 + for: 10m + labels: + severity: warning + - alert: PrometheusRemoteStorageFailures + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send + {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ + $labels.url }} + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusremotestoragefailures + summary: Prometheus fails to send samples to remote storage. + expr: | + ( + (rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="default"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="prometheus-k8s",namespace="default"}[5m])) + / + ( + (rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="default"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="prometheus-k8s",namespace="default"}[5m])) + + + (rate(prometheus_remote_storage_succeeded_samples_total{job="prometheus-k8s",namespace="default"}[5m]) or rate(prometheus_remote_storage_samples_total{job="prometheus-k8s",namespace="default"}[5m])) + ) + ) + * 100 + > 1 + for: 15m + labels: + severity: critical + - alert: PrometheusRemoteWriteBehind + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write + is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url + }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusremotewritebehind + summary: Prometheus remote write is behind. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="prometheus-k8s",namespace="default"}[5m]) + - ignoring(remote_name, url) group_right + max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="prometheus-k8s",namespace="default"}[5m]) + ) + > 120 + for: 15m + labels: + severity: critical + - alert: PrometheusRemoteWriteDesiredShards + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write + desired shards calculation wants to run {{ $value }} shards for queue {{ + $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ + printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="default"}` + $labels.instance | query | first | value }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusremotewritedesiredshards + summary: Prometheus remote write desired shards calculation wants to run more + than configured max shards. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_shards_desired{job="prometheus-k8s",namespace="default"}[5m]) + > + max_over_time(prometheus_remote_storage_shards_max{job="prometheus-k8s",namespace="default"}[5m]) + ) + for: 15m + labels: + severity: warning + - alert: PrometheusRuleFailures + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to + evaluate {{ printf "%.0f" $value }} rules in the last 5m. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusrulefailures + summary: Prometheus is failing rule evaluations. + expr: | + increase(prometheus_rule_evaluation_failures_total{job="prometheus-k8s",namespace="default"}[5m]) > 0 + for: 15m + labels: + severity: critical + - alert: PrometheusMissingRuleEvaluations + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ + printf "%.0f" $value }} rule group evaluations in the last 5m. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusmissingruleevaluations + summary: Prometheus is missing rule evaluations due to slow rule group evaluation. + expr: | + increase(prometheus_rule_group_iterations_missed_total{job="prometheus-k8s",namespace="default"}[5m]) > 0 + for: 15m + labels: + severity: warning + - alert: PrometheusTargetLimitHit + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped + {{ printf "%.0f" $value }} targets because the number of targets exceeded + the configured target_limit. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustargetlimithit + summary: Prometheus has dropped targets because some scrape configs have exceeded + the targets limit. + expr: | + increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="prometheus-k8s",namespace="default"}[5m]) > 0 + for: 15m + labels: + severity: warning + - alert: PrometheusErrorSendingAlertsToAnyAlertmanager + annotations: + description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts + from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheuserrorsendingalertstoanyalertmanager + summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. + expr: | + min without (alertmanager) ( + rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="default",alertmanager!~``}[5m]) + / + rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="default",alertmanager!~``}[5m]) + ) + * 100 + > 3 + for: 15m + labels: + severity: critical diff --git a/monitoring/manifests/prometheus-roleBindingConfig.yaml b/monitoring/manifests/prometheus-roleBindingConfig.yaml index ec0129d..db88509 100644 --- a/monitoring/manifests/prometheus-roleBindingConfig.yaml +++ b/monitoring/manifests/prometheus-roleBindingConfig.yaml @@ -1,8 +1,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s-config - namespace: monitoring + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -10,4 +15,4 @@ roleRef: subjects: - kind: ServiceAccount name: prometheus-k8s - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/monitoring/manifests/prometheus-roleBindingSpecificNamespaces.yaml index 89c0807..d526173 100644 --- a/monitoring/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/monitoring/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -3,6 +3,11 @@ items: - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: default roleRef: @@ -12,10 +17,15 @@ items: subjects: - kind: ServiceAccount name: prometheus-k8s - namespace: monitoring + namespace: default - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: kube-system roleRef: @@ -25,12 +35,17 @@ items: subjects: - kind: ServiceAccount name: prometheus-k8s - namespace: monitoring + namespace: default - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s - namespace: monitoring + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -38,31 +53,5 @@ items: subjects: - kind: ServiceAccount name: prometheus-k8s - namespace: monitoring -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: prometheus-k8s - namespace: k8up - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: monitoring -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: prometheus-k8s - namespace: owntracks - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: monitoring + namespace: default kind: RoleBindingList diff --git a/monitoring/manifests/prometheus-roleConfig.yaml b/monitoring/manifests/prometheus-roleConfig.yaml index 5f1cd04..a1a38b6 100644 --- a/monitoring/manifests/prometheus-roleConfig.yaml +++ b/monitoring/manifests/prometheus-roleConfig.yaml @@ -1,8 +1,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s-config - namespace: monitoring + namespace: default rules: - apiGroups: - "" diff --git a/monitoring/manifests/prometheus-roleSpecificNamespaces.yaml b/monitoring/manifests/prometheus-roleSpecificNamespaces.yaml index c60b23f..2ca565c 100644 --- a/monitoring/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/monitoring/manifests/prometheus-roleSpecificNamespaces.yaml @@ -3,6 +3,11 @@ items: - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: default rules: @@ -24,9 +29,22 @@ items: - get - list - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: kube-system rules: @@ -48,11 +66,24 @@ items: - get - list - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s - namespace: monitoring + namespace: default rules: - apiGroups: - "" @@ -72,48 +103,8 @@ items: - get - list - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: prometheus-k8s - namespace: k8up - rules: - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: prometheus-k8s - namespace: owntracks - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - extensions + - networking.k8s.io resources: - ingresses verbs: diff --git a/monitoring/manifests/prometheus-rules.yaml b/monitoring/manifests/prometheus-rules.yaml deleted file mode 100644 index 0502be1..0000000 --- a/monitoring/manifests/prometheus-rules.yaml +++ /dev/null @@ -1,2220 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - labels: - prometheus: k8s - role: alert-rules - name: prometheus-k8s-rules - namespace: monitoring -spec: - groups: - - name: node-exporter.rules - rules: - - expr: | - count without (cpu) ( - count without (mode) ( - node_cpu_seconds_total{job="node-exporter"} - ) - ) - record: instance:node_num_cpu:sum - - expr: | - 1 - avg without (cpu, mode) ( - rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[1m]) - ) - record: instance:node_cpu_utilisation:rate1m - - expr: | - ( - node_load1{job="node-exporter"} - / - instance:node_num_cpu:sum{job="node-exporter"} - ) - record: instance:node_load1_per_cpu:ratio - - expr: | - 1 - ( - node_memory_MemAvailable_bytes{job="node-exporter"} - / - node_memory_MemTotal_bytes{job="node-exporter"} - ) - record: instance:node_memory_utilisation:ratio - - expr: | - rate(node_vmstat_pgmajfault{job="node-exporter"}[1m]) - record: instance:node_vmstat_pgmajfault:rate1m - - expr: | - rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) - record: instance_device:node_disk_io_time_seconds:rate1m - - expr: | - rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) - record: instance_device:node_disk_io_time_weighted_seconds:rate1m - - expr: | - sum without (device) ( - rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[1m]) - ) - record: instance:node_network_receive_bytes_excluding_lo:rate1m - - expr: | - sum without (device) ( - rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[1m]) - ) - record: instance:node_network_transmit_bytes_excluding_lo:rate1m - - expr: | - sum without (device) ( - rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[1m]) - ) - record: instance:node_network_receive_drop_excluding_lo:rate1m - - expr: | - sum without (device) ( - rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[1m]) - ) - record: instance:node_network_transmit_drop_excluding_lo:rate1m - - name: kube-apiserver.rules - rules: - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1d])) - - - ( - ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1d])) - or - vector(0) - ) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1d])) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1d])) - ) - ) - + - # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d])) - labels: - verb: read - record: apiserver_request:burnrate1d - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1h])) - - - ( - ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1h])) - or - vector(0) - ) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1h])) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1h])) - ) - ) - + - # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h])) - labels: - verb: read - record: apiserver_request:burnrate1h - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[2h])) - - - ( - ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[2h])) - or - vector(0) - ) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[2h])) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[2h])) - ) - ) - + - # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h])) - labels: - verb: read - record: apiserver_request:burnrate2h - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30m])) - - - ( - ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30m])) - or - vector(0) - ) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30m])) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30m])) - ) - ) - + - # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m])) - labels: - verb: read - record: apiserver_request:burnrate30m - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[3d])) - - - ( - ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[3d])) - or - vector(0) - ) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[3d])) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[3d])) - ) - ) - + - # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d])) - labels: - verb: read - record: apiserver_request:burnrate3d - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[5m])) - - - ( - ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[5m])) - or - vector(0) - ) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[5m])) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[5m])) - ) - ) - + - # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) - labels: - verb: read - record: apiserver_request:burnrate5m - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[6h])) - - - ( - ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[6h])) - or - vector(0) - ) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[6h])) - + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[6h])) - ) - ) - + - # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h])) - labels: - verb: read - record: apiserver_request:burnrate6h - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) - - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1d])) - ) - + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) - labels: - verb: write - record: apiserver_request:burnrate1d - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) - - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1h])) - ) - + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) - labels: - verb: write - record: apiserver_request:burnrate1h - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) - - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[2h])) - ) - + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) - labels: - verb: write - record: apiserver_request:burnrate2h - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) - - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[30m])) - ) - + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) - labels: - verb: write - record: apiserver_request:burnrate30m - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) - - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[3d])) - ) - + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) - labels: - verb: write - record: apiserver_request:burnrate3d - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) - - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[5m])) - ) - + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) - labels: - verb: write - record: apiserver_request:burnrate5m - - expr: | - ( - ( - # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) - - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[6h])) - ) - + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h])) - ) - / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) - labels: - verb: write - record: apiserver_request:burnrate6h - - expr: | - sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) - labels: - verb: read - record: code_resource:apiserver_request_total:rate5m - - expr: | - sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) - labels: - verb: write - record: code_resource:apiserver_request_total:rate5m - - expr: | - histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET"}[5m]))) > 0 - labels: - quantile: "0.99" - verb: read - record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))) > 0 - labels: - quantile: "0.99" - verb: write - record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.99, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) - labels: - quantile: "0.99" - record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.9, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) - labels: - quantile: "0.9" - record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.5, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) - labels: - quantile: "0.5" - record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile - - interval: 3m - name: kube-apiserver-availability.rules - rules: - - expr: | - 1 - ( - ( - # write too slow - sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) - - - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) - ) + - ( - # read too slow - sum(increase(apiserver_request_duration_seconds_count{verb=~"LIST|GET"}[30d])) - - - ( - ( - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) - or - vector(0) - ) - + - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) - + - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="5"}[30d])) - ) - ) + - # errors - sum(code:apiserver_request_total:increase30d{code=~"5.."} or vector(0)) - ) - / - sum(code:apiserver_request_total:increase30d) - labels: - verb: all - record: apiserver_request:availability30d - - expr: | - 1 - ( - sum(increase(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30d])) - - - ( - # too slow - ( - sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) - or - vector(0) - ) - + - sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) - + - sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30d])) - ) - + - # errors - sum(code:apiserver_request_total:increase30d{verb="read",code=~"5.."} or vector(0)) - ) - / - sum(code:apiserver_request_total:increase30d{verb="read"}) - labels: - verb: read - record: apiserver_request:availability30d - - expr: | - 1 - ( - ( - # too slow - sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) - - - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) - ) - + - # errors - sum(code:apiserver_request_total:increase30d{verb="write",code=~"5.."} or vector(0)) - ) - / - sum(code:apiserver_request_total:increase30d{verb="write"}) - labels: - verb: write - record: apiserver_request:availability30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) - labels: - verb: read - record: code:apiserver_request_total:increase30d - - expr: | - sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) - labels: - verb: write - record: code:apiserver_request_total:increase30d - - name: k8s.rules - rules: - - expr: | - sum by (cluster, namespace, pod, container) ( - rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m]) - ) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) ( - 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate - - expr: | - container_memory_working_set_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_working_set_bytes - - expr: | - container_memory_rss{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_rss - - expr: | - container_memory_cache{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_cache - - expr: | - container_memory_swap{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_swap - - expr: | - sum by (namespace) ( - sum by (namespace, pod) ( - max by (namespace, pod, container) ( - kube_pod_container_resource_requests_memory_bytes{job="kube-state-metrics"} - ) * on(namespace, pod) group_left() max by (namespace, pod) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace:kube_pod_container_resource_requests_memory_bytes:sum - - expr: | - sum by (namespace) ( - sum by (namespace, pod) ( - max by (namespace, pod, container) ( - kube_pod_container_resource_requests_cpu_cores{job="kube-state-metrics"} - ) * on(namespace, pod) group_left() max by (namespace, pod) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace:kube_pod_container_resource_requests_cpu_cores:sum - - expr: | - max by (cluster, namespace, workload, pod) ( - label_replace( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"}, - "replicaset", "$1", "owner_name", "(.*)" - ) * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) ( - 1, max by (replicaset, namespace, owner_name) ( - kube_replicaset_owner{job="kube-state-metrics"} - ) - ), - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: deployment - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: | - max by (cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: daemonset - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: | - max by (cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: statefulset - record: namespace_workload_pod:kube_pod_owner:relabel - - name: kube-scheduler.rules - rules: - - expr: | - histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) - labels: - quantile: "0.99" - record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) - labels: - quantile: "0.99" - record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) - labels: - quantile: "0.99" - record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) - labels: - quantile: "0.9" - record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) - labels: - quantile: "0.9" - record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.9, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) - labels: - quantile: "0.9" - record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) - labels: - quantile: "0.5" - record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) - labels: - quantile: "0.5" - record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.5, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) - labels: - quantile: "0.5" - record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile - - name: node.rules - rules: - - expr: | - topk by(namespace, pod) (1, - max by (node, namespace, pod) ( - label_replace(kube_pod_info{job="kube-state-metrics",node!=""}, "pod", "$1", "pod", "(.*)") - )) - record: 'node_namespace_pod:kube_pod_info:' - - expr: | - count by (cluster, node) (sum by (node, cpu) ( - node_cpu_seconds_total{job="node-exporter"} - * on (namespace, pod) group_left(node) - node_namespace_pod:kube_pod_info: - )) - record: node:node_num_cpu:sum - - expr: | - sum( - node_memory_MemAvailable_bytes{job="node-exporter"} or - ( - node_memory_Buffers_bytes{job="node-exporter"} + - node_memory_Cached_bytes{job="node-exporter"} + - node_memory_MemFree_bytes{job="node-exporter"} + - node_memory_Slab_bytes{job="node-exporter"} - ) - ) by (cluster) - record: :node_memory_MemAvailable_bytes:sum - - name: kubelet.rules - rules: - - expr: | - histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) - labels: - quantile: "0.99" - record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) - labels: - quantile: "0.9" - record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - - expr: | - histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) - labels: - quantile: "0.5" - record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - - name: kube-prometheus-node-recording.rules - rules: - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) - BY (instance) - record: instance:node_cpu:rate:sum - - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) - record: instance:node_network_receive_bytes:rate:sum - - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) - record: instance:node_network_transmit_bytes:rate:sum - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) - WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) - BY (instance, cpu)) BY (instance) - record: instance:node_cpu:ratio - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) - record: cluster:node_cpu:sum_rate5m - - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) - BY (instance, cpu)) - record: cluster:node_cpu:ratio - - name: kube-prometheus-general.rules - rules: - - expr: count without(instance, pod, node) (up == 1) - record: count:up1 - - expr: count without(instance, pod, node) (up == 0) - record: count:up0 - - name: kube-state-metrics - rules: - - alert: KubeStateMetricsListErrors - annotations: - description: kube-state-metrics is experiencing errors at an elevated rate - in list operations. This is likely causing it to not be able to expose metrics - about Kubernetes objects correctly or at all. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricslisterrors - summary: kube-state-metrics is experiencing errors in list operations. - expr: | - (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) - / - sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) - > 0.01 - for: 15m - labels: - severity: critical - - alert: KubeStateMetricsWatchErrors - annotations: - description: kube-state-metrics is experiencing errors at an elevated rate - in watch operations. This is likely causing it to not be able to expose - metrics about Kubernetes objects correctly or at all. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricswatcherrors - summary: kube-state-metrics is experiencing errors in watch operations. - expr: | - (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) - / - sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) - > 0.01 - for: 15m - labels: - severity: critical - - name: node-exporter - rules: - - alert: NodeFilesystemSpaceFillingUp - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available space left and is filling - up. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup - summary: Filesystem is predicted to run out of space within the next 24 hours. - expr: | - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40 - and - predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning - - alert: NodeFilesystemSpaceFillingUp - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available space left and is filling - up fast. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup - summary: Filesystem is predicted to run out of space within the next 4 hours. - expr: | - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15 - and - predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical - - alert: NodeFilesystemAlmostOutOfSpace - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available space left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace - summary: Filesystem has less than 5% space left. - expr: | - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning - - alert: NodeFilesystemAlmostOutOfSpace - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available space left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace - summary: Filesystem has less than 3% space left. - expr: | - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical - - alert: NodeFilesystemFilesFillingUp - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available inodes left and is filling - up. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup - summary: Filesystem is predicted to run out of inodes within the next 24 hours. - expr: | - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40 - and - predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning - - alert: NodeFilesystemFilesFillingUp - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available inodes left and is filling - up fast. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup - summary: Filesystem is predicted to run out of inodes within the next 4 hours. - expr: | - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20 - and - predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical - - alert: NodeFilesystemAlmostOutOfFiles - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available inodes left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles - summary: Filesystem has less than 5% inodes left. - expr: | - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning - - alert: NodeFilesystemAlmostOutOfFiles - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available inodes left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles - summary: Filesystem has less than 3% inodes left. - expr: | - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical - - alert: NodeNetworkReceiveErrs - annotations: - description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered - {{ printf "%.0f" $value }} receive errors in the last two minutes.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkreceiveerrs - summary: Network interface is reporting many receive errors. - expr: | - rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 - for: 1h - labels: - severity: warning - - alert: NodeNetworkTransmitErrs - annotations: - description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered - {{ printf "%.0f" $value }} transmit errors in the last two minutes.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworktransmiterrs - summary: Network interface is reporting many transmit errors. - expr: | - rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 - for: 1h - labels: - severity: warning - - alert: NodeHighNumberConntrackEntriesUsed - annotations: - description: '{{ $value | humanizePercentage }} of conntrack entries are used.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodehighnumberconntrackentriesused - summary: Number of conntrack are getting close to the limit. - expr: | - (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 - labels: - severity: warning - - alert: NodeTextFileCollectorScrapeError - annotations: - description: Node Exporter text file collector failed to scrape. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodetextfilecollectorscrapeerror - summary: Node Exporter text file collector failed to scrape. - expr: | - node_textfile_scrape_error{job="node-exporter"} == 1 - labels: - severity: warning - - alert: NodeClockSkewDetected - annotations: - message: Clock on {{ $labels.instance }} is out of sync by more than 300s. - Ensure NTP is configured correctly on this host. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclockskewdetected - summary: Clock skew detected. - expr: | - ( - node_timex_offset_seconds > 0.05 - and - deriv(node_timex_offset_seconds[5m]) >= 0 - ) - or - ( - node_timex_offset_seconds < -0.05 - and - deriv(node_timex_offset_seconds[5m]) <= 0 - ) - for: 10m - labels: - severity: warning - - alert: NodeClockNotSynchronising - annotations: - message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP - is configured on this host. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclocknotsynchronising - summary: Clock not synchronising. - expr: | - min_over_time(node_timex_sync_status[5m]) == 0 - and - node_timex_maxerror_seconds >= 16 - for: 10m - labels: - severity: warning - - alert: NodeRAIDDegraded - annotations: - description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is - in degraded state due to one or more disks failures. Number of spare drives - is insufficient to fix issue automatically. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddegraded - summary: RAID Array is degraded - expr: | - node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 - for: 15m - labels: - severity: critical - - alert: NodeRAIDDiskFailure - annotations: - description: At least one device in RAID array on {{ $labels.instance }} failed. - Array '{{ $labels.device }}' needs attention and possibly a disk swap. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddiskfailure - summary: Failed device in RAID array - expr: | - node_md_disks{state="fail"} > 0 - labels: - severity: warning - - name: alertmanager.rules - rules: - - alert: AlertmanagerFailedReload - annotations: - description: Configuration has failed to load for {{ $labels.namespace }}/{{ - $labels.pod}}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedreload - summary: Reloading an Alertmanager configuration has failed. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(alertmanager_config_last_reload_successful{job="alertmanager-main",namespace="monitoring"}[5m]) == 0 - for: 10m - labels: - severity: critical - - alert: AlertmanagerMembersInconsistent - annotations: - description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} has only - found {{ $value }} members of the {{$labels.job}} cluster. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagermembersinconsistent - summary: A member of an Alertmanager cluster has not found all other cluster - members. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m]) - < on (namespace,service) group_left - count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m])) - for: 10m - labels: - severity: critical - - alert: AlertmanagerFailedToSendAlerts - annotations: - description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} failed - to send {{ $value | humanizePercentage }} of notifications to {{ $labels.integration - }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedtosendalerts - summary: An Alertmanager instance failed to send notifications. - expr: | - ( - rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring"}[5m]) - / - rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring"}[5m]) - ) - > 0.01 - for: 5m - labels: - severity: warning - - alert: AlertmanagerClusterFailedToSendAlerts - annotations: - description: The minimum notification failure rate to {{ $labels.integration - }} sent from any instance in the {{$labels.job}} cluster is {{ $value | - humanizePercentage }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterfailedtosendalerts - summary: All Alertmanager instances in a cluster failed to send notifications. - expr: | - min by (namespace,service) ( - rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring"}[5m]) - / - rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring"}[5m]) - ) - > 0.01 - for: 5m - labels: - severity: critical - - alert: AlertmanagerConfigInconsistent - annotations: - description: Alertmanager instances within the {{$labels.job}} cluster have - different configurations. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerconfiginconsistent - summary: Alertmanager instances within the same cluster have different configurations. - expr: | - count by (namespace,service) ( - count_values by (namespace,service) ("config_hash", alertmanager_config_hash{job="alertmanager-main",namespace="monitoring"}) - ) - != 1 - for: 20m - labels: - severity: critical - - alert: AlertmanagerClusterDown - annotations: - description: '{{ $value | humanizePercentage }} of Alertmanager instances - within the {{$labels.job}} cluster have been up for less than half of the - last 5m.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterdown - summary: Half or more of the Alertmanager instances within the same cluster - are down. - expr: | - ( - count by (namespace,service) ( - avg_over_time(up{job="alertmanager-main",namespace="monitoring"}[5m]) < 0.5 - ) - / - count by (namespace,service) ( - up{job="alertmanager-main",namespace="monitoring"} - ) - ) - >= 0.5 - for: 5m - labels: - severity: critical - - alert: AlertmanagerClusterCrashlooping - annotations: - description: '{{ $value | humanizePercentage }} of Alertmanager instances - within the {{$labels.job}} cluster have restarted at least 5 times in the - last 10m.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclustercrashlooping - summary: Half or more of the Alertmanager instances within the same cluster - are crashlooping. - expr: | - ( - count by (namespace,service) ( - changes(process_start_time_seconds{job="alertmanager-main",namespace="monitoring"}[10m]) > 4 - ) - / - count by (namespace,service) ( - up{job="alertmanager-main",namespace="monitoring"} - ) - ) - >= 0.5 - for: 5m - labels: - severity: critical - - name: prometheus-operator - rules: - - alert: PrometheusOperatorListErrors - annotations: - description: Errors while performing List operations in controller {{$labels.controller}} - in {{$labels.namespace}} namespace. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorlisterrors - summary: Errors while performing list operations in controller. - expr: | - (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 - for: 15m - labels: - severity: warning - - alert: PrometheusOperatorWatchErrors - annotations: - description: Errors while performing watch operations in controller {{$labels.controller}} - in {{$labels.namespace}} namespace. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorwatcherrors - summary: Errors while performing watch operations in controller. - expr: | - (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 - for: 15m - labels: - severity: warning - - alert: PrometheusOperatorSyncFailed - annotations: - description: Controller {{ $labels.controller }} in {{ $labels.namespace }} - namespace fails to reconcile {{ $value }} objects. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorsyncfailed - summary: Last controller reconciliation failed - expr: | - min_over_time(prometheus_operator_syncs{status="failed",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 - for: 10m - labels: - severity: warning - - alert: PrometheusOperatorReconcileErrors - annotations: - description: '{{ $value | humanizePercentage }} of reconciling operations - failed for {{ $labels.controller }} controller in {{ $labels.namespace }} - namespace.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorreconcileerrors - summary: Errors while reconciling controller. - expr: | - (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="prometheus-operator",namespace="monitoring"}[5m]))) > 0.1 - for: 10m - labels: - severity: warning - - alert: PrometheusOperatorNodeLookupErrors - annotations: - description: Errors while reconciling Prometheus in {{ $labels.namespace }} - Namespace. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornodelookuperrors - summary: Errors while reconciling Prometheus. - expr: | - rate(prometheus_operator_node_address_lookup_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]) > 0.1 - for: 10m - labels: - severity: warning - - alert: PrometheusOperatorNotReady - annotations: - description: Prometheus operator in {{ $labels.namespace }} namespace isn't - ready to reconcile {{ $labels.controller }} resources. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornotready - summary: Prometheus operator not ready - expr: | - min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="prometheus-operator",namespace="monitoring"}[5m]) == 0) - for: 5m - labels: - severity: warning - - alert: PrometheusOperatorRejectedResources - annotations: - description: Prometheus operator in {{ $labels.namespace }} namespace rejected - {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource - }} resources. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorrejectedresources - summary: Resources rejected by Prometheus operator - expr: | - min_over_time(prometheus_operator_managed_resources{state="rejected",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 - for: 5m - labels: - severity: warning - - name: kubernetes-apps - rules: - - alert: KubePodCrashLooping - annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container - }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodcrashlooping - summary: Pod is crash looping. - expr: | - rate(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[5m]) * 60 * 5 > 0 - for: 15m - labels: - severity: warning - - alert: KubePodNotReady - annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready - state for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodnotready - summary: Pod has been in a non-ready state for more than 15 minutes. - expr: | - sum by (namespace, pod) ( - max by(namespace, pod) ( - kube_pod_status_phase{job="kube-state-metrics", phase=~"Pending|Unknown"} - ) * on(namespace, pod) group_left(owner_kind) topk by(namespace, pod) ( - 1, max by(namespace, pod, owner_kind) (kube_pod_owner{owner_kind!="Job"}) - ) - ) > 0 - for: 15m - labels: - severity: warning - - alert: KubeDeploymentGenerationMismatch - annotations: - description: Deployment generation for {{ $labels.namespace }}/{{ $labels.deployment - }} does not match, this indicates that the Deployment has failed but has - not been rolled back. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentgenerationmismatch - summary: Deployment generation mismatch due to possible roll-back - expr: | - kube_deployment_status_observed_generation{job="kube-state-metrics"} - != - kube_deployment_metadata_generation{job="kube-state-metrics"} - for: 15m - labels: - severity: warning - - alert: KubeDeploymentReplicasMismatch - annotations: - description: Deployment {{ $labels.namespace }}/{{ $labels.deployment }} has - not matched the expected number of replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentreplicasmismatch - summary: Deployment has not matched the expected number of replicas. - expr: | - ( - kube_deployment_spec_replicas{job="kube-state-metrics"} - != - kube_deployment_status_replicas_available{job="kube-state-metrics"} - ) and ( - changes(kube_deployment_status_replicas_updated{job="kube-state-metrics"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning - - alert: KubeStatefulSetReplicasMismatch - annotations: - description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} - has not matched the expected number of replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetreplicasmismatch - summary: Deployment has not matched the expected number of replicas. - expr: | - ( - kube_statefulset_status_replicas_ready{job="kube-state-metrics"} - != - kube_statefulset_status_replicas{job="kube-state-metrics"} - ) and ( - changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning - - alert: KubeStatefulSetGenerationMismatch - annotations: - description: StatefulSet generation for {{ $labels.namespace }}/{{ $labels.statefulset - }} does not match, this indicates that the StatefulSet has failed but has - not been rolled back. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetgenerationmismatch - summary: StatefulSet generation mismatch due to possible roll-back - expr: | - kube_statefulset_status_observed_generation{job="kube-state-metrics"} - != - kube_statefulset_metadata_generation{job="kube-state-metrics"} - for: 15m - labels: - severity: warning - - alert: KubeStatefulSetUpdateNotRolledOut - annotations: - description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} - update has not been rolled out. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetupdatenotrolledout - summary: StatefulSet update has not been rolled out. - expr: | - ( - max without (revision) ( - kube_statefulset_status_current_revision{job="kube-state-metrics"} - unless - kube_statefulset_status_update_revision{job="kube-state-metrics"} - ) - * - ( - kube_statefulset_replicas{job="kube-state-metrics"} - != - kube_statefulset_status_replicas_updated{job="kube-state-metrics"} - ) - ) and ( - changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning - - alert: KubeDaemonSetRolloutStuck - annotations: - description: DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} has - not finished or progressed for at least 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetrolloutstuck - summary: DaemonSet rollout is stuck. - expr: | - ( - ( - kube_daemonset_status_current_number_scheduled{job="kube-state-metrics"} - != - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} - ) or ( - kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} - != - 0 - ) or ( - kube_daemonset_updated_number_scheduled{job="kube-state-metrics"} - != - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} - ) or ( - kube_daemonset_status_number_available{job="kube-state-metrics"} - != - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} - ) - ) and ( - changes(kube_daemonset_updated_number_scheduled{job="kube-state-metrics"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning - - alert: KubeContainerWaiting - annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} container {{ $labels.container}} - has been in waiting state for longer than 1 hour. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontainerwaiting - summary: Pod container waiting longer than 1 hour - expr: | - sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics"}) > 0 - for: 1h - labels: - severity: warning - - alert: KubeDaemonSetNotScheduled - annotations: - description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset - }} are not scheduled.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetnotscheduled - summary: DaemonSet pods are not scheduled. - expr: | - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} - - - kube_daemonset_status_current_number_scheduled{job="kube-state-metrics"} > 0 - for: 10m - labels: - severity: warning - - alert: KubeDaemonSetMisScheduled - annotations: - description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset - }} are running where they are not supposed to run.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetmisscheduled - summary: DaemonSet pods are misscheduled. - expr: | - kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} > 0 - for: 15m - labels: - severity: warning - - alert: KubeJobCompletion - annotations: - description: Job {{ $labels.namespace }}/{{ $labels.job_name }} is taking - more than 12 hours to complete. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobcompletion - summary: Job did not complete in time - expr: | - kube_job_spec_completions{job="kube-state-metrics"} - kube_job_status_succeeded{job="kube-state-metrics"} > 0 - for: 12h - labels: - severity: warning - - alert: KubeJobFailed - annotations: - description: Job {{ $labels.namespace }}/{{ $labels.job_name }} failed to - complete. Removing failed job after investigation should clear this alert. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobfailed - summary: Job failed to complete. - expr: | - kube_job_failed{job="kube-state-metrics"} > 0 - for: 15m - labels: - severity: warning - - alert: KubeHpaReplicasMismatch - annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has not matched - the desired number of replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpareplicasmismatch - summary: HPA has not matched descired number of replicas. - expr: | - (kube_hpa_status_desired_replicas{job="kube-state-metrics"} - != - kube_hpa_status_current_replicas{job="kube-state-metrics"}) - and - (kube_hpa_status_current_replicas{job="kube-state-metrics"} - > - kube_hpa_spec_min_replicas{job="kube-state-metrics"}) - and - (kube_hpa_status_current_replicas{job="kube-state-metrics"} - < - kube_hpa_spec_max_replicas{job="kube-state-metrics"}) - and - changes(kube_hpa_status_current_replicas[15m]) == 0 - for: 15m - labels: - severity: warning - - alert: KubeHpaMaxedOut - annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has been running - at max replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpamaxedout - summary: HPA is running at max replicas - expr: | - kube_hpa_status_current_replicas{job="kube-state-metrics"} - == - kube_hpa_spec_max_replicas{job="kube-state-metrics"} - for: 15m - labels: - severity: warning - - name: kubernetes-resources - rules: - - alert: KubeCPUOvercommit - annotations: - description: Cluster has overcommitted CPU resource requests for Pods and - cannot tolerate node failure. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuovercommit - summary: Cluster has overcommitted CPU resource requests. - expr: | - sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{}) - / - sum(kube_node_status_allocatable_cpu_cores) - > - (count(kube_node_status_allocatable_cpu_cores)-1) / count(kube_node_status_allocatable_cpu_cores) - for: 5m - labels: - severity: warning - - alert: KubeMemoryOvercommit - annotations: - description: Cluster has overcommitted memory resource requests for Pods and - cannot tolerate node failure. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryovercommit - summary: Cluster has overcommitted memory resource requests. - expr: | - sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{}) - / - sum(kube_node_status_allocatable_memory_bytes) - > - (count(kube_node_status_allocatable_memory_bytes)-1) - / - count(kube_node_status_allocatable_memory_bytes) - for: 5m - labels: - severity: warning - - alert: KubeCPUQuotaOvercommit - annotations: - description: Cluster has overcommitted CPU resource requests for Namespaces. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuquotaovercommit - summary: Cluster has overcommitted CPU resource requests. - expr: | - sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) - / - sum(kube_node_status_allocatable_cpu_cores) - > 1.5 - for: 5m - labels: - severity: warning - - alert: KubeMemoryQuotaOvercommit - annotations: - description: Cluster has overcommitted memory resource requests for Namespaces. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryquotaovercommit - summary: Cluster has overcommitted memory resource requests. - expr: | - sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) - / - sum(kube_node_status_allocatable_memory_bytes{job="kube-state-metrics"}) - > 1.5 - for: 5m - labels: - severity: warning - - alert: KubeQuotaAlmostFull - annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage - }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaalmostfull - summary: Namespace quota is going to be full. - expr: | - kube_resourcequota{job="kube-state-metrics", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) - > 0.9 < 1 - for: 15m - labels: - severity: info - - alert: KubeQuotaFullyUsed - annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage - }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotafullyused - summary: Namespace quota is fully used. - expr: | - kube_resourcequota{job="kube-state-metrics", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) - == 1 - for: 15m - labels: - severity: info - - alert: KubeQuotaExceeded - annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage - }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaexceeded - summary: Namespace quota has exceeded the limits. - expr: | - kube_resourcequota{job="kube-state-metrics", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) - > 1 - for: 15m - labels: - severity: warning - - alert: CPUThrottlingHigh - annotations: - description: '{{ $value | humanizePercentage }} throttling of CPU in namespace - {{ $labels.namespace }} for container {{ $labels.container }} in pod {{ - $labels.pod }}.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/cputhrottlinghigh - summary: Processes experience elevated CPU throttling. - expr: | - sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) - / - sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace) - > ( 25 / 100 ) - for: 15m - labels: - severity: info - - name: kubernetes-storage - rules: - - alert: KubePersistentVolumeFillingUp - annotations: - description: The PersistentVolume claimed by {{ $labels.persistentvolumeclaim - }} in Namespace {{ $labels.namespace }} is only {{ $value | humanizePercentage - }} free. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup - summary: PersistentVolume is filling up. - expr: | - kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} - / - kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} - < 0.03 - for: 1m - labels: - severity: critical - - alert: KubePersistentVolumeFillingUp - annotations: - description: Based on recent sampling, the PersistentVolume claimed by {{ - $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is - expected to fill up within four days. Currently {{ $value | humanizePercentage - }} is available. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup - summary: PersistentVolume is filling up. - expr: | - ( - kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} - / - kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} - ) < 0.15 - and - predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 - for: 1h - labels: - severity: warning - - alert: KubePersistentVolumeErrors - annotations: - description: The persistent volume {{ $labels.persistentvolume }} has status - {{ $labels.phase }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumeerrors - summary: PersistentVolume is having issues with provisioning. - expr: | - kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 - for: 5m - labels: - severity: critical - - name: kubernetes-system - rules: - - alert: KubeVersionMismatch - annotations: - description: There are {{ $value }} different semantic versions of Kubernetes - components running. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeversionmismatch - summary: Different semantic versions of Kubernetes components running. - expr: | - count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*).*"))) > 1 - for: 15m - labels: - severity: warning - - alert: KubeClientErrors - annotations: - description: Kubernetes API server client '{{ $labels.job }}/{{ $labels.instance - }}' is experiencing {{ $value | humanizePercentage }} errors.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclienterrors - summary: Kubernetes API server client is experiencing errors. - expr: | - (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) - / - sum(rate(rest_client_requests_total[5m])) by (instance, job)) - > 0.01 - for: 15m - labels: - severity: warning - - name: kube-apiserver-slos - rules: - - alert: KubeAPIErrorBudgetBurn - annotations: - description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: | - sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) - and - sum(apiserver_request:burnrate5m) > (14.40 * 0.01000) - for: 2m - labels: - long: 1h - severity: critical - short: 5m - - alert: KubeAPIErrorBudgetBurn - annotations: - description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: | - sum(apiserver_request:burnrate6h) > (6.00 * 0.01000) - and - sum(apiserver_request:burnrate30m) > (6.00 * 0.01000) - for: 15m - labels: - long: 6h - severity: critical - short: 30m - - alert: KubeAPIErrorBudgetBurn - annotations: - description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: | - sum(apiserver_request:burnrate1d) > (3.00 * 0.01000) - and - sum(apiserver_request:burnrate2h) > (3.00 * 0.01000) - for: 1h - labels: - long: 1d - severity: warning - short: 2h - - alert: KubeAPIErrorBudgetBurn - annotations: - description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: | - sum(apiserver_request:burnrate3d) > (1.00 * 0.01000) - and - sum(apiserver_request:burnrate6h) > (1.00 * 0.01000) - for: 3h - labels: - long: 3d - severity: warning - short: 6h - - name: kubernetes-system-apiserver - rules: - - alert: KubeClientCertificateExpiration - annotations: - description: A client certificate used to authenticate to the apiserver is - expiring in less than 7.0 days. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration - summary: Client certificate is about to expire. - expr: | - apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 - labels: - severity: warning - - alert: KubeClientCertificateExpiration - annotations: - description: A client certificate used to authenticate to the apiserver is - expiring in less than 24.0 hours. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration - summary: Client certificate is about to expire. - expr: | - apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 - labels: - severity: critical - - alert: AggregatedAPIErrors - annotations: - description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} - has reported errors. The number of errors have increased for it in the past - five minutes. High values indicate that the availability of the service - changes too often. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapierrors - summary: An aggregated API has reported errors. - expr: | - sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[5m])) > 2 - labels: - severity: warning - - alert: AggregatedAPIDown - annotations: - description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} - has been only {{ $value | humanize }}% available over the last 10m. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapidown - summary: An aggregated API is down. - expr: | - (1 - max by(name, namespace)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 - for: 5m - labels: - severity: warning - - alert: KubeAPIDown - annotations: - description: KubeAPI has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapidown - summary: Target disappeared from Prometheus target discovery. - expr: | - absent(up{job="apiserver"} == 1) - for: 15m - labels: - severity: critical - - name: kubernetes-system-kubelet - rules: - - alert: KubeNodeNotReady - annotations: - description: '{{ $labels.node }} has been unready for more than 15 minutes.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodenotready - summary: Node is not ready. - expr: | - kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 - for: 15m - labels: - severity: warning - - alert: KubeNodeUnreachable - annotations: - description: '{{ $labels.node }} is unreachable and some workloads may be - rescheduled.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodeunreachable - summary: Node is unreachable. - expr: | - (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1 - for: 15m - labels: - severity: warning - - alert: KubeletTooManyPods - annotations: - description: Kubelet '{{ $labels.node }}' is running at {{ $value | humanizePercentage - }} of its Pod capacity. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubelettoomanypods - summary: Kubelet is running at capacity. - expr: | - count by(node) ( - (kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"}) - ) - / - max by(node) ( - kube_node_status_capacity_pods{job="kube-state-metrics"} != 1 - ) > 0.95 - for: 15m - labels: - severity: warning - - alert: KubeNodeReadinessFlapping - annotations: - description: The readiness status of node {{ $labels.node }} has changed {{ - $value }} times in the last 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodereadinessflapping - summary: Node readiness status is flapping. - expr: | - sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2 - for: 15m - labels: - severity: warning - - alert: KubeletPlegDurationHigh - annotations: - description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile - duration of {{ $value }} seconds on node {{ $labels.node }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletplegdurationhigh - summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. - expr: | - node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 - for: 5m - labels: - severity: warning - - alert: KubeletPodStartUpLatencyHigh - annotations: - description: Kubelet Pod startup 99th percentile latency is {{ $value }} seconds - on node {{ $labels.node }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletpodstartuplatencyhigh - summary: Kubelet Pod startup latency is too high. - expr: | - histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60 - for: 15m - labels: - severity: warning - - alert: KubeletClientCertificateExpiration - annotations: - description: Client certificate for Kubelet on node {{ $labels.node }} expires - in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration - summary: Kubelet client certificate is about to expire. - expr: | - kubelet_certificate_manager_client_ttl_seconds < 604800 - labels: - severity: warning - - alert: KubeletClientCertificateExpiration - annotations: - description: Client certificate for Kubelet on node {{ $labels.node }} expires - in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration - summary: Kubelet client certificate is about to expire. - expr: | - kubelet_certificate_manager_client_ttl_seconds < 86400 - labels: - severity: critical - - alert: KubeletServerCertificateExpiration - annotations: - description: Server certificate for Kubelet on node {{ $labels.node }} expires - in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration - summary: Kubelet server certificate is about to expire. - expr: | - kubelet_certificate_manager_server_ttl_seconds < 604800 - labels: - severity: warning - - alert: KubeletServerCertificateExpiration - annotations: - description: Server certificate for Kubelet on node {{ $labels.node }} expires - in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration - summary: Kubelet server certificate is about to expire. - expr: | - kubelet_certificate_manager_server_ttl_seconds < 86400 - labels: - severity: critical - - alert: KubeletClientCertificateRenewalErrors - annotations: - description: Kubelet on node {{ $labels.node }} has failed to renew its client - certificate ({{ $value | humanize }} errors in the last 5 minutes). - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificaterenewalerrors - summary: Kubelet has failed to renew its client certificate. - expr: | - increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0 - for: 15m - labels: - severity: warning - - alert: KubeletServerCertificateRenewalErrors - annotations: - description: Kubelet on node {{ $labels.node }} has failed to renew its server - certificate ({{ $value | humanize }} errors in the last 5 minutes). - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificaterenewalerrors - summary: Kubelet has failed to renew its server certificate. - expr: | - increase(kubelet_server_expiration_renew_errors[5m]) > 0 - for: 15m - labels: - severity: warning - - alert: KubeletDown - annotations: - description: Kubelet has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletdown - summary: Target disappeared from Prometheus target discovery. - expr: | - absent(up{job="kubelet", metrics_path="/metrics"} == 1) - for: 15m - labels: - severity: critical - - name: kubernetes-system-scheduler - rules: - - alert: KubeSchedulerDown - annotations: - description: KubeScheduler has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeschedulerdown - summary: Target disappeared from Prometheus target discovery. - expr: | - absent(up{job="kube-scheduler"} == 1) - for: 15m - labels: - severity: critical - - name: kubernetes-system-controller-manager - rules: - - alert: KubeControllerManagerDown - annotations: - description: KubeControllerManager has disappeared from Prometheus target - discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontrollermanagerdown - summary: Target disappeared from Prometheus target discovery. - expr: | - absent(up{job="kube-controller-manager"} == 1) - for: 15m - labels: - severity: critical - - name: prometheus - rules: - - alert: PrometheusBadConfig - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to - reload its configuration. - summary: Failed Prometheus configuration reload. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(prometheus_config_last_reload_successful{job="prometheus-k8s",namespace="monitoring"}[5m]) == 0 - for: 10m - labels: - severity: critical - - alert: PrometheusNotificationQueueRunningFull - annotations: - description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} - is running full. - summary: Prometheus alert notification queue predicted to run full in less - than 30m. - expr: | - # Without min_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - ( - predict_linear(prometheus_notifications_queue_length{job="prometheus-k8s",namespace="monitoring"}[5m], 60 * 30) - > - min_over_time(prometheus_notifications_queue_capacity{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - for: 15m - labels: - severity: warning - - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers - annotations: - description: '{{ printf "%.1f" $value }}% errors while sending alerts from - Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' - summary: Prometheus has encountered more than 1% errors sending alerts to - a specific Alertmanager. - expr: | - ( - rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - / - rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - * 100 - > 1 - for: 15m - labels: - severity: warning - - alert: PrometheusNotConnectedToAlertmanagers - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected - to any Alertmanagers. - summary: Prometheus is not connected to any Alertmanagers. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(prometheus_notifications_alertmanagers_discovered{job="prometheus-k8s",namespace="monitoring"}[5m]) < 1 - for: 10m - labels: - severity: warning - - alert: PrometheusTSDBReloadsFailing - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected - {{$value | humanize}} reload failures over the last 3h. - summary: Prometheus has issues reloading blocks from disk. - expr: | - increase(prometheus_tsdb_reloads_failures_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 - for: 4h - labels: - severity: warning - - alert: PrometheusTSDBCompactionsFailing - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected - {{$value | humanize}} compaction failures over the last 3h. - summary: Prometheus has issues compacting blocks. - expr: | - increase(prometheus_tsdb_compactions_failed_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 - for: 4h - labels: - severity: warning - - alert: PrometheusNotIngestingSamples - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting - samples. - summary: Prometheus is not ingesting samples. - expr: | - ( - rate(prometheus_tsdb_head_samples_appended_total{job="prometheus-k8s",namespace="monitoring"}[5m]) <= 0 - and - ( - sum without(scrape_job) (prometheus_target_metadata_cache_entries{job="prometheus-k8s",namespace="monitoring"}) > 0 - or - sum without(rule_group) (prometheus_rule_group_rules{job="prometheus-k8s",namespace="monitoring"}) > 0 - ) - ) - for: 10m - labels: - severity: warning - - alert: PrometheusDuplicateTimestamps - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping - {{ printf "%.4g" $value }} samples/s with different values but duplicated - timestamp. - summary: Prometheus is dropping samples with duplicate timestamps. - expr: | - rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 10m - labels: - severity: warning - - alert: PrometheusOutOfOrderTimestamps - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping - {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. - summary: Prometheus drops samples with out-of-order timestamps. - expr: | - rate(prometheus_target_scrapes_sample_out_of_order_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 10m - labels: - severity: warning - - alert: PrometheusRemoteStorageFailures - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send - {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ - $labels.url }} - summary: Prometheus fails to send samples to remote storage. - expr: | - ( - rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - / - ( - rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - + - rate(prometheus_remote_storage_succeeded_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - ) - * 100 - > 1 - for: 15m - labels: - severity: critical - - alert: PrometheusRemoteWriteBehind - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write - is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url - }}. - summary: Prometheus remote write is behind. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - ( - max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="prometheus-k8s",namespace="monitoring"}[5m]) - - ignoring(remote_name, url) group_right - max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - > 120 - for: 15m - labels: - severity: critical - - alert: PrometheusRemoteWriteDesiredShards - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write - desired shards calculation wants to run {{ $value }} shards for queue {{ - $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ - printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="monitoring"}` - $labels.instance | query | first | value }}. - summary: Prometheus remote write desired shards calculation wants to run more - than configured max shards. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - ( - max_over_time(prometheus_remote_storage_shards_desired{job="prometheus-k8s",namespace="monitoring"}[5m]) - > - max_over_time(prometheus_remote_storage_shards_max{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - for: 15m - labels: - severity: warning - - alert: PrometheusRuleFailures - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to - evaluate {{ printf "%.0f" $value }} rules in the last 5m. - summary: Prometheus is failing rule evaluations. - expr: | - increase(prometheus_rule_evaluation_failures_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 15m - labels: - severity: critical - - alert: PrometheusMissingRuleEvaluations - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ - printf "%.0f" $value }} rule group evaluations in the last 5m. - summary: Prometheus is missing rule evaluations due to slow rule group evaluation. - expr: | - increase(prometheus_rule_group_iterations_missed_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 15m - labels: - severity: warning - - alert: PrometheusTargetLimitHit - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped - {{ printf "%.0f" $value }} targets because the number of targets exceeded - the configured target_limit. - summary: Prometheus has dropped targets because some scrape configs have exceeded - the targets limit. - expr: | - increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 15m - labels: - severity: warning - - alert: PrometheusErrorSendingAlertsToAnyAlertmanager - annotations: - description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts - from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' - summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. - expr: | - min without (alertmanager) ( - rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - / - rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - * 100 - > 3 - for: 15m - labels: - severity: critical - - name: general.rules - rules: - - alert: TargetDown - annotations: - message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service - }} targets in {{ $labels.namespace }} namespace are down.' - expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, - namespace, service)) > 10 - for: 10m - labels: - severity: warning - - alert: Watchdog - annotations: - message: | - This is an alert meant to ensure that the entire alerting pipeline is functional. - This alert is always firing, therefore it should always be firing in Alertmanager - and always fire against a receiver. There are integrations with various notification - mechanisms that send a notification when this alert is not firing. For example the - "DeadMansSnitch" integration in PagerDuty. - expr: vector(1) - labels: - severity: none - - name: node-network - rules: - - alert: NodeNetworkInterfaceFlapping - annotations: - message: Network interface "{{ $labels.device }}" changing it's up status - often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}" - expr: | - changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 - for: 2m - labels: - severity: warning diff --git a/monitoring/manifests/prometheus-service.yaml b/monitoring/manifests/prometheus-service.yaml index 4f61e88..2906ad3 100644 --- a/monitoring/manifests/prometheus-service.yaml +++ b/monitoring/manifests/prometheus-service.yaml @@ -2,9 +2,13 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 prometheus: k8s name: prometheus-k8s - namespace: monitoring + namespace: default spec: ports: - name: web @@ -12,5 +16,8 @@ spec: targetPort: web selector: app: prometheus + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus prometheus: k8s sessionAffinity: ClientIP diff --git a/monitoring/manifests/prometheus-serviceAccount.yaml b/monitoring/manifests/prometheus-serviceAccount.yaml index 3e55fad..89e590a 100644 --- a/monitoring/manifests/prometheus-serviceAccount.yaml +++ b/monitoring/manifests/prometheus-serviceAccount.yaml @@ -1,5 +1,10 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/prometheus-serviceMonitor.yaml b/monitoring/manifests/prometheus-serviceMonitor.yaml index b7605db..6169d3e 100644 --- a/monitoring/manifests/prometheus-serviceMonitor.yaml +++ b/monitoring/manifests/prometheus-serviceMonitor.yaml @@ -2,13 +2,19 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - k8s-app: prometheus - name: prometheus - namespace: monitoring + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.26.0 + name: prometheus-k8s + namespace: default spec: endpoints: - interval: 30s port: web selector: matchLabels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus prometheus: k8s diff --git a/monitoring/manifests/prometheus-serviceMonitorApiserver.yaml b/monitoring/manifests/prometheus-serviceMonitorApiserver.yaml deleted file mode 100644 index 1ff61fe..0000000 --- a/monitoring/manifests/prometheus-serviceMonitorApiserver.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-app: apiserver - name: kube-apiserver - namespace: monitoring -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - interval: 30s - metricRelabelings: - - action: drop - regex: kubelet_(pod_worker_latency_microseconds|pod_start_latency_microseconds|cgroup_manager_latency_microseconds|pod_worker_start_latency_microseconds|pleg_relist_latency_microseconds|pleg_relist_interval_microseconds|runtime_operations|runtime_operations_latency_microseconds|runtime_operations_errors|eviction_stats_age_microseconds|device_plugin_registration_count|device_plugin_alloc_latency_microseconds|network_plugin_operations_latency_microseconds) - sourceLabels: - - __name__ - - action: drop - regex: scheduler_(e2e_scheduling_latency_microseconds|scheduling_algorithm_predicate_evaluation|scheduling_algorithm_priority_evaluation|scheduling_algorithm_preemption_evaluation|scheduling_algorithm_latency_microseconds|binding_latency_microseconds|scheduling_latency_seconds) - sourceLabels: - - __name__ - - action: drop - regex: apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs) - sourceLabels: - - __name__ - - action: drop - regex: kubelet_docker_(operations|operations_latency_microseconds|operations_errors|operations_timeout) - sourceLabels: - - __name__ - - action: drop - regex: reflector_(items_per_list|items_per_watch|list_duration_seconds|lists_total|short_watches_total|watch_duration_seconds|watches_total) - sourceLabels: - - __name__ - - action: drop - regex: etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary) - sourceLabels: - - __name__ - - action: drop - regex: transformation_(transformation_latencies_microseconds|failures_total) - sourceLabels: - - __name__ - - action: drop - regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries) - sourceLabels: - - __name__ - - action: drop - regex: etcd_(debugging|disk|server).* - sourceLabels: - - __name__ - - action: drop - regex: apiserver_admission_controller_admission_latencies_seconds_.* - sourceLabels: - - __name__ - - action: drop - regex: apiserver_admission_step_admission_latencies_seconds_.* - sourceLabels: - - __name__ - - action: drop - regex: apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50) - sourceLabels: - - __name__ - - le - port: https - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - serverName: kubernetes - jobLabel: component - namespaceSelector: - matchNames: - - default - selector: - matchLabels: - component: apiserver - provider: kubernetes diff --git a/monitoring/manifests/prometheus-serviceMonitorCoreDNS.yaml b/monitoring/manifests/prometheus-serviceMonitorCoreDNS.yaml deleted file mode 100644 index 633aa18..0000000 --- a/monitoring/manifests/prometheus-serviceMonitorCoreDNS.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-app: coredns - name: coredns - namespace: monitoring -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - interval: 15s - port: metrics - jobLabel: k8s-app - namespaceSelector: - matchNames: - - kube-system - selector: - matchLabels: - k8s-app: kube-dns diff --git a/monitoring/manifests/prometheus-serviceMonitorKubeControllerManager.yaml b/monitoring/manifests/prometheus-serviceMonitorKubeControllerManager.yaml index 7f20fce..dda142c 100644 --- a/monitoring/manifests/prometheus-serviceMonitorKubeControllerManager.yaml +++ b/monitoring/manifests/prometheus-serviceMonitorKubeControllerManager.yaml @@ -1,10 +1,3 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-app: kube-controller-manager - name: kube-controller-manager - namespace: monitoring spec: endpoints: - interval: 30s @@ -46,10 +39,3 @@ spec: sourceLabels: - __name__ port: http-metrics - jobLabel: k8s-app - namespaceSelector: - matchNames: - - kube-system - selector: - matchLabels: - k8s-app: kube-controller-manager diff --git a/monitoring/manifests/prometheus-serviceMonitorKubeScheduler.yaml b/monitoring/manifests/prometheus-serviceMonitorKubeScheduler.yaml index f00db0e..8d4fbcd 100644 --- a/monitoring/manifests/prometheus-serviceMonitorKubeScheduler.yaml +++ b/monitoring/manifests/prometheus-serviceMonitorKubeScheduler.yaml @@ -1,18 +1,4 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-app: kube-scheduler - name: kube-scheduler - namespace: monitoring spec: endpoints: - interval: 30s port: http-metrics - jobLabel: k8s-app - namespaceSelector: - matchNames: - - kube-system - selector: - matchLabels: - k8s-app: kube-scheduler diff --git a/monitoring/manifests/prometheus-serviceMonitorKubelet.yaml b/monitoring/manifests/prometheus-serviceMonitorKubelet.yaml deleted file mode 100644 index 7db47ef..0000000 --- a/monitoring/manifests/prometheus-serviceMonitorKubelet.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-app: kubelet - name: kubelet - namespace: monitoring -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - interval: 30s - metricRelabelings: - - action: drop - regex: kubelet_(pod_worker_latency_microseconds|pod_start_latency_microseconds|cgroup_manager_latency_microseconds|pod_worker_start_latency_microseconds|pleg_relist_latency_microseconds|pleg_relist_interval_microseconds|runtime_operations|runtime_operations_latency_microseconds|runtime_operations_errors|eviction_stats_age_microseconds|device_plugin_registration_count|device_plugin_alloc_latency_microseconds|network_plugin_operations_latency_microseconds) - sourceLabels: - - __name__ - - action: drop - regex: scheduler_(e2e_scheduling_latency_microseconds|scheduling_algorithm_predicate_evaluation|scheduling_algorithm_priority_evaluation|scheduling_algorithm_preemption_evaluation|scheduling_algorithm_latency_microseconds|binding_latency_microseconds|scheduling_latency_seconds) - sourceLabels: - - __name__ - - action: drop - regex: apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs) - sourceLabels: - - __name__ - - action: drop - regex: kubelet_docker_(operations|operations_latency_microseconds|operations_errors|operations_timeout) - sourceLabels: - - __name__ - - action: drop - regex: reflector_(items_per_list|items_per_watch|list_duration_seconds|lists_total|short_watches_total|watch_duration_seconds|watches_total) - sourceLabels: - - __name__ - - action: drop - regex: etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary) - sourceLabels: - - __name__ - - action: drop - regex: transformation_(transformation_latencies_microseconds|failures_total) - sourceLabels: - - __name__ - - action: drop - regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries) - sourceLabels: - - __name__ - port: https-metrics - relabelings: - - sourceLabels: - - __metrics_path__ - targetLabel: metrics_path - scheme: https - tlsConfig: - insecureSkipVerify: true - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - honorTimestamps: false - interval: 30s - metricRelabelings: - - action: drop - regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) - sourceLabels: - - __name__ - path: /metrics/cadvisor - port: https-metrics - relabelings: - - sourceLabels: - - __metrics_path__ - targetLabel: metrics_path - scheme: https - tlsConfig: - insecureSkipVerify: true - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - interval: 30s - path: /metrics/probes - port: https-metrics - relabelings: - - sourceLabels: - - __metrics_path__ - targetLabel: metrics_path - scheme: https - tlsConfig: - insecureSkipVerify: true - jobLabel: k8s-app - namespaceSelector: - matchNames: - - kube-system - selector: - matchLabels: - k8s-app: kubelet diff --git a/monitoring/manifests/setup/0namespace-namespace.yaml b/monitoring/manifests/setup/0namespace-namespace.yaml index d325236..5efde87 100644 --- a/monitoring/manifests/setup/0namespace-namespace.yaml +++ b/monitoring/manifests/setup/0namespace-namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: monitoring + name: default diff --git a/monitoring/manifests/setup/0namespace-prometheusRule.yaml b/monitoring/manifests/setup/0namespace-prometheusRule.yaml new file mode 100644 index 0000000..a47e1aa --- /dev/null +++ b/monitoring/manifests/setup/0namespace-prometheusRule.yaml @@ -0,0 +1,76 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-prometheus + app.kubernetes.io/part-of: kube-prometheus + prometheus: k8s + role: alert-rules + name: kube-prometheus-rules + namespace: default +spec: + groups: + - name: general.rules + rules: + - alert: TargetDown + annotations: + description: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service + }} targets in {{ $labels.namespace }} namespace are down.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/targetdown + summary: One or more targets are unreachable. + expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, + namespace, service)) > 10 + for: 10m + labels: + severity: warning + - alert: Watchdog + annotations: + description: | + This is an alert meant to ensure that the entire alerting pipeline is functional. + This alert is always firing, therefore it should always be firing in Alertmanager + and always fire against a receiver. There are integrations with various notification + mechanisms that send a notification when this alert is not firing. For example the + "DeadMansSnitch" integration in PagerDuty. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/watchdog + summary: An alert that should always be firing to certify that Alertmanager + is working properly. + expr: vector(1) + labels: + severity: none + - name: node-network + rules: + - alert: NodeNetworkInterfaceFlapping + annotations: + message: Network interface "{{ $labels.device }}" changing it's up status + often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }} + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkinterfaceflapping + expr: | + changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 + for: 2m + labels: + severity: warning + - name: kube-prometheus-node-recording.rules + rules: + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) + BY (instance) + record: instance:node_cpu:rate:sum + - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) + record: instance:node_network_receive_bytes:rate:sum + - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) + record: instance:node_network_transmit_bytes:rate:sum + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) + WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) + BY (instance, cpu)) BY (instance) + record: instance:node_cpu:ratio + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) + record: cluster:node_cpu:sum_rate5m + - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) + BY (instance, cpu)) + record: cluster:node_cpu:ratio + - name: kube-prometheus-general.rules + rules: + - expr: count without(instance, pod, node) (up == 1) + record: count:up1 + - expr: count without(instance, pod, node) (up == 0) + record: count:up0 diff --git a/monitoring/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml b/monitoring/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml index ce4d1bb..88bfb18 100644 --- a/monitoring/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml +++ b/monitoring/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: AlertmanagerConfig listKind: AlertmanagerConfigList plural: alertmanagerconfigs @@ -60,6 +62,7 @@ spec: properties: name: description: Label to match. + minLength: 1 type: string regex: description: Whether to match on equality (false) or regular-expression @@ -70,7 +73,6 @@ spec: type: string required: - name - - value type: object type: array targetMatch: @@ -82,6 +84,7 @@ spec: properties: name: description: Label to match. + minLength: 1 type: string regex: description: Whether to match on equality (false) or regular-expression @@ -92,7 +95,6 @@ spec: type: string required: - name - - value type: object type: array type: object @@ -108,9 +110,13 @@ spec: description: EmailConfig configures notifications via Email. properties: authIdentity: + description: The identity to use for authentication. type: string authPassword: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the password + to use for authentication. The secret needs to be in + the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must @@ -129,7 +135,10 @@ spec: - key type: object authSecret: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the CRAM-MD5 + secret. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. properties: key: description: The key of the secret to select from. Must @@ -148,7 +157,7 @@ spec: - key type: object authUsername: - description: SMTP authentication information. + description: The username to use for authentication. type: string from: description: The sender address. @@ -162,6 +171,7 @@ spec: properties: key: description: Key of the tuple. + minLength: 1 type: string value: description: Value of the tuple. @@ -321,6 +331,7 @@ spec: name: description: Name of the receiver. Must be unique across all items from the list. + minLength: 1 type: string opsgenieConfigs: description: List of OpsGenie configurations. @@ -364,6 +375,7 @@ spec: properties: key: description: Key of the tuple. + minLength: 1 type: string value: description: Value of the tuple. @@ -590,8 +602,8 @@ spec: description: List of responders responsible for notifications. items: description: OpsGenieConfigResponder defines a responder - to an incident. One of id, name or username has to - be defined. + to an incident. One of `id`, `name` or `username` + has to be defined. properties: id: description: ID of the responder. @@ -601,10 +613,13 @@ spec: type: string type: description: Type of responder. + minLength: 1 type: string username: description: Username of the responder. type: string + required: + - type type: object type: array sendResolved: @@ -649,6 +664,7 @@ spec: properties: key: description: Key of the tuple. + minLength: 1 type: string value: description: Value of the tuple. @@ -1163,8 +1179,11 @@ spec: description: Notification title. type: string token: - description: Your registered application’s API token, - see https://pushover.net/apps + description: The secret's key that contains the registered + application’s API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. properties: key: description: The key of the secret to select from. Must @@ -1190,7 +1209,10 @@ spec: just the URL is shown type: string userKey: - description: The recipient user’s user key. + description: The secret's key that contains the recipient + user’s user key. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must @@ -1237,6 +1259,7 @@ spec: okText: type: string text: + minLength: 1 type: string title: type: string @@ -1248,8 +1271,10 @@ spec: style: type: string text: + minLength: 1 type: string type: + minLength: 1 type: string url: type: string @@ -1307,8 +1332,10 @@ spec: short: type: boolean title: + minLength: 1 type: string value: + minLength: 1 type: string required: - title @@ -1558,8 +1585,10 @@ spec: VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config properties: apiKey: - description: The API key to use when talking to the VictorOps - API. + description: The secret's key that contains the API key + to use when talking to the VictorOps API. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must @@ -1587,6 +1616,7 @@ spec: properties: key: description: Key of the tuple. + minLength: 1 type: string value: description: Value of the tuple. @@ -1820,8 +1850,6 @@ spec: description: Contains long explanation of the alerted problem. type: string - required: - - routingKey type: object type: array webhookConfigs: @@ -2035,8 +2063,9 @@ spec: type: object maxAlerts: description: Maximum number of alerts to be sent per webhook - message. + message. When 0, all alerts are included. format: int32 + minimum: 0 type: integer sendResolved: description: Whether or not to notify about resolved alerts. @@ -2334,8 +2363,8 @@ spec: type: array route: description: The Alertmanager route definition for alerts matching - the resource’s namespace. It will be added to the generated Alertmanager - configuration as a first-level route. + the resource’s namespace. If present, it will be added to the generated + Alertmanager configuration as a first-level route. properties: continue: description: Boolean indicating whether an alert should continue @@ -2367,6 +2396,7 @@ spec: properties: name: description: Label to match. + minLength: 1 type: string regex: description: Whether to match on equality (false) or regular-expression @@ -2377,13 +2407,11 @@ spec: type: string required: - name - - value type: object type: array receiver: - description: Name of the receiver for this route. If present, - it should be listed in the `receivers` field. The field can - be omitted only for nested routes otherwise it is mandatory. + description: Name of the receiver for this route. If not empty, + it should be listed in the `receivers` field. type: string repeatInterval: description: How long to wait before repeating the last notification. diff --git a/monitoring/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml b/monitoring/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml index 675e3e6..69b03b8 100644 --- a/monitoring/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml +++ b/monitoring/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: Alertmanager listKind: AlertmanagerList plural: alertmanagers diff --git a/monitoring/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/monitoring/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml index 102e7dc..cfc49a1 100644 --- a/monitoring/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml +++ b/monitoring/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: PodMonitor listKind: PodMonitorList plural: podmonitors @@ -197,8 +199,10 @@ spec: to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before ingestion. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to samples before scraping. + Prometheus Operator automatically adds relabelings for a few + standard Kubernetes fields and replaces original scrape job + name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It diff --git a/monitoring/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/monitoring/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index ec0210c..687e87e 100644 --- a/monitoring/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/monitoring/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: Probe listKind: ProbeList plural: probes @@ -35,6 +37,68 @@ spec: description: Specification of desired Ingress selection for target discovery by Prometheus. properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic + authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. + The secret needs to be in the same namespace as the probe and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object interval: description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. @@ -190,6 +254,52 @@ spec: description: Labels assigned to all metrics scraped from the targets. type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array static: description: Targets is a list of URLs to probe using the configured prober. @@ -198,6 +308,112 @@ spec: type: array type: object type: object + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object type: object required: - spec diff --git a/monitoring/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/monitoring/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index 5072d4e..e5b62de 100644 --- a/monitoring/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/monitoring/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: Prometheus listKind: PrometheusList plural: prometheuses @@ -2199,6 +2201,15 @@ spec: only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' type: boolean + enableFeatures: + description: Enable access to Prometheus disabled features. By default, + no features are enabled. Enabling disabled features is entirely + outside the scope of what the maintainers will support and by doing + so, you accept that this behaviour may break at any time without + notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/ + items: + type: string + type: array enforcedNamespaceLabel: description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label @@ -3388,8 +3399,8 @@ spec: type: string type: object podMonitorNamespaceSelector: - description: Namespaces to be selected for PodMonitor discovery. If - nil, only check own namespace. + description: Namespace's labels to match for PodMonitor discovery. + If nil, only check own namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -3682,7 +3693,7 @@ spec: type: object type: object bearerToken: - description: bearer token for remote read. + description: Bearer token for remote read. type: string bearerTokenFile: description: File to read bearer token for remote read. @@ -3893,11 +3904,32 @@ spec: type: object type: object bearerToken: - description: File to read bearer token for remote write. + description: Bearer token for remote write. type: string bearerTokenFile: description: File to read bearer token for remote write. type: string + headers: + additionalProperties: + type: string + description: Custom HTTP headers to be sent along with each + remote write request. Be aware that headers that are set by + Prometheus itself can't be overwritten. Only valid in Prometheus + versions 2.25.0 and newer. + type: object + metadataConfig: + description: MetadataConfig configures the sending of series + metadata to remote storage. + properties: + send: + description: Whether metric metadata is sent to remote storage + or not. + type: boolean + sendInterval: + description: How frequently metric metadata is sent to remote + storage. + type: string + type: object name: description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order @@ -4168,7 +4200,8 @@ spec: (milliseconds seconds minutes hours days weeks years). type: string retentionSize: - description: Maximum amount of disk space used by blocks. + description: 'Maximum amount of disk space used by blocks. Supported + units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.' type: string routePrefix: description: The route prefix Prometheus registers HTTP handlers for. @@ -4435,7 +4468,7 @@ spec: to use to run the Prometheus Pods. type: string serviceMonitorNamespaceSelector: - description: Namespaces to be selected for ServiceMonitor discovery. + description: Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace. properties: matchExpressions: @@ -5072,6 +5105,11 @@ spec: required: - key type: object + tracingConfigFile: + description: TracingConfig specifies the path of the tracing configuration + file. When used alongside with TracingConfig, TracingConfigFile + takes precedence. + type: string version: description: Version describes the version of Thanos to use. type: string diff --git a/monitoring/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/monitoring/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml index f808013..ee8e81a 100644 --- a/monitoring/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml +++ b/monitoring/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: ServiceMonitor listKind: ServiceMonitorList plural: servicemonitors @@ -184,7 +186,9 @@ spec: type: string relabelings: description: 'RelabelConfigs to apply to samples before scraping. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + Prometheus Operator automatically adds relabelings for a few + standard Kubernetes fields and replaces original scrape job + name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It diff --git a/monitoring/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml b/monitoring/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml index fab0e39..5eb88a4 100644 --- a/monitoring/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml +++ b/monitoring/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: ThanosRuler listKind: ThanosRulerList plural: thanosrulers diff --git a/monitoring/manifests/setup/prometheus-operator-clusterRole.yaml b/monitoring/manifests/setup/prometheus-operator-clusterRole.yaml index 5d13eb9..6ff220b 100644 --- a/monitoring/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/monitoring/manifests/setup/prometheus-operator-clusterRole.yaml @@ -4,7 +4,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.47.0 name: prometheus-operator rules: - apiGroups: diff --git a/monitoring/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/monitoring/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index c2e4412..757d85f 100644 --- a/monitoring/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/monitoring/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -4,7 +4,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.47.0 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io @@ -13,4 +14,4 @@ roleRef: subjects: - kind: ServiceAccount name: prometheus-operator - namespace: monitoring + namespace: default diff --git a/monitoring/manifests/setup/prometheus-operator-deployment.yaml b/monitoring/manifests/setup/prometheus-operator-deployment.yaml index 2361874..27b5aa3 100644 --- a/monitoring/manifests/setup/prometheus-operator-deployment.yaml +++ b/monitoring/manifests/setup/prometheus-operator-deployment.yaml @@ -4,27 +4,30 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.47.0 name: prometheus-operator - namespace: monitoring + namespace: default spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator + app.kubernetes.io/part-of: kube-prometheus template: metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.47.0 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.1 - image: quay.io/prometheus-operator/prometheus-operator:v0.44.1 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.47.0 + image: quay.io/prometheus-operator/prometheus-operator:v0.47.0 name: prometheus-operator ports: - containerPort: 8080 @@ -48,12 +51,19 @@ spec: ports: - containerPort: 8443 name: https + resources: + limits: + cpu: 20m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi securityContext: runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 nodeSelector: - beta.kubernetes.io/os: linux + kubernetes.io/os: linux securityContext: runAsNonRoot: true runAsUser: 65534 diff --git a/monitoring/manifests/setup/prometheus-operator-prometheusRule.yaml b/monitoring/manifests/setup/prometheus-operator-prometheusRule.yaml new file mode 100644 index 0000000..674fd9a --- /dev/null +++ b/monitoring/manifests/setup/prometheus-operator-prometheusRule.yaml @@ -0,0 +1,95 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: prometheus-operator + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.47.0 + prometheus: k8s + role: alert-rules + name: prometheus-operator-rules + namespace: default +spec: + groups: + - name: prometheus-operator + rules: + - alert: PrometheusOperatorListErrors + annotations: + description: Errors while performing List operations in controller {{$labels.controller}} + in {{$labels.namespace}} namespace. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorlisterrors + summary: Errors while performing list operations in controller. + expr: | + (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="prometheus-operator",namespace="default"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="prometheus-operator",namespace="default"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning + - alert: PrometheusOperatorWatchErrors + annotations: + description: Errors while performing watch operations in controller {{$labels.controller}} + in {{$labels.namespace}} namespace. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorwatcherrors + summary: Errors while performing watch operations in controller. + expr: | + (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="prometheus-operator",namespace="default"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="prometheus-operator",namespace="default"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning + - alert: PrometheusOperatorSyncFailed + annotations: + description: Controller {{ $labels.controller }} in {{ $labels.namespace }} + namespace fails to reconcile {{ $value }} objects. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorsyncfailed + summary: Last controller reconciliation failed + expr: | + min_over_time(prometheus_operator_syncs{status="failed",job="prometheus-operator",namespace="default"}[5m]) > 0 + for: 10m + labels: + severity: warning + - alert: PrometheusOperatorReconcileErrors + annotations: + description: '{{ $value | humanizePercentage }} of reconciling operations + failed for {{ $labels.controller }} controller in {{ $labels.namespace }} + namespace.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorreconcileerrors + summary: Errors while reconciling controller. + expr: | + (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="prometheus-operator",namespace="default"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="prometheus-operator",namespace="default"}[5m]))) > 0.1 + for: 10m + labels: + severity: warning + - alert: PrometheusOperatorNodeLookupErrors + annotations: + description: Errors while reconciling Prometheus in {{ $labels.namespace }} + Namespace. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornodelookuperrors + summary: Errors while reconciling Prometheus. + expr: | + rate(prometheus_operator_node_address_lookup_errors_total{job="prometheus-operator",namespace="default"}[5m]) > 0.1 + for: 10m + labels: + severity: warning + - alert: PrometheusOperatorNotReady + annotations: + description: Prometheus operator in {{ $labels.namespace }} namespace isn't + ready to reconcile {{ $labels.controller }} resources. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornotready + summary: Prometheus operator not ready + expr: | + min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="prometheus-operator",namespace="default"}[5m]) == 0) + for: 5m + labels: + severity: warning + - alert: PrometheusOperatorRejectedResources + annotations: + description: Prometheus operator in {{ $labels.namespace }} namespace rejected + {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource + }} resources. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorrejectedresources + summary: Resources rejected by Prometheus operator + expr: | + min_over_time(prometheus_operator_managed_resources{state="rejected",job="prometheus-operator",namespace="default"}[5m]) > 0 + for: 5m + labels: + severity: warning diff --git a/monitoring/manifests/setup/prometheus-operator-service.yaml b/monitoring/manifests/setup/prometheus-operator-service.yaml index ebfd02b..4f23046 100644 --- a/monitoring/manifests/setup/prometheus-operator-service.yaml +++ b/monitoring/manifests/setup/prometheus-operator-service.yaml @@ -4,9 +4,10 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.47.0 name: prometheus-operator - namespace: monitoring + namespace: default spec: clusterIP: None ports: @@ -16,3 +17,4 @@ spec: selector: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator + app.kubernetes.io/part-of: kube-prometheus diff --git a/monitoring/manifests/setup/prometheus-operator-serviceAccount.yaml b/monitoring/manifests/setup/prometheus-operator-serviceAccount.yaml index 7799e11..5b16d4b 100644 --- a/monitoring/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/monitoring/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -4,6 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.47.0 name: prometheus-operator - namespace: monitoring + namespace: default diff --git a/monitoring/monitoring.jsonnet b/monitoring/monitoring.jsonnet index ad83934..2e21d67 100644 --- a/monitoring/monitoring.jsonnet +++ b/monitoring/monitoring.jsonnet @@ -8,7 +8,7 @@ local statefulSet = k.apps.v1.statefulSet; local selector = statefulSet.mixin.spec.selectorType; local kp = - (import 'kube-prometheus/kube-prometheus.libsonnet') + + (import 'kube-prometheus/main.libsonnet') + (import 'prometheus-pushgateway/pushgateway.libsonnet') + (import 'k3s.libsonnet') diff --git a/monitoring/vendor/etcd-mixin b/monitoring/vendor/etcd-mixin deleted file mode 120000 index 5c835f9..0000000 --- a/monitoring/vendor/etcd-mixin +++ /dev/null @@ -1 +0,0 @@ -github.com/etcd-io/etcd/Documentation/etcd-mixin \ No newline at end of file diff --git a/monitoring/vendor/github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet b/monitoring/vendor/github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet index 514e8ca..35758f3 100644 --- a/monitoring/vendor/github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet +++ b/monitoring/vendor/github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet @@ -7,7 +7,7 @@ }, imageRepos+:: { - grafana: 'grafana/grafana', + grafana: 'docker.io/grafana/grafana', }, prometheus+:: { @@ -16,6 +16,11 @@ }, grafana+:: { + labels: { + 'app.kubernetes.io/name': 'grafana', + 'app.kubernetes.io/version': $._config.versions.grafana, + 'app.kubernetes.io/component': 'grafana', + }, dashboards: {}, rawDashboards: {}, folderDashboards: {}, @@ -51,6 +56,7 @@ metadata: { name: 'grafana-config', namespace: $._config.namespace, + labels: $._config.grafana.labels, }, type: 'Opaque', data: { @@ -67,6 +73,7 @@ metadata: { name: dashboardName, namespace: $._config.namespace, + labels: $._config.grafana.labels, }, data: { [name]: std.manifestJsonEx($._config.grafana.dashboards[name], ' ') }, } @@ -79,6 +86,7 @@ metadata: { name: dashboardName, namespace: $._config.namespace, + labels: $._config.grafana.labels, }, data: { [name]: std.manifestJsonEx($._config.grafana.folderDashboards[folder][name], ' ') }, } @@ -95,6 +103,7 @@ metadata: { name: dashboardName, namespace: $._config.namespace, + labels: $._config.grafana.labels, }, data: { [name]: $._config.grafana.rawDashboards[name] }, } @@ -141,6 +150,7 @@ metadata: { name: 'grafana-dashboards', namespace: $._config.namespace, + labels: $._config.grafana.labels, }, data: { 'dashboards.yaml': std.manifestJsonEx(dashboardSources, ' ') }, }, @@ -151,6 +161,7 @@ metadata: { name: 'grafana-datasources', namespace: $._config.namespace, + labels: $._config.grafana.labels, }, type: 'Opaque', data: { 'datasources.yaml': std.base64(std.encodeUTF8(std.manifestJsonEx({ @@ -165,13 +176,10 @@ metadata: { name: 'grafana', namespace: $._config.namespace, - labels: { - app: 'grafana', - }, + labels: $._config.grafana.labels, }, spec: { selector: $.grafana.deployment.spec.selector.matchLabels, - type: 'NodePort', ports: [ { name: 'http', targetPort: 'http', port: 3000 }, ], @@ -189,7 +197,12 @@ deployment: local targetPort = $._config.grafana.port; local portName = 'http'; - local podLabels = { app: 'grafana' }; + local podLabels = $._config.grafana.labels; + local podSelectorLabels = { + [labelName]: podLabels[labelName] + for labelName in std.objectFields(podLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }; local configVolumeName = 'grafana-config'; local configSecretName = 'grafana-config'; @@ -311,7 +324,7 @@ spec: { replicas: 1, selector: { - matchLabels: podLabels, + matchLabels: podSelectorLabels, }, template: { metadata: { diff --git a/monitoring/vendor/github.com/etcd-io/etcd/Documentation/etcd-mixin/README.md b/monitoring/vendor/github.com/etcd-io/etcd/contrib/mixin/README.md similarity index 100% rename from monitoring/vendor/github.com/etcd-io/etcd/Documentation/etcd-mixin/README.md rename to monitoring/vendor/github.com/etcd-io/etcd/contrib/mixin/README.md diff --git a/monitoring/vendor/github.com/etcd-io/etcd/Documentation/etcd-mixin/mixin.libsonnet b/monitoring/vendor/github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet similarity index 95% rename from monitoring/vendor/github.com/etcd-io/etcd/Documentation/etcd-mixin/mixin.libsonnet rename to monitoring/vendor/github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet index a38b795..1bb0f10 100644 --- a/monitoring/vendor/github.com/etcd-io/etcd/Documentation/etcd-mixin/mixin.libsonnet +++ b/monitoring/vendor/github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet @@ -10,6 +10,11 @@ // scrape_interval_seconds is the global scrape interval which can be // used to dynamically adjust rate windows as a function of the interval. scrape_interval_seconds: 30, + // Dashboard variable refresh option on Grafana (https://grafana.com/docs/grafana/latest/datasources/prometheus/). + // 0 : Never (Will never refresh the Dashboard variables values) + // 1 : On Dashboard Load (Will refresh Dashboards variables when dashboard are loaded) + // 2 : On Time Range Change (Will refresh Dashboards variables when time range will be changed) + dashboard_var_refresh: 2, }, prometheusAlerts+:: { @@ -202,51 +207,6 @@ summary: 'etcd cluster 99th percentile commit durations are too high.', }, }, - { - alert: 'etcdHighNumberOfFailedHTTPRequests', - expr: ||| - sum(rate(etcd_http_failed_total{%(etcd_selector)s, code!="404"}[5m])) without (code) / sum(rate(etcd_http_received_total{%(etcd_selector)s}[5m])) - without (code) > 0.01 - ||| % $._config, - 'for': '10m', - labels: { - severity: 'warning', - }, - annotations: { - description: '{{ $value }}% of requests for {{ $labels.method }} failed on etcd instance {{ $labels.instance }}', - summary: 'etcd has high number of failed HTTP requests.', - }, - }, - { - alert: 'etcdHighNumberOfFailedHTTPRequests', - expr: ||| - sum(rate(etcd_http_failed_total{%(etcd_selector)s, code!="404"}[5m])) without (code) / sum(rate(etcd_http_received_total{%(etcd_selector)s}[5m])) - without (code) > 0.05 - ||| % $._config, - 'for': '10m', - labels: { - severity: 'critical', - }, - annotations: { - description: '{{ $value }}% of requests for {{ $labels.method }} failed on etcd instance {{ $labels.instance }}.', - summary: 'etcd has high number of failed HTTP requests.', - }, - }, - { - alert: 'etcdHTTPRequestsSlow', - expr: ||| - histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m])) - > 0.15 - ||| % $._config, - 'for': '10m', - labels: { - severity: 'warning', - }, - annotations: { - description: 'etcd instance {{ $labels.instance }} HTTP requests to {{ $labels.method }} are slow.', - summary: 'etcd instance HTTP requests are slow.', - }, - }, { alert: 'etcdBackendQuotaLowSpace', expr: ||| @@ -283,7 +243,7 @@ uid: std.md5('etcd.json'), title: 'etcd', description: 'etcd sample Grafana dashboard with Prometheus', - tags: [], + tags: [ 'etcd-mixin' ], style: 'dark', timezone: 'browser', editable: true, @@ -1332,7 +1292,7 @@ name: 'cluster', options: [], query: 'label_values(etcd_server_has_leader, job)', - refresh: 1, + refresh: $._config.dashboard_var_refresh, regex: '', sort: 2, tagValuesQuery: '', diff --git a/monitoring/vendor/github.com/etcd-io/etcd/Documentation/etcd-mixin/test.yaml b/monitoring/vendor/github.com/etcd-io/etcd/contrib/mixin/test.yaml similarity index 100% rename from monitoring/vendor/github.com/etcd-io/etcd/Documentation/etcd-mixin/test.yaml rename to monitoring/vendor/github.com/etcd-io/etcd/contrib/mixin/test.yaml diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/cloudmonitoring.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/cloudmonitoring.libsonnet new file mode 100644 index 0000000..28c3e29 --- /dev/null +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/cloudmonitoring.libsonnet @@ -0,0 +1,57 @@ +{ + /** + * Creates a [Google Cloud Monitoring target](https://grafana.com/docs/grafana/latest/datasources/cloudmonitoring/) + * + * @name cloudmonitoring.target + * + * @param metric + * @param project + * @param filters (optional) + * @param groupBys (optional) + * @param period (default: `'cloud-monitoring-auto'`) + * @param crossSeriesReducer (default 'REDUCE_MAX') + * @param valueType (default 'INT64') + * @param perSeriesAligner (default 'ALIGN_DELTA') + * @param metricKind (default 'CUMULATIVE') + * @param unit (optional) + * @param alias (optional) + + * @return Panel target + */ + + target( + metric, + project, + filters=[], + groupBys=[], + period='cloud-monitoring-auto', + crossSeriesReducer='REDUCE_MAX', + valueType='INT64', + perSeriesAligner='ALIGN_DELTA', + metricKind='CUMULATIVE', + unit=1, + alias=null, + ):: { + metricQuery: { + [if alias != null then 'aliasBy']: alias, + alignmentPeriod: period, + crossSeriesReducer: crossSeriesReducer, + [if filters != null then 'filters']: filters, + [if groupBys != null then 'groupBys']: groupBys, + metricKind: metricKind, + metricType: metric, + perSeriesAligner: perSeriesAligner, + projectName: project, + unit: unit, + valueType: valueType, + }, + sloQuery: { + [if alias != null then 'aliasBy']: alias, + alignmentPeriod: period, + projectName: project, + selectorName: 'select_slo_health', + serviceId: '', + sloId: '', + }, + }, +} diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/cloudwatch.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/cloudwatch.libsonnet index d533cec..f0fa579 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/cloudwatch.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/cloudwatch.libsonnet @@ -13,6 +13,9 @@ * @param highResolution (default: `false`) * @param period (default: `'1m'`) * @param dimensions (optional) + * @param id (optional) + * @param expression (optional) + * @param hide (optional) * @return Panel target */ @@ -26,7 +29,10 @@ alias=null, highResolution=false, period='1m', - dimensions={} + dimensions={}, + id=null, + expression=null, + hide=null ):: { region: region, namespace: namespace, @@ -37,5 +43,9 @@ highResolution: highResolution, period: period, dimensions: dimensions, + [if id != null then 'id']: id, + [if expression != null then 'expression']: expression, + [if hide != null then 'hide']: hide, + }, } diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/gauge_panel.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/gauge_panel.libsonnet index 7cf1c22..40b3673 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/gauge_panel.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/gauge_panel.libsonnet @@ -36,6 +36,7 @@ * @method addMappings(mappings) Adds an array of value mappings. * @method addDataLink(link) Adds a data link. * @method addDataLinks(links) Adds an array of data links. + * @param timeFrom (optional) */ new( title, @@ -58,6 +59,7 @@ repeat=null, repeatDirection='h', repeatMaxPerRow=null, + timeFrom=null, pluginVersion='7', ):: { @@ -71,6 +73,7 @@ [if repeat != null then 'repeat']: repeat, [if repeat != null then 'repeatDirection']: repeatDirection, [if repeat != null then 'repeatMaxPerRow']: repeatMaxPerRow, + [if timeFrom != null then 'timeFrom']: timeFrom, // targets _nextTarget:: 0, @@ -138,6 +141,21 @@ fieldConfig+: { defaults+: { links+: [link] } }, }, + // Overrides + addOverride( + matcher=null, + properties=null, + ):: self { + fieldConfig+: { + overrides+: [ + { + [if matcher != null then 'matcher']: matcher, + [if properties != null then 'properties']: properties, + }, + ], + }, + }, + addOverrides(overrides):: std.foldl(function(p, o) p.addOverride(o.matcher, o.properties), overrides, self), } else { options: { diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/grafana.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/grafana.libsonnet index 88fe277..b94ddf3 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/grafana.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/grafana.libsonnet @@ -18,6 +18,7 @@ sql:: import 'sql.libsonnet', graphite:: import 'graphite.libsonnet', alertCondition:: import 'alert_condition.libsonnet', + cloudmonitoring:: import 'cloudmonitoring.libsonnet', cloudwatch:: import 'cloudwatch.libsonnet', elasticsearch:: import 'elasticsearch.libsonnet', heatmapPanel:: import 'heatmap_panel.libsonnet', @@ -27,4 +28,5 @@ gaugePanel:: import 'gauge_panel.libsonnet', barGaugePanel:: import 'bar_gauge_panel.libsonnet', statPanel:: import 'stat_panel.libsonnet', + transformation:: import 'transformation.libsonnet', } diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/graph_panel.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/graph_panel.libsonnet index 3a39235..8727695 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/graph_panel.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/graph_panel.libsonnet @@ -21,6 +21,7 @@ * @param formatY2 (optional) Unit of the second Y axis * @param min (optional) Min of the Y axes * @param max (optional) Max of the Y axes + * @param maxDataPoints (optional) If the data source supports it, sets the maximum number of data points for each series returned. * @param labelY1 (optional) Label of the first Y axis * @param labelY2 (optional) Label of the second Y axis * @param x_axis_mode (default `'time'`) X axis mode, one of [time, series, histogram] @@ -57,6 +58,8 @@ * @param value_type (default `'individual'`) Type of tooltip value * @param shared_tooltip (default `true`) Allow to group or spit tooltips on mouseover within a chart * @param percentage (defaut: false) show as percentages + * @param interval (defaut: null) A lower limit for the interval. + * * @method addTarget(target) Adds a target object. * @method addTargets(targets) Adds an array of targets. @@ -126,8 +129,10 @@ value_type='individual', shared_tooltip=true, percentage=false, + maxDataPoints=null, time_from=null, time_shift=null, + interval=null ):: { title: title, [if span != null then 'span']: span, @@ -179,6 +184,7 @@ bars: bars, stack: stack, percentage: percentage, + [if maxDataPoints != null then 'maxDataPoints']: maxDataPoints, legend: { show: legend_show, values: legend_values, @@ -204,6 +210,7 @@ }, timeFrom: time_from, timeShift: time_shift, + [if interval != null then 'interval']: interval, [if transparent == true then 'transparent']: transparent, aliasColors: aliasColors, repeat: repeat, @@ -288,5 +295,19 @@ links+: [link], }, addLinks(links):: std.foldl(function(p, t) p.addLink(t), links, self), + addOverride( + matcher=null, + properties=null, + ):: self { + fieldConfig+: { + overrides+: [ + { + [if matcher != null then 'matcher']: matcher, + [if properties != null then 'properties']: properties, + }, + ], + }, + }, + addOverrides(overrides):: std.foldl(function(p, o) p.addOverride(o.matcher, o.properties), overrides, self), }, } diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/heatmap_panel.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/heatmap_panel.libsonnet index e38e2e3..5e9a04c 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/heatmap_panel.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/heatmap_panel.libsonnet @@ -42,6 +42,7 @@ * @param yBucketBound (default `'auto'`) Which bound ('lower' or 'upper') of the bucket to use * @param yBucketNumber (optional) Number of buckets for the Y axis * @param yBucketSize (optional) Size of Y axis buckets. Has priority over yBucketNumber + * @param maxDataPoints (optional) The maximum data points per series. Used directly by some data sources and used in calculation of auto interval. With streaming data this value is used for the rolling buffer. * * @method addTarget(target) Adds a target object. * @method addTargets(targets) Adds an array of targets. @@ -83,7 +84,7 @@ yBucketBound='auto', yBucketNumber=null, yBucketSize=null, - + maxDataPoints=null, ):: { title: title, type: 'heatmap', @@ -135,6 +136,7 @@ yBucketBound: yBucketBound, [if dataFormat == 'timeseries' then 'yBucketNumber']: yBucketNumber, [if dataFormat == 'timeseries' then 'yBucketSize']: yBucketSize, + [if maxDataPoints != null then 'maxDataPoints']: maxDataPoints, _nextTarget:: 0, addTarget(target):: self { diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/sql.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/sql.libsonnet index e4424f3..ab48543 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/sql.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/sql.libsonnet @@ -7,14 +7,17 @@ * @param rawSql The SQL query * @param datasource (optional) * @param format (default `'time_series'`) + * @param alias (optional) */ target( rawSql, datasource=null, format='time_series', + alias=null, ):: { [if datasource != null then 'datasource']: datasource, format: format, + [if alias != null then 'alias']: alias, rawSql: rawSql, }, } diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/stat_panel.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/stat_panel.libsonnet index b252085..b24442f 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/stat_panel.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/stat_panel.libsonnet @@ -23,9 +23,10 @@ * @param displayName (optional) Change the field or series name. * @param noValue (optional) What to show when there is no value. * @param thresholdsMode (default `'absolute'`) 'absolute' or 'percentage'. + * @param timeFrom (optional) Override the relative time range. * @param repeat (optional) Name of variable that should be used to repeat this panel. * @param repeatDirection (default `'h'`) 'h' for horizontal or 'v' for vertical. - * @param repeatMaxPerRow (optional) Maximum panels per row in repeat mode. + * @param maxPerRow (optional) Maximum panels per row in repeat mode. * @param pluginVersion (default `'7'`) Plugin version the panel should be modeled for. This has been tested with the default, '7', and '6.7'. * * @method addTarget(target) Adds a target object. @@ -59,9 +60,10 @@ displayName=null, noValue=null, thresholdsMode='absolute', + timeFrom=null, repeat=null, repeatDirection='h', - repeatMaxPerRow=null, + maxPerRow=null, pluginVersion='7', ):: { @@ -74,7 +76,8 @@ links: [], [if repeat != null then 'repeat']: repeat, [if repeat != null then 'repeatDirection']: repeatDirection, - [if repeat != null then 'repeatMaxPerRow']: repeatMaxPerRow, + [if timeFrom != null then 'timeFrom']: timeFrom, + [if repeat != null then 'maxPerRow']: maxPerRow, // targets _nextTarget:: 0, @@ -143,6 +146,22 @@ addDataLink(link):: self { fieldConfig+: { defaults+: { links+: [link] } }, }, + + // Overrides + addOverride( + matcher=null, + properties=null, + ):: self { + fieldConfig+: { + overrides+: [ + { + [if matcher != null then 'matcher']: matcher, + [if properties != null then 'properties']: properties, + }, + ], + }, + }, + addOverrides(overrides):: std.foldl(function(p, o) p.addOverride(o.matcher, o.properties), overrides, self), } else { options: { fieldOptions: { diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/table_panel.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/table_panel.libsonnet index 947ef67..4c686b3 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/table_panel.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/table_panel.libsonnet @@ -24,6 +24,8 @@ * @method addColumn(field, style) Adds a column * @method hideColumn(field) Hides a column * @method addLink(link) Adds a link + * @method addTransformation(transformation) Adds a transformation object + * @method addTransformations(transformations) Adds an array of transformations */ new( title, @@ -81,5 +83,9 @@ addLink(link):: self { links+: [link], }, + addTransformation(transformation):: self { + transformations+: [transformation], + }, + addTransformations(transformations):: std.foldl(function(p, t) p.addTransformation(t), transformations, self), }, } diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/template.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/template.libsonnet index 555015c..be253e1 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/template.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/template.libsonnet @@ -1,6 +1,6 @@ { /** - * Creates a [template](https://grafana.com/docs/grafana/latest/variables/templates-and-variables/#templates) that can be added to a dashboard. + * Creates a [template](https://grafana.com/docs/grafana/latest/variables/#templates) that can be added to a dashboard. * * @name template.new * @@ -18,7 +18,7 @@ * @param multi (default `false`) Whether multiple values can be selected or not from variable value list. * @param sort (default `0`) `0`: Without Sort, `1`: Alphabetical (asc), `2`: Alphabetical (desc), `3`: Numerical (asc), `4`: Numerical (desc). * - * @return A [template](https://grafana.com/docs/grafana/latest/variables/templates-and-variables/#templates) + * @return A [template](https://grafana.com/docs/grafana/latest/variables/#templates) */ new( name, diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/timepicker.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/timepicker.libsonnet index aac47e0..9c18bef 100644 --- a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/timepicker.libsonnet +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/timepicker.libsonnet @@ -31,8 +31,10 @@ '7d', '30d', ], + nowDelay=null, ):: { refresh_intervals: refresh_intervals, time_options: time_options, + [if nowDelay != null then 'nowDelay']: nowDelay, }, } diff --git a/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/transformation.libsonnet b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/transformation.libsonnet new file mode 100644 index 0000000..5e62ade --- /dev/null +++ b/monitoring/vendor/github.com/grafana/grafonnet-lib/grafonnet/transformation.libsonnet @@ -0,0 +1,12 @@ +{ + /** + * @name transformation.new + */ + new( + id='', + options={} + ):: { + id: id, + options: options, + }, +} diff --git a/monitoring/vendor/github.com/grafana/jsonnet-libs/grafana-builder/grafana.libsonnet b/monitoring/vendor/github.com/grafana/jsonnet-libs/grafana-builder/grafana.libsonnet index d499c62..a497b80 100644 --- a/monitoring/vendor/github.com/grafana/jsonnet-libs/grafana-builder/grafana.libsonnet +++ b/monitoring/vendor/github.com/grafana/jsonnet-libs/grafana-builder/grafana.libsonnet @@ -44,7 +44,7 @@ addMultiTemplate(name, metric_name, label_name, hide=0):: self { templating+: { list+: [{ - allValue: null, + allValue: '.+', current: { selected: true, text: 'All', @@ -196,7 +196,7 @@ timeShift: null, title: title, tooltip: { - shared: true, + shared: false, sort: 0, value_type: 'individual', }, @@ -382,7 +382,7 @@ expr: ||| sum by (status) ( - label_replace(label_replace(rate(%s[$__interval]), + label_replace(label_replace(rate(%s[$__rate_interval]), "status", "${1}xx", "%s", "([0-9]).."), "status", "${1}", "%s", "([a-z]+)")) ||| % [selector, statusLabelName, statusLabelName], @@ -399,7 +399,7 @@ nullPointMode: 'null as zero', targets: [ { - expr: 'histogram_quantile(0.99, sum(rate(%s_bucket%s[$__interval])) by (le)) * %s' % [metricName, selector, multiplier], + expr: 'histogram_quantile(0.99, sum(rate(%s_bucket%s[$__rate_interval])) by (le)) * %s' % [metricName, selector, multiplier], format: 'time_series', intervalFactor: 2, legendFormat: '99th Percentile', @@ -407,7 +407,7 @@ step: 10, }, { - expr: 'histogram_quantile(0.50, sum(rate(%s_bucket%s[$__interval])) by (le)) * %s' % [metricName, selector, multiplier], + expr: 'histogram_quantile(0.50, sum(rate(%s_bucket%s[$__rate_interval])) by (le)) * %s' % [metricName, selector, multiplier], format: 'time_series', intervalFactor: 2, legendFormat: '50th Percentile', @@ -415,7 +415,7 @@ step: 10, }, { - expr: 'sum(rate(%s_sum%s[$__interval])) * %s / sum(rate(%s_count%s[$__interval]))' % [metricName, selector, multiplier, metricName, selector], + expr: 'sum(rate(%s_sum%s[$__rate_interval])) * %s / sum(rate(%s_count%s[$__rate_interval]))' % [metricName, selector, multiplier, metricName, selector], format: 'time_series', intervalFactor: 2, legendFormat: 'Average', diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/OWNERS b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/OWNERS index 5365e4e..fb831d5 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/OWNERS +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/OWNERS @@ -6,6 +6,8 @@ approvers: - metalmatze - tomwilkie - s-urbaniak +- povilasv +- paulfantom reviewers: - brancz @@ -13,3 +15,5 @@ reviewers: - metalmatze - tomwilkie - s-urbaniak +- povilasv +- paulfantom diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/README.md b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/README.md index 08776e2..939e08c 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/README.md +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/README.md @@ -7,15 +7,17 @@ A set of Grafana dashboards and Prometheus alerts for Kubernetes. ## Releases -| Release branch | Kubernetes Compatibility | Prometheus Compatibility | -| ------- | -------------------------- | ------------------------ | -| release-0.1 | v1.13 and before | | -| release-0.2 | v1.14.1 and before | v2.11.0+ | -| release-0.3 | v1.17 and before | v2.11.0+ | -| release-0.4 | v1.18 | v2.11.0+ | -| release-0.5 | v1.19 | v2.11.0+ | -| release-0.6 | v1.19+ | v2.11.0+ | -| master | v1.19+ | v2.11.0+ | +| Release branch | Kubernetes Compatibility | Prometheus Compatibility | Kube-state-metrics Compatibility | +| -------------- | -------------------------- | ------------------------ | -------------------------------- | +| release-0.1 | v1.13 and before | | | +| release-0.2 | v1.14.1 and before | v2.11.0+ | | +| release-0.3 | v1.17 and before | v2.11.0+ | | +| release-0.4 | v1.18 | v2.11.0+ | | +| release-0.5 | v1.19 | v2.11.0+ | | +| release-0.6 | v1.19+ | v2.11.0+ | | +| release-0.7 | v1.19+ | v2.11.0+ | v1.x | +| release-0.8 | v1.20+ | v2.11.0+ | v2.0+ | +| master | v1.20+ | v2.11.0+ | v2.0+ | In Kubernetes 1.14 there was a major [metrics overhaul](https://github.com/kubernetes/enhancements/issues/1206) implemented. Therefore v0.1.x of this repository is the last release to support Kubernetes 1.13 and previous version on a best effort basis. diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/apps_alerts.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/apps_alerts.libsonnet index 2a5bb6f..36f55fe 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/apps_alerts.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/apps_alerts.libsonnet @@ -12,13 +12,13 @@ rules: [ { expr: ||| - rate(kube_pod_container_status_restarts_total{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s}[5m]) * 60 * 5 > 0 + rate(kube_pod_container_status_restarts_total{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s}[10m]) * 60 * 5 > 0 ||| % $._config, labels: { severity: 'warning', }, annotations: { - description: 'Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes.', + description: 'Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 10 minutes.', summary: 'Pod is crash looping.', }, 'for': '15m', @@ -71,7 +71,7 @@ != kube_deployment_status_replicas_available{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s} ) and ( - changes(kube_deployment_status_replicas_updated{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s}[5m]) + changes(kube_deployment_status_replicas_updated{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s}[10m]) == 0 ) @@ -93,7 +93,7 @@ != kube_statefulset_status_replicas{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s} ) and ( - changes(kube_statefulset_status_replicas_updated{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s}[5m]) + changes(kube_statefulset_status_replicas_updated{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s}[10m]) == 0 ) @@ -276,7 +276,7 @@ < kube_hpa_spec_max_replicas{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s}) and - changes(kube_hpa_status_current_replicas[15m]) == 0 + changes(kube_hpa_status_current_replicas{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s}[15m]) == 0 ||| % $._config, labels: { severity: 'warning', diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/kube_apiserver.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/kube_apiserver.libsonnet index a4e4323..9ec5a0e 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/kube_apiserver.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/kube_apiserver.libsonnet @@ -75,13 +75,13 @@ local utils = import 'utils.libsonnet'; { alert: 'AggregatedAPIErrors', expr: ||| - sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[5m])) > 2 + sum by(name, namespace)(increase(aggregator_unavailable_apiservice_total[10m])) > 4 ||| % $._config, labels: { severity: 'warning', }, annotations: { - description: 'An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. The number of errors have increased for it in the past five minutes. High values indicate that the availability of the service changes too often.', + description: 'An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. It has appeared unavailable {{ $value | humanize }} times averaged over the past 10m.', summary: 'An aggregated API has reported errors.', }, }, @@ -103,6 +103,20 @@ local utils = import 'utils.libsonnet'; componentName:: 'KubeAPI', selector:: $._config.kubeApiserverSelector, }, + { + alert: 'KubeAPITerminatedRequests', + expr: ||| + sum(rate(apiserver_request_terminations_total{%(kubeApiserverSelector)s}[10m])) / ( sum(rate(apiserver_request_total{%(kubeApiserverSelector)s}[10m])) + sum(rate(apiserver_request_terminations_total{%(kubeApiserverSelector)s}[10m])) ) > 0.20 + ||| % $._config, + labels: { + severity: 'warning', + }, + annotations: { + description: 'The apiserver has terminated {{ $value | humanizePercentage }} of its incoming requests.', + summary: 'The apiserver has terminated {{ $value | humanizePercentage }} of its incoming requests.', + }, + 'for': '5m', + }, ], }, ], diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/kubelet.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/kubelet.libsonnet index 2ef6edd..ec5e6b2 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/kubelet.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/kubelet.libsonnet @@ -57,7 +57,7 @@ ) / max by(node) ( - kube_node_status_capacity_pods{%(kubeStateMetricsSelector)s} != 1 + kube_node_status_capacity{%(kubeStateMetricsSelector)s,resource="pods"} != 1 ) > 0.95 ||| % $._config, 'for': '15m', diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/resource_alerts.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/resource_alerts.libsonnet index cea638a..8a103ea 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/resource_alerts.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/resource_alerts.libsonnet @@ -25,11 +25,11 @@ { alert: 'KubeCPUOvercommit', expr: ||| - sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{%(ignoringOverprovisionedWorkloadSelector)s}) + sum(namespace_cpu:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) / - sum(kube_node_status_allocatable_cpu_cores) + sum(kube_node_status_allocatable{resource="cpu"}) > - (count(kube_node_status_allocatable_cpu_cores)-1) / count(kube_node_status_allocatable_cpu_cores) + ((count(kube_node_status_allocatable{resource="cpu"}) > 1) - 1) / count(kube_node_status_allocatable{resource="cpu"}) ||| % $._config, labels: { severity: 'warning', @@ -43,13 +43,13 @@ { alert: 'KubeMemoryOvercommit', expr: ||| - sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{%(ignoringOverprovisionedWorkloadSelector)s}) + sum(namespace_memory:kube_pod_container_resource_requests:sum{%(ignoringOverprovisionedWorkloadSelector)s}) / - sum(kube_node_status_allocatable_memory_bytes) + sum(kube_node_status_allocatable{resource="memory"}) > - (count(kube_node_status_allocatable_memory_bytes)-1) + ((count(kube_node_status_allocatable{resource="memory"}) > 1) - 1) / - count(kube_node_status_allocatable_memory_bytes) + count(kube_node_status_allocatable{resource="memory"}) ||| % $._config, labels: { severity: 'warning', @@ -65,7 +65,7 @@ expr: ||| sum(kube_resourcequota{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s, type="hard", resource="cpu"}) / - sum(kube_node_status_allocatable_cpu_cores) + sum(kube_node_status_allocatable{resource="cpu"}) > %(namespaceOvercommitFactor)s ||| % $._config, labels: { @@ -82,7 +82,7 @@ expr: ||| sum(kube_resourcequota{%(prefixedNamespaceSelector)s%(kubeStateMetricsSelector)s, type="hard", resource="memory"}) / - sum(kube_node_status_allocatable_memory_bytes{%(kubeStateMetricsSelector)s}) + sum(kube_node_status_allocatable{resource="memory",%(kubeStateMetricsSelector)s}) > %(namespaceOvercommitFactor)s ||| % $._config, labels: { diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/system_alerts.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/system_alerts.libsonnet index 0048cec..c62b34d 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/system_alerts.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/alerts/system_alerts.libsonnet @@ -11,7 +11,7 @@ { alert: 'KubeVersionMismatch', expr: ||| - count(count by (gitVersion) (label_replace(kubernetes_build_info{%(notKubeDnsCoreDnsSelector)s},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*).*"))) > 1 + count(count by (git_version) (label_replace(kubernetes_build_info{%(notKubeDnsCoreDnsSelector)s},"git_version","$1","git_version","(v[0-9]*.[0-9]*).*"))) > 1 ||| % $._config, 'for': '15m', labels: { diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/controller-manager.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/controller-manager.libsonnet index ef56aea..05ea052 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/controller-manager.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/controller-manager.libsonnet @@ -16,7 +16,7 @@ local singlestat = grafana.singlestat; span=2, valueName='min', ) - .addTarget(prometheus.target('sum(up{%(kubeControllerManagerSelector)s})' % $._config)); + .addTarget(prometheus.target('sum(up{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s})' % $._config)); local workQueueAddRate = graphPanel.new( @@ -30,7 +30,7 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('sum(rate(workqueue_adds_total{%(kubeControllerManagerSelector)s, instance=~"$instance"}[5m])) by (instance, name)' % $._config, legendFormat='{{instance}} {{name}}')); + .addTarget(prometheus.target('sum(rate(workqueue_adds_total{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s, instance=~"$instance"}[5m])) by (instance, name)' % $._config, legendFormat='{{instance}} {{name}}')); local workQueueDepth = graphPanel.new( @@ -45,7 +45,7 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('sum(rate(workqueue_depth{%(kubeControllerManagerSelector)s, instance=~"$instance"}[5m])) by (instance, name)' % $._config, legendFormat='{{instance}} {{name}}')); + .addTarget(prometheus.target('sum(rate(workqueue_depth{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s, instance=~"$instance"}[5m])) by (instance, name)' % $._config, legendFormat='{{instance}} {{name}}')); local workQueueLatency = graphPanel.new( @@ -59,7 +59,7 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{%(kubeControllerManagerSelector)s, instance=~"$instance"}[5m])) by (instance, name, le))' % $._config, legendFormat='{{instance}} {{name}}')); + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s, instance=~"$instance"}[5m])) by (instance, name, le))' % $._config, legendFormat='{{instance}} {{name}}')); local rpcRate = graphPanel.new( @@ -81,7 +81,7 @@ local singlestat = grafana.singlestat; format='s', min=0, ) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(kubeControllerManagerSelector)s, instance=~"$instance", verb="POST"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s, instance=~"$instance", verb="POST"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); local getRequestLatency = graphPanel.new( @@ -96,7 +96,7 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(kubeControllerManagerSelector)s, instance=~"$instance", verb="GET"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s, instance=~"$instance", verb="GET"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); local memory = graphPanel.new( @@ -105,7 +105,7 @@ local singlestat = grafana.singlestat; span=4, format='bytes', ) - .addTarget(prometheus.target('process_resident_memory_bytes{%(kubeControllerManagerSelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('process_resident_memory_bytes{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); local cpu = graphPanel.new( @@ -115,7 +115,7 @@ local singlestat = grafana.singlestat; format='short', min=0, ) - .addTarget(prometheus.target('rate(process_cpu_seconds_total{%(kubeControllerManagerSelector)s,instance=~"$instance"}[5m])' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('rate(process_cpu_seconds_total{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s,instance=~"$instance"}[5m])' % $._config, legendFormat='{{instance}}')); local goroutines = graphPanel.new( @@ -124,7 +124,7 @@ local singlestat = grafana.singlestat; span=4, format='short', ) - .addTarget(prometheus.target('go_goroutines{%(kubeControllerManagerSelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('go_goroutines{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); dashboard.new( @@ -148,11 +148,22 @@ local singlestat = grafana.singlestat; type: 'datasource', }, ) + .addTemplate( + template.new( + 'cluster', + '$datasource', + 'label_values(kube_pod_info, %(clusterLabel)s)' % $._config, + label='cluster', + refresh='time', + hide=if $._config.showMultiCluster then '' else 'variable', + sort=1, + ) + ) .addTemplate( template.new( 'instance', '$datasource', - 'label_values(process_cpu_seconds_total{%(kubeControllerManagerSelector)s}, instance)' % $._config, + 'label_values(process_cpu_seconds_total{%(clusterLabel)s="$cluster", %(kubeControllerManagerSelector)s}, instance)' % $._config, refresh='time', includeAll=true, sort=1, @@ -182,4 +193,4 @@ local singlestat = grafana.singlestat; .addPanel(goroutines) ) + { refresh: $._config.grafanaK8s.refresh }, }, -} +} \ No newline at end of file diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/cluster-total.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/cluster-total.libsonnet index 189b4bc..1c16495 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/cluster-total.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/cluster-total.libsonnet @@ -336,12 +336,12 @@ local singlestat = grafana.singlestat; ); local clusterTemplate = template.new( - name='cluster', + name='cluster', datasource='$datasource', query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, hide=if $._config.showMultiCluster then '' else '2', - refresh=1 - ); + refresh=2 + ); dashboard.new( title='%(dashboardNamePrefix)sNetworking / Cluster' % $._config.grafanaK8s, @@ -378,7 +378,7 @@ local singlestat = grafana.singlestat; .addPanel( newBarplotPanel( graphTitle='Current Rate of Bytes Received', - graphQuery='sort_desc(sum(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster",namespace=~".+"}[$interval:$resolution])) by (namespace))' % $._config, + graphQuery='sort_desc(sum(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster",namespace=~".+"}[$interval:$resolution])) by (namespace))' % $._config, ), gridPos={ h: 9, w: 12, x: 0, y: 1 } ) diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/namespace-by-pod.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/namespace-by-pod.libsonnet index 0ba45db..e4aecb3 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/namespace-by-pod.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/namespace-by-pod.libsonnet @@ -229,12 +229,12 @@ local singlestat = grafana.singlestat; local clusterTemplate = template.new( - name='cluster', + name='cluster', datasource='$datasource', query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, hide=if $._config.showMultiCluster then '' else '2', - refresh=1 - ); + refresh=2 + ); local namespaceTemplate = template.new( @@ -244,7 +244,7 @@ local singlestat = grafana.singlestat; allValues='.+', current='kube-system', hide='', - refresh=1, + refresh=2, includeAll=true, sort=1 ) + { @@ -395,7 +395,7 @@ local singlestat = grafana.singlestat; tableTitle='Current Status', colQueries=[ 'sum(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution])) by (pod)' % $._config, - 'sum(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution])) by (pod)' % $._config, + 'sum(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution])) by (pod)' % $._config, 'sum(irate(container_network_receive_packets_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution])) by (pod)' % $._config, 'sum(irate(container_network_transmit_packets_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution])) by (pod)' % $._config, 'sum(irate(container_network_receive_packets_dropped_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution])) by (pod)' % $._config, diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/namespace-by-workload.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/namespace-by-workload.libsonnet index b7f2045..847122a 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/namespace-by-workload.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/namespace-by-workload.libsonnet @@ -233,28 +233,28 @@ local singlestat = grafana.singlestat; local clusterTemplate = template.new( - name='cluster', + name='cluster', datasource='$datasource', query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, hide=if $._config.showMultiCluster then '' else '2', - refresh=1 - ); + refresh=2 + ); local namespaceTemplate = template.new( name='namespace', datasource='$datasource', - query='label_values(container_network_receive_packets_total{%(clusterLabel)s="$cluster"}, namespace)' % $._config, + query='label_values(container_network_receive_packets_total{%(clusterLabel)s="$cluster"}, namespace)' % $._config, current='kube-system', hide='', - refresh=1, + refresh=2, includeAll=false, sort=1 ) + { auto: false, auto_count: 30, auto_min: '10s', - definition: 'label_values(container_network_receive_packets_total{%(clusterLabel)s="$cluster"}, namespace)' % $._config, + definition: 'label_values(container_network_receive_packets_total{%(clusterLabel)s="$cluster"}, namespace)' % $._config, skipUrlSync: false, }; @@ -262,17 +262,17 @@ local singlestat = grafana.singlestat; template.new( name='type', datasource='$datasource', - query='label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+"}, workload_type)' % $._config, + query='label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+"}, workload_type)' % $._config, current='deployment', hide='', - refresh=1, + refresh=2, includeAll=false, sort=0 ) + { auto: false, auto_count: 30, auto_min: '10s', - definition: 'label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+"}, workload_type)' % $._config, + definition: 'label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+"}, workload_type)' % $._config, skipUrlSync: false, }; @@ -413,7 +413,7 @@ local singlestat = grafana.singlestat; sort_desc(sum(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, legendFormat='{{ workload }}', ), gridPos={ h: 9, w: 12, x: 0, y: 1 } @@ -425,7 +425,7 @@ local singlestat = grafana.singlestat; sort_desc(sum(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, legendFormat='{{ workload }}', ), gridPos={ h: 9, w: 12, x: 12, y: 1 } @@ -438,42 +438,42 @@ local singlestat = grafana.singlestat; sort_desc(sum(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ||| sort_desc(sum(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ||| sort_desc(avg(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ||| sort_desc(avg(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ||| sort_desc(sum(irate(container_network_receive_packets_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ||| sort_desc(sum(irate(container_network_transmit_packets_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ||| sort_desc(sum(irate(container_network_receive_packets_dropped_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ||| sort_desc(sum(irate(container_network_transmit_packets_dropped_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ] ), gridPos={ h: 9, w: 24, x: 0, y: 10 } @@ -487,7 +487,7 @@ local singlestat = grafana.singlestat; sort_desc(avg(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, legendFormat='{{ workload }}', ), gridPos={ h: 9, w: 12, x: 0, y: 20 } @@ -499,7 +499,7 @@ local singlestat = grafana.singlestat; sort_desc(avg(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, legendFormat='{{ workload }}', ), gridPos={ h: 9, w: 12, x: 12, y: 20 } @@ -516,7 +516,7 @@ local singlestat = grafana.singlestat; sort_desc(sum(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ), gridPos={ h: 9, w: 12, x: 0, y: 38 } ) @@ -527,7 +527,7 @@ local singlestat = grafana.singlestat; sort_desc(sum(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, ), gridPos={ h: 9, w: 12, x: 12, y: 38 } ) @@ -540,7 +540,7 @@ local singlestat = grafana.singlestat; sort_desc(sum(irate(container_network_receive_packets_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, graphFormat='pps' ), gridPos={ h: 9, w: 12, x: 0, y: 40 } @@ -552,7 +552,7 @@ local singlestat = grafana.singlestat; sort_desc(sum(irate(container_network_transmit_packets_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, graphFormat='pps' ), gridPos={ h: 9, w: 12, x: 12, y: 40 } @@ -568,7 +568,7 @@ local singlestat = grafana.singlestat; sort_desc(sum(irate(container_network_receive_packets_dropped_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, graphFormat='pps' ), gridPos={ h: 9, w: 12, x: 0, y: 41 } @@ -580,7 +580,7 @@ local singlestat = grafana.singlestat; sort_desc(sum(irate(container_network_transmit_packets_dropped_total{%(clusterLabel)s="$cluster",namespace=~"$namespace"}[$interval:$resolution]) * on (namespace,pod) group_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~".+", workload_type="$type"}) by (workload)) - ||| % $._config, + ||| % $._config, graphFormat='pps' ), gridPos={ h: 9, w: 12, x: 12, y: 41 } diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/pod-total.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/pod-total.libsonnet index 8ed9f48..7759d55 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/pod-total.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/pod-total.libsonnet @@ -108,23 +108,23 @@ local singlestat = grafana.singlestat; local clusterTemplate = template.new( - name='cluster', + name='cluster', datasource='$datasource', query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, hide=if $._config.showMultiCluster then '' else '2', - refresh=1 - ); + refresh=2 + ); local namespaceTemplate = template.new( name='namespace', datasource='$datasource', - query='label_values(container_network_receive_packets_total{%(clusterLabel)s="$cluster"}, namespace)' % $._config, + query='label_values(container_network_receive_packets_total{%(clusterLabel)s="$cluster"}, namespace)' % $._config, allValues='.+', current='kube-system', hide='', - refresh=1, + refresh=2, includeAll=true, sort=1 ) + { @@ -143,7 +143,7 @@ local singlestat = grafana.singlestat; allValues='.+', current='', hide='', - refresh=1, + refresh=2, includeAll=false, sort=1 ) + { diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/workload-total.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/workload-total.libsonnet index 4e73bd0..093a3bc 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/workload-total.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/network-usage/workload-total.libsonnet @@ -98,22 +98,22 @@ local singlestat = grafana.singlestat; local clusterTemplate = template.new( - name='cluster', + name='cluster', datasource='$datasource', query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, hide=if $._config.showMultiCluster then '' else '2', - refresh=1 - ); + refresh=2 + ); local namespaceTemplate = template.new( name='namespace', datasource='$datasource', - query='label_values(container_network_receive_packets_total{%(clusterLabel)s="$cluster"}, namespace)' % $._config, + query='label_values(container_network_receive_packets_total{%(clusterLabel)s="$cluster"}, namespace)' % $._config, allValues='.+', current='kube-system', hide='', - refresh=1, + refresh=2, includeAll=true, sort=1 ) + { @@ -131,7 +131,7 @@ local singlestat = grafana.singlestat; query='label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace"}, workload)' % $._config, current='', hide='', - refresh=1, + refresh=2, includeAll=false, sort=1 ) + { @@ -149,7 +149,7 @@ local singlestat = grafana.singlestat; query='label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster",namespace=~"$namespace", workload=~"$workload"}, workload_type)' % $._config, current='deployment', hide='', - refresh=1, + refresh=2, includeAll=false, sort=0 ) + { diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/persistentvolumesusage.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/persistentvolumesusage.libsonnet index e66d5b0..cf4b867 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/persistentvolumesusage.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/persistentvolumesusage.libsonnet @@ -48,6 +48,7 @@ local gauge = promgrafonnet.gauge; local sizeGauge = gauge.new( 'Volume Space Usage', ||| + max without(instance,node) ( ( kubelet_volume_stats_capacity_bytes{%(clusterLabel)s="$cluster", %(kubeletSelector)s, namespace="$namespace", persistentvolumeclaim="$volume"} - @@ -55,7 +56,7 @@ local gauge = promgrafonnet.gauge; ) / kubelet_volume_stats_capacity_bytes{%(clusterLabel)s="$cluster", %(kubeletSelector)s, namespace="$namespace", persistentvolumeclaim="$volume"} - * 100 + * 100) ||| % $._config, ).withLowerBeingBetter(); @@ -97,10 +98,11 @@ local gauge = promgrafonnet.gauge; local inodeGauge = gauge.new( 'Volume inodes Usage', ||| + max without(instance,node) ( kubelet_volume_stats_inodes_used{%(clusterLabel)s="$cluster", %(kubeletSelector)s, namespace="$namespace", persistentvolumeclaim="$volume"} / kubelet_volume_stats_inodes{%(clusterLabel)s="$cluster", %(kubeletSelector)s, namespace="$namespace", persistentvolumeclaim="$volume"} - * 100 + * 100) ||| % $._config, ).withLowerBeingBetter(); diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/proxy.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/proxy.libsonnet index 6ba4d88..f60b0c0 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/proxy.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/proxy.libsonnet @@ -16,7 +16,7 @@ local singlestat = grafana.singlestat; span=2, valueName='min', ) - .addTarget(prometheus.target('sum(up{%(kubeProxySelector)s})' % $._config)); + .addTarget(prometheus.target('sum(up{%(clusterLabel)s="$cluster", %(kubeProxySelector)s})' % $._config)); local rulesSyncRate = graphPanel.new( @@ -26,7 +26,7 @@ local singlestat = grafana.singlestat; min=0, format='ops', ) - .addTarget(prometheus.target('sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{%(kubeProxySelector)s, instance=~"$instance"}[5m]))' % $._config, legendFormat='rate')); + .addTarget(prometheus.target('sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{%(clusterLabel)s="$cluster", %(kubeProxySelector)s, instance=~"$instance"}[5m]))' % $._config, legendFormat='rate')); local rulesSyncLatency = graphPanel.new( @@ -41,7 +41,7 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{%(kubeProxySelector)s, instance=~"$instance"}[5m]))' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeProxySelector)s, instance=~"$instance"}[5m]))' % $._config, legendFormat='{{instance}}')); local networkProgrammingRate = graphPanel.new( @@ -51,7 +51,7 @@ local singlestat = grafana.singlestat; min=0, format='ops', ) - .addTarget(prometheus.target('sum(rate(kubeproxy_network_programming_duration_seconds_count{%(kubeProxySelector)s, instance=~"$instance"}[5m]))' % $._config, legendFormat='rate')); + .addTarget(prometheus.target('sum(rate(kubeproxy_network_programming_duration_seconds_count{%(clusterLabel)s="$cluster", %(kubeProxySelector)s, instance=~"$instance"}[5m]))' % $._config, legendFormat='rate')); local networkProgrammingLatency = graphPanel.new( @@ -66,7 +66,7 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{%(kubeProxySelector)s, instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeProxySelector)s, instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}}')); local rpcRate = graphPanel.new( @@ -75,10 +75,10 @@ local singlestat = grafana.singlestat; span=4, format='ops', ) - .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(kubeProxySelector)s, instance=~"$instance",code=~"2.."}[5m]))' % $._config, legendFormat='2xx')) - .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(kubeProxySelector)s, instance=~"$instance",code=~"3.."}[5m]))' % $._config, legendFormat='3xx')) - .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(kubeProxySelector)s, instance=~"$instance",code=~"4.."}[5m]))' % $._config, legendFormat='4xx')) - .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(kubeProxySelector)s, instance=~"$instance",code=~"5.."}[5m]))' % $._config, legendFormat='5xx')); + .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(clusterLabel)s="$cluster", %(kubeProxySelector)s, instance=~"$instance",code=~"2.."}[5m]))' % $._config, legendFormat='2xx')) + .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(clusterLabel)s="$cluster", %(kubeProxySelector)s, instance=~"$instance",code=~"3.."}[5m]))' % $._config, legendFormat='3xx')) + .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(clusterLabel)s="$cluster", %(kubeProxySelector)s, instance=~"$instance",code=~"4.."}[5m]))' % $._config, legendFormat='4xx')) + .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(clusterLabel)s="$cluster", %(kubeProxySelector)s, instance=~"$instance",code=~"5.."}[5m]))' % $._config, legendFormat='5xx')); local postRequestLatency = graphPanel.new( @@ -88,7 +88,7 @@ local singlestat = grafana.singlestat; format='s', min=0, ) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(kubeProxySelector)s,instance=~"$instance",verb="POST"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeProxySelector)s,instance=~"$instance",verb="POST"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); local getRequestLatency = graphPanel.new( @@ -103,7 +103,7 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(kubeProxySelector)s, instance=~"$instance", verb="GET"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeProxySelector)s, instance=~"$instance", verb="GET"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); local memory = graphPanel.new( @@ -112,7 +112,7 @@ local singlestat = grafana.singlestat; span=4, format='bytes', ) - .addTarget(prometheus.target('process_resident_memory_bytes{%(kubeProxySelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('process_resident_memory_bytes{%(clusterLabel)s="$cluster", %(kubeProxySelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); local cpu = graphPanel.new( @@ -122,7 +122,7 @@ local singlestat = grafana.singlestat; format='short', min=0, ) - .addTarget(prometheus.target('rate(process_cpu_seconds_total{%(kubeProxySelector)s,instance=~"$instance"}[5m])' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('rate(process_cpu_seconds_total{%(clusterLabel)s="$cluster", %(kubeProxySelector)s,instance=~"$instance"}[5m])' % $._config, legendFormat='{{instance}}')); local goroutines = graphPanel.new( @@ -131,7 +131,7 @@ local singlestat = grafana.singlestat; span=4, format='short', ) - .addTarget(prometheus.target('go_goroutines{%(kubeProxySelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('go_goroutines{%(clusterLabel)s="$cluster", %(kubeProxySelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); dashboard.new( @@ -155,11 +155,22 @@ local singlestat = grafana.singlestat; type: 'datasource', }, ) + .addTemplate( + template.new( + 'cluster', + '$datasource', + 'label_values(kube_pod_info, %(clusterLabel)s)' % $._config, + label='cluster', + refresh='time', + hide=if $._config.showMultiCluster then '' else 'variable', + sort=1, + ) + ) .addTemplate( template.new( 'instance', '$datasource', - 'label_values(kubeproxy_network_programming_duration_seconds_bucket{%(kubeProxySelector)s}, instance)' % $._config, + 'label_values(kubeproxy_network_programming_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeProxySelector)s}, instance)' % $._config, refresh='time', includeAll=true, sort=1, diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/cluster.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/cluster.libsonnet index 091d49a..554b962 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/cluster.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/cluster.libsonnet @@ -84,6 +84,50 @@ local template = grafana.template; }, }; + local storageIOColumns = [ + 'sum by(namespace) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster"}[5m]))' % $._config, + 'sum by(namespace) (rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster"}[5m]))' % $._config, + 'sum by(namespace) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster"}[5m]) + rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster"}[5m]))' % $._config, + 'sum by(namespace) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster"}[5m]))' % $._config, + 'sum by(namespace) (rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster"}[5m]))' % $._config, + 'sum by(namespace) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster"}[5m]) + rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster"}[5m]))' % $._config, + ]; + + local storageIOTableStyles = { + namespace: { + alias: 'Namespace', + link: '%(prefix)s/d/%(uid)s/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell' % { prefix: $._config.grafanaK8s.linkPrefix, uid: std.md5('k8s-resources-namespace.json') }, + linkTooltip: 'Drill down to pods', + }, + 'Value #A': { + alias: 'IOPS(Reads)', + unit: 'short', + decimals: -1, + }, + 'Value #B': { + alias: 'IOPS(Writes)', + unit: 'short', + decimals: -1, + }, + 'Value #C': { + alias: 'IOPS(Reads + Writes)', + unit: 'short', + decimals: -1, + }, + 'Value #D': { + alias: 'Throughput(Read)', + unit: 'Bps', + }, + 'Value #E': { + alias: 'Throughput(Write)', + unit: 'Bps', + }, + 'Value #F': { + alias: 'Throughput(Read + Write)', + unit: 'Bps', + }, + }; + g.dashboard( '%(dashboardNamePrefix)sCompute Resources / Cluster' % $._config.grafanaK8s, uid=($._config.grafanaDashboardIDs['k8s-resources-cluster.json']), @@ -101,23 +145,23 @@ local template = grafana.template; ) .addPanel( g.panel('CPU Requests Commitment') + - g.statPanel('sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster"}) / sum(kube_node_status_allocatable_cpu_cores{%(clusterLabel)s="$cluster"})' % $._config) + g.statPanel('sum(namespace_cpu:kube_pod_container_resource_requests:sum{%(clusterLabel)s="$cluster"}) / sum(kube_node_status_allocatable{resource="cpu",%(clusterLabel)s="$cluster"})' % $._config) ) .addPanel( g.panel('CPU Limits Commitment') + - g.statPanel('sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster"}) / sum(kube_node_status_allocatable_cpu_cores{%(clusterLabel)s="$cluster"})' % $._config) + g.statPanel('sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", resource="cpu"}) / sum(kube_node_status_allocatable{resource="cpu",%(clusterLabel)s="$cluster"})' % $._config) ) .addPanel( g.panel('Memory Utilisation') + - g.statPanel('1 - sum(:node_memory_MemAvailable_bytes:sum{%(clusterLabel)s="$cluster"}) / sum(kube_node_status_allocatable_memory_bytes{%(clusterLabel)s="$cluster"})' % $._config) + g.statPanel('1 - sum(:node_memory_MemAvailable_bytes:sum{%(clusterLabel)s="$cluster"}) / sum(node_memory_MemTotal_bytes{%(clusterLabel)s="$cluster"})' % $._config) ) .addPanel( g.panel('Memory Requests Commitment') + - g.statPanel('sum(kube_pod_container_resource_requests_memory_bytes{%(clusterLabel)s="$cluster"}) / sum(kube_node_status_allocatable_memory_bytes{%(clusterLabel)s="$cluster"})' % $._config) + g.statPanel('sum(namespace_memory:kube_pod_container_resource_requests:sum{%(clusterLabel)s="$cluster"}) / sum(kube_node_status_allocatable{resource="memory",%(clusterLabel)s="$cluster"})' % $._config) ) .addPanel( g.panel('Memory Limits Commitment') + - g.statPanel('sum(kube_pod_container_resource_limits_memory_bytes{%(clusterLabel)s="$cluster"}) / sum(kube_node_status_allocatable_memory_bytes{%(clusterLabel)s="$cluster"})' % $._config) + g.statPanel('sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", resource="memory"}) / sum(kube_node_status_allocatable{resource="memory",%(clusterLabel)s="$cluster"})' % $._config) ) ) .addRow( @@ -134,10 +178,10 @@ local template = grafana.template; g.panel('CPU Quota') + g.tablePanel(podWorkloadColumns + [ 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, - 'sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster"}) by (namespace) / sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, - 'sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster"}) by (namespace) / sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, + 'sum(namespace_cpu:kube_pod_container_resource_requests:sum{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster"}) by (namespace) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", resource="cpu"}) by (namespace)' % $._config, + 'sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", resource="cpu"}) by (namespace)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster"}) by (namespace) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", resource="cpu"}) by (namespace)' % $._config, ], tableStyles { 'Value #C': { alias: 'CPU Usage' }, 'Value #D': { alias: 'CPU Requests' }, @@ -164,10 +208,10 @@ local template = grafana.template; g.tablePanel(podWorkloadColumns + [ // Not using container_memory_usage_bytes here because that includes page cache 'sum(container_memory_rss{%(clusterLabel)s="$cluster", container!=""}) by (namespace)' % $._config, - 'sum(kube_pod_container_resource_requests_memory_bytes{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, - 'sum(container_memory_rss{%(clusterLabel)s="$cluster", container!=""}) by (namespace) / sum(kube_pod_container_resource_requests_memory_bytes{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, - 'sum(kube_pod_container_resource_limits_memory_bytes{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, - 'sum(container_memory_rss{%(clusterLabel)s="$cluster", container!=""}) by (namespace) / sum(kube_pod_container_resource_limits_memory_bytes{%(clusterLabel)s="$cluster"}) by (namespace)' % $._config, + 'sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", resource="memory"}) by (namespace)' % $._config, + 'sum(container_memory_rss{%(clusterLabel)s="$cluster", container!=""}) by (namespace) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", resource="memory"}) by (namespace)' % $._config, + 'sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", resource="memory"}) by (namespace)' % $._config, + 'sum(container_memory_rss{%(clusterLabel)s="$cluster", container!=""}) by (namespace) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", resource="memory"}) by (namespace)' % $._config, ], tableStyles { 'Value #C': { alias: 'Memory Usage', unit: 'bytes' }, 'Value #D': { alias: 'Memory Requests', unit: 'bytes' }, @@ -178,7 +222,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Current Network Usage') .addPanel( g.panel('Current Network Usage') + g.tablePanel( @@ -189,16 +233,13 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Bandwidth') .addPanel( g.panel('Receive Bandwidth') + g.queryPanel('sum(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~".+"}[%(grafanaIntervalVar)s])) by (namespace)' % $._config, '{{namespace}}') + g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Transmit Bandwidth') + g.queryPanel('sum(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~".+"}[%(grafanaIntervalVar)s])) by (namespace)' % $._config, '{{namespace}}') + @@ -207,16 +248,13 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Average Container Bandwidth by Namespace') .addPanel( g.panel('Average Container Bandwidth by Namespace: Received') + g.queryPanel('avg(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~".+"}[%(grafanaIntervalVar)s])) by (namespace)' % $._config, '{{namespace}}') + g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Average Container Bandwidth by Namespace: Transmitted') + g.queryPanel('avg(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~".+"}[%(grafanaIntervalVar)s])) by (namespace)' % $._config, '{{namespace}}') + @@ -225,16 +263,13 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Rate of Packets') .addPanel( g.panel('Rate of Received Packets') + g.queryPanel('sum(irate(container_network_receive_packets_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~".+"}[%(grafanaIntervalVar)s])) by (namespace)' % $._config, '{{namespace}}') + g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Rate of Transmitted Packets') + g.queryPanel('sum(irate(container_network_transmit_packets_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~".+"}[%(grafanaIntervalVar)s])) by (namespace)' % $._config, '{{namespace}}') + @@ -243,22 +278,51 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Rate of Packets Dropped') .addPanel( g.panel('Rate of Received Packets Dropped') + g.queryPanel('sum(irate(container_network_receive_packets_dropped_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~".+"}[%(grafanaIntervalVar)s])) by (namespace)' % $._config, '{{namespace}}') + g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Rate of Transmitted Packets Dropped') + g.queryPanel('sum(irate(container_network_transmit_packets_dropped_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~".+"}[%(grafanaIntervalVar)s])) by (namespace)' % $._config, '{{namespace}}') + g.stack + { yaxes: g.yaxes('Bps') }, ) + ) + .addRow( + g.row('Storage IO') + .addPanel( + g.panel('IOPS(Reads+Writes)') + + g.queryPanel('ceil(sum by(namespace) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster"}[5m]) + rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster"}[5m])))' % $._config, '{{namespace}}') + + g.stack + + { yaxes: g.yaxes('short'), decimals: -1 }, + + ) + .addPanel( + g.panel('ThroughPut(Read+Write)') + + g.queryPanel('sum by(namespace) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster"}[5m]) + rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster"}[5m]))' % $._config, '{{namespace}}') + + g.stack + + { yaxes: g.yaxes('Bps') }, + ) + ) + .addRow( + g.row('Storage IO - Distribution') + .addPanel( + g.panel('Current Storage IO') + + g.tablePanel( + storageIOColumns, + storageIOTableStyles + ) + + { + sort: { + col: 4, + desc: true, + } + }, + ) ) + { tags: $._config.grafanaK8s.dashboardTags, templating+: { list+: [clusterTemplate] }, diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/multi-cluster.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/multi-cluster.libsonnet index 42f5cfb..152e21d 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/multi-cluster.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/multi-cluster.libsonnet @@ -28,23 +28,23 @@ local template = grafana.template; ) .addPanel( g.panel('CPU Requests Commitment') + - g.statPanel('sum(kube_pod_container_resource_requests_cpu_cores) / sum(kube_node_status_allocatable_cpu_cores)' % $._config) + g.statPanel('sum(kube_pod_container_resource_requests{resource="cpu"}) / sum(kube_node_status_allocatable{resource="cpu"})') ) .addPanel( g.panel('CPU Limits Commitment') + - g.statPanel('sum(kube_pod_container_resource_limits_cpu_cores) / sum(kube_node_status_allocatable_cpu_cores)' % $._config) + g.statPanel('sum(kube_pod_container_resource_limits{resource="cpu"}) / sum(kube_node_status_allocatable{resource="cpu"})') ) .addPanel( g.panel('Memory Utilisation') + - g.statPanel('1 - sum(:node_memory_MemAvailable_bytes:sum) / sum(kube_node_status_allocatable_memory_bytes)' % $._config) + g.statPanel('1 - sum(:node_memory_MemAvailable_bytes:sum) / sum(kube_node_status_allocatable{resource="memory"})') ) .addPanel( g.panel('Memory Requests Commitment') + - g.statPanel('sum(kube_pod_container_resource_requests_memory_bytes) / sum(kube_node_status_allocatable_memory_bytes)' % $._config) + g.statPanel('sum(kube_pod_container_resource_requests{resource="memory"}) / sum(kube_node_status_allocatable{resource="memory"})') ) .addPanel( g.panel('Memory Limits Commitment') + - g.statPanel('sum(kube_pod_container_resource_limits_memory_bytes) / sum(kube_node_status_allocatable_memory_bytes)' % $._config) + g.statPanel('sum(kube_pod_container_resource_limits{resource="memory"}) / sum(kube_node_status_allocatable{resource="memory"})') ) ) .addRow( @@ -61,10 +61,10 @@ local template = grafana.template; g.panel('CPU Quota') + g.tablePanel([ 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate) by (%(clusterLabel)s)' % $._config, - 'sum(kube_pod_container_resource_requests_cpu_cores) by (%(clusterLabel)s)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate) by (%(clusterLabel)s) / sum(kube_pod_container_resource_requests_cpu_cores) by (%(clusterLabel)s)' % $._config, - 'sum(kube_pod_container_resource_limits_cpu_cores) by (%(clusterLabel)s)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate) by (%(clusterLabel)s) / sum(kube_pod_container_resource_limits_cpu_cores) by (%(clusterLabel)s)' % $._config, + 'sum(kube_pod_container_resource_requests{resource="cpu"}) by (%(clusterLabel)s)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate) by (%(clusterLabel)s) / sum(kube_pod_container_resource_requests{resource="cpu"}) by (%(clusterLabel)s)' % $._config, + 'sum(kube_pod_container_resource_limits{resource="cpu"}) by (%(clusterLabel)s)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate) by (%(clusterLabel)s) / sum(kube_pod_container_resource_limits{resource="cpu"}) by (%(clusterLabel)s)' % $._config, ], tableStyles { 'Value #A': { alias: 'CPU Usage' }, 'Value #B': { alias: 'CPU Requests' }, @@ -90,10 +90,10 @@ local template = grafana.template; g.tablePanel([ // Not using container_memory_usage_bytes here because that includes page cache 'sum(container_memory_rss{container!=""}) by (%(clusterLabel)s)' % $._config, - 'sum(kube_pod_container_resource_requests_memory_bytes) by (%(clusterLabel)s)' % $._config, - 'sum(container_memory_rss{container!=""}) by (%(clusterLabel)s) / sum(kube_pod_container_resource_requests_memory_bytes) by (%(clusterLabel)s)' % $._config, - 'sum(kube_pod_container_resource_limits_memory_bytes) by (%(clusterLabel)s)' % $._config, - 'sum(container_memory_rss{container!=""}) by (%(clusterLabel)s) / sum(kube_pod_container_resource_limits_memory_bytes) by (%(clusterLabel)s)' % $._config, + 'sum(kube_pod_container_resource_requests{resource="memory"}) by (%(clusterLabel)s)' % $._config, + 'sum(container_memory_rss{container!=""}) by (%(clusterLabel)s) / sum(kube_pod_container_resource_requests{resource="memory"}) by (%(clusterLabel)s)' % $._config, + 'sum(kube_pod_container_resource_limits{resource="memory"}) by (%(clusterLabel)s)' % $._config, + 'sum(container_memory_rss{container!=""}) by (%(clusterLabel)s) / sum(kube_pod_container_resource_limits{resource="memory"}) by (%(clusterLabel)s)' % $._config, ], tableStyles { 'Value #A': { alias: 'Memory Usage', unit: 'bytes' }, 'Value #B': { alias: 'Memory Requests', unit: 'bytes' }, diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/namespace.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/namespace.libsonnet index 0eca190..5699f32 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/namespace.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/namespace.libsonnet @@ -11,7 +11,7 @@ local template = grafana.template; query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, current='', hide=if $._config.showMultiCluster then '' else '2', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -23,7 +23,7 @@ local template = grafana.template; query='label_values(kube_pod_info{%(clusterLabel)s="$cluster"}, namespace)' % $._config.clusterLabel, current='', hide='', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -85,6 +85,50 @@ local template = grafana.template; local memoryQuotaRequestsQuery = std.strReplace(cpuQuotaRequestsQuery, 'requests.cpu', 'requests.memory'); local memoryQuotaLimitsQuery = std.strReplace(cpuQuotaRequestsQuery, 'requests.cpu', 'limits.memory'); + local storageIOColumns = [ + 'sum by(pod) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]))' % $._config, + 'sum by(pod) (rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]))' % $._config, + 'sum by(pod) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]) + rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]))' % $._config, + 'sum by(pod) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]))' % $._config, + 'sum by(pod) (rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]))' % $._config, + 'sum by(pod) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]) + rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]))' % $._config, + ]; + + local storageIOTableStyles = { + pod: { + alias: 'Pod', + link: '%(prefix)s/d/%(uid)s/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell' % { prefix: $._config.grafanaK8s.linkPrefix, uid: std.md5('k8s-resources-pod.json') }, + linkTooltip: 'Drill down to containers', + }, + 'Value #A': { + alias: 'IOPS(Reads)', + unit: 'short', + decimals: -1, + }, + 'Value #B': { + alias: 'IOPS(Writes)', + unit: 'short', + decimals: -1, + }, + 'Value #C': { + alias: 'IOPS(Reads + Writes)', + unit: 'short', + decimals: -1, + }, + 'Value #D': { + alias: 'Throughput(Read)', + unit: 'Bps', + }, + 'Value #E': { + alias: 'Throughput(Write)', + unit: 'Bps', + }, + 'Value #F': { + alias: 'Throughput(Read + Write)', + unit: 'Bps', + }, + }; + g.dashboard( '%(dashboardNamePrefix)sCompute Resources / Namespace (Pods)' % $._config.grafanaK8s, uid=($._config.grafanaDashboardIDs['k8s-resources-namespace.json']), @@ -97,19 +141,19 @@ local template = grafana.template; }) .addPanel( g.panel('CPU Utilisation (from requests)') + - g.statPanel('sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace"}) / sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace"})' % $._config) + g.statPanel('sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace"}) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", resource="cpu"})' % $._config) ) .addPanel( g.panel('CPU Utilisation (from limits)') + - g.statPanel('sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace"}) / sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace"})' % $._config) + g.statPanel('sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace"}) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", resource="cpu"})' % $._config) ) .addPanel( g.panel('Memory Utilization (from requests)') + - g.statPanel('sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace",container!="", image!=""}) / sum(kube_pod_container_resource_requests_memory_bytes{namespace="$namespace"})' % $._config) + g.statPanel('sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace",container!="", image!=""}) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", resource="memory"})' % $._config) ) .addPanel( g.panel('Memory Utilisation (from limits)') + - g.statPanel('sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace",container!="", image!=""}) / sum(kube_pod_container_resource_limits_memory_bytes{namespace="$namespace"})' % $._config) + g.statPanel('sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace",container!="", image!=""}) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", resource="memory"})' % $._config) ) ) .addRow( @@ -129,9 +173,10 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, + hiddenSeries: true, }, { alias: 'quota - limits', @@ -139,9 +184,10 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, + hiddenSeries: true, }, ], }, @@ -153,10 +199,10 @@ local template = grafana.template; g.panel('CPU Quota') + g.tablePanel([ 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod)' % $._config, - 'sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod)' % $._config, - 'sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod)' % $._config, + 'sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", resource="cpu"}) by (pod)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", resource="cpu"}) by (pod)' % $._config, + 'sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", resource="cpu"}) by (pod)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", resource="cpu"}) by (pod)' % $._config, ], tableStyles { 'Value #A': { alias: 'CPU Usage' }, 'Value #B': { alias: 'CPU Requests' }, @@ -186,9 +232,10 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, + hiddenSeries: true, }, { alias: 'quota - limits', @@ -196,9 +243,10 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, + hiddenSeries: true, }, ], }, @@ -210,10 +258,10 @@ local template = grafana.template; g.panel('Memory Quota') + g.tablePanel([ 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace",container!="", image!=""}) by (pod)' % $._config, - 'sum(kube_pod_container_resource_requests_memory_bytes{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod)' % $._config, - 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace",container!="", image!=""}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{namespace="$namespace"}) by (pod)' % $._config, - 'sum(kube_pod_container_resource_limits_memory_bytes{%(clusterLabel)s="$cluster", namespace="$namespace"}) by (pod)' % $._config, - 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace",container!="", image!=""}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{namespace="$namespace"}) by (pod)' % $._config, + 'sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", resource="memory"}) by (pod)' % $._config, + 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace",container!="", image!=""}) by (pod) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", resource="memory"}) by (pod)' % $._config, + 'sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", resource="memory"}) by (pod)' % $._config, + 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace",container!="", image!=""}) by (pod) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", resource="memory"}) by (pod)' % $._config, 'sum(container_memory_rss{%(clusterLabel)s="$cluster", namespace="$namespace",container!=""}) by (pod)' % $._config, 'sum(container_memory_cache{%(clusterLabel)s="$cluster", namespace="$namespace",container!=""}) by (pod)' % $._config, 'sum(container_memory_swap{%(clusterLabel)s="$cluster", namespace="$namespace",container!=""}) by (pod)' % $._config, @@ -230,7 +278,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Current Network Usage') .addPanel( g.panel('Current Network Usage') + g.tablePanel( @@ -241,16 +289,13 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Bandwidth') .addPanel( g.panel('Receive Bandwidth') + g.queryPanel('sum(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~"$namespace"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Transmit Bandwidth') + g.queryPanel('sum(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~"$namespace"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + @@ -259,16 +304,13 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Rate of Packets') .addPanel( g.panel('Rate of Received Packets') + g.queryPanel('sum(irate(container_network_receive_packets_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~"$namespace"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Rate of Transmitted Packets') + g.queryPanel('sum(irate(container_network_transmit_packets_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~"$namespace"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + @@ -277,22 +319,51 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Rate of Packets Dropped') .addPanel( g.panel('Rate of Received Packets Dropped') + g.queryPanel('sum(irate(container_network_receive_packets_dropped_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~"$namespace"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Rate of Transmitted Packets Dropped') + g.queryPanel('sum(irate(container_network_transmit_packets_dropped_total{%(clusterLabel)s="$cluster", %(namespaceLabel)s=~"$namespace"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + g.stack + { yaxes: g.yaxes('Bps') }, ) + ) + .addRow( + g.row('Storage IO') + .addPanel( + g.panel('IOPS(Reads+Writes)') + + g.queryPanel('ceil(sum by(pod) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]) + rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m])))' % $._config, '{{pod}}') + + g.stack + + { yaxes: g.yaxes('short'), decimals: -1 }, + + ) + .addPanel( + g.panel('ThroughPut(Read+Write)') + + g.queryPanel('sum by(pod) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]) + rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace"}[5m]))' % $._config, '{{pod}}') + + g.stack + + { yaxes: g.yaxes('Bps') }, + ) + ) + .addRow( + g.row('Storage IO - Distribution') + .addPanel( + g.panel('Current Storage IO') + + g.tablePanel( + storageIOColumns, + storageIOTableStyles + ) + + { + sort: { + col: 4, + desc: true, + } + }, + ) ) + { tags: $._config.grafanaK8s.dashboardTags, templating+: { list+: [clusterTemplate, namespaceTemplate] }, refresh: $._config.grafanaK8s.refresh }, }, } diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/node.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/node.libsonnet index 32e19be..cde0de6 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/node.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/node.libsonnet @@ -11,7 +11,7 @@ local template = grafana.template; query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, current='', hide=if $._config.showMultiCluster then '' else '2', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -23,7 +23,7 @@ local template = grafana.template; query='label_values(kube_pod_info{%(clusterLabel)s="$cluster"}, node)' % $._config.clusterLabel, current='', hide='', - refresh=1, + refresh=2, includeAll=false, multi=true, sort=1 @@ -54,10 +54,10 @@ local template = grafana.template; g.panel('CPU Quota') + g.tablePanel([ 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod)' % $._config, - 'sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod)' % $._config, - 'sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod)' % $._config, + 'sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", node=~"$node", resource="cpu"}) by (pod)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", node=~"$node", resource="cpu"}) by (pod)' % $._config, + 'sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", node=~"$node", resource="cpu"}) by (pod)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", node=~"$node", resource="cpu"}) by (pod)' % $._config, ], tableStyles { 'Value #A': { alias: 'CPU Usage' }, 'Value #B': { alias: 'CPU Requests' }, @@ -83,10 +83,10 @@ local template = grafana.template; g.panel('Memory Quota') + g.tablePanel([ 'sum(node_namespace_pod_container:container_memory_working_set_bytes{%(clusterLabel)s="$cluster", node=~"$node",container!=""}) by (pod)' % $._config, - 'sum(kube_pod_container_resource_requests_memory_bytes{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod)' % $._config, - 'sum(node_namespace_pod_container:container_memory_working_set_bytes{%(clusterLabel)s="$cluster", node=~"$node",container!=""}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{node=~"$node"}) by (pod)' % $._config, - 'sum(kube_pod_container_resource_limits_memory_bytes{%(clusterLabel)s="$cluster", node=~"$node"}) by (pod)' % $._config, - 'sum(node_namespace_pod_container:container_memory_working_set_bytes{%(clusterLabel)s="$cluster", node=~"$node",container!=""}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{node=~"$node"}) by (pod)' % $._config, + 'sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", node=~"$node", resource="memory"}) by (pod)' % $._config, + 'sum(node_namespace_pod_container:container_memory_working_set_bytes{%(clusterLabel)s="$cluster", node=~"$node",container!=""}) by (pod) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", node=~"$node", resource="memory"}) by (pod)' % $._config, + 'sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", node=~"$node", resource="memory"}) by (pod)' % $._config, + 'sum(node_namespace_pod_container:container_memory_working_set_bytes{%(clusterLabel)s="$cluster", node=~"$node",container!=""}) by (pod) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", node=~"$node", resource="memory"}) by (pod)' % $._config, 'sum(node_namespace_pod_container:container_memory_rss{%(clusterLabel)s="$cluster", node=~"$node",container!=""}) by (pod)' % $._config, 'sum(node_namespace_pod_container:container_memory_cache{%(clusterLabel)s="$cluster", node=~"$node",container!=""}) by (pod)' % $._config, 'sum(node_namespace_pod_container:container_memory_swap{%(clusterLabel)s="$cluster", node=~"$node",container!=""}) by (pod)' % $._config, diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/pod.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/pod.libsonnet index 9910c7c..4fa5cab 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/pod.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/pod.libsonnet @@ -11,7 +11,7 @@ local template = grafana.template; query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, current='', hide=if $._config.showMultiCluster then '' else '2', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -23,7 +23,7 @@ local template = grafana.template; query='label_values(kube_pod_info{%(clusterLabel)s="$cluster"}, namespace)' % $._config.clusterLabel, current='', hide='', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -49,12 +49,57 @@ local template = grafana.template; local cpuRequestsQuery = ||| sum( - kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) + kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", resource="cpu"} + ) ||| % $._config; local cpuLimitsQuery = std.strReplace(cpuRequestsQuery, 'requests', 'limits'); - local memRequestsQuery = std.strReplace(cpuRequestsQuery, 'cpu_cores', 'memory_bytes'); - local memLimitsQuery = std.strReplace(cpuLimitsQuery, 'cpu_cores', 'memory_bytes'); + local memRequestsQuery = std.strReplace(cpuRequestsQuery, 'cpu', 'memory'); + local memLimitsQuery = std.strReplace(cpuLimitsQuery, 'cpu', 'memory'); + + local storageIOColumns = [ + 'sum by(container) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]))' % $._config, + 'sum by(container) (rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]))' % $._config, + 'sum by(container) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]) + rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]))' % $._config, + 'sum by(container) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]))' % $._config, + 'sum by(container) (rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]))' % $._config, + 'sum by(container) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]) + rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]))' % $._config, + ]; + + local storageIOTableStyles = { + pod: { + alias: 'Pod', + link: '%(prefix)s/d/%(uid)s/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell' % { prefix: $._config.grafanaK8s.linkPrefix, uid: std.md5('k8s-resources-pod.json') }, + linkTooltip: 'Drill down to pods', + }, + 'Value #A': { + alias: 'IOPS(Reads)', + unit: 'short', + decimals: -1, + }, + 'Value #B': { + alias: 'IOPS(Writes)', + unit: 'short', + decimals: -1, + }, + 'Value #C': { + alias: 'IOPS(Reads + Writes)', + unit: 'short', + decimals: -1, + }, + 'Value #D': { + alias: 'Throughput(Read)', + unit: 'Bps', + }, + 'Value #E': { + alias: 'Throughput(Write)', + unit: 'Bps', + }, + 'Value #F': { + alias: 'Throughput(Read + Write)', + unit: 'Bps', + }, + }; g.dashboard( '%(dashboardNamePrefix)sCompute Resources / Pod' % $._config.grafanaK8s, @@ -66,7 +111,7 @@ local template = grafana.template; g.panel('CPU Usage') + g.queryPanel( [ - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace="$namespace", pod="$pod", container!="POD", %(clusterLabel)s="$cluster"}) by (container)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace="$namespace", pod="$pod", %(clusterLabel)s="$cluster"}) by (container)' % $._config, cpuRequestsQuery, cpuLimitsQuery, ], [ @@ -103,7 +148,7 @@ local template = grafana.template; g.row('CPU Throttling') .addPanel( g.panel('CPU Throttling') + - g.queryPanel('sum(increase(container_cpu_cfs_throttled_periods_total{namespace="$namespace", pod="$pod", container!="POD", container!="", %(clusterLabel)s="$cluster"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace="$namespace", pod="$pod", container!="POD", container!="", %(clusterLabel)s="$cluster"}[5m])) by (container)' % $._config, '{{container}}') + + g.queryPanel('sum(increase(container_cpu_cfs_throttled_periods_total{namespace="$namespace", pod="$pod", container!="", %(clusterLabel)s="$cluster"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace="$namespace", pod="$pod", container!="", %(clusterLabel)s="$cluster"}[5m])) by (container)' % $._config, '{{container}}') + g.stack + { yaxes: g.yaxes({ format: 'percentunit', max: 1 }), @@ -129,11 +174,11 @@ local template = grafana.template; .addPanel( g.panel('CPU Quota') + g.tablePanel([ - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container!="POD"}) by (container)' % $._config, - 'sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container) / sum(kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container)' % $._config, - 'sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container)' % $._config, - 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container) / sum(kube_pod_container_resource_limits_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container)' % $._config, + 'sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", resource="cpu"}) by (container)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", resource="cpu"}) by (container)' % $._config, + 'sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", resource="cpu"}) by (container)' % $._config, + 'sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", resource="cpu"}) by (container)' % $._config, ], tableStyles { 'Value #A': { alias: 'CPU Usage' }, 'Value #B': { alias: 'CPU Requests' }, @@ -148,7 +193,7 @@ local template = grafana.template; .addPanel( g.panel('Memory Usage') + g.queryPanel([ - 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container!="POD", container!="", image!=""}) by (container)' % $._config, + 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container!="", image!=""}) by (container)' % $._config, memRequestsQuery, memLimitsQuery, ], [ @@ -166,7 +211,7 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, }, @@ -176,7 +221,7 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, }, @@ -189,11 +234,11 @@ local template = grafana.template; .addPanel( g.panel('Memory Quota') + g.tablePanel([ - 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container!="POD", container!="", image!=""}) by (container)' % $._config, - 'sum(kube_pod_container_resource_requests_memory_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container)' % $._config, - 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", image!=""}) by (container) / sum(kube_pod_container_resource_requests_memory_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container)' % $._config, - 'sum(kube_pod_container_resource_limits_memory_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container!=""}) by (container)' % $._config, - 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container!="", image!=""}) by (container) / sum(kube_pod_container_resource_limits_memory_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod"}) by (container)' % $._config, + 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container!="", image!=""}) by (container)' % $._config, + 'sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", resource="memory"}) by (container)' % $._config, + 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", image!=""}) by (container) / sum(kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", resource="memory"}) by (container)' % $._config, + 'sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", resource="memory"}) by (container)' % $._config, + 'sum(container_memory_working_set_bytes{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container!="", image!=""}) by (container) / sum(kube_pod_container_resource_limits{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", resource="memory"}) by (container)' % $._config, 'sum(container_memory_rss{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container != "", container != "POD"}) by (container)' % $._config, 'sum(container_memory_cache{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container != "", container != "POD"}) by (container)' % $._config, 'sum(container_memory_swap{%(clusterLabel)s="$cluster", namespace="$namespace", pod="$pod", container != "", container != "POD"}) by (container)' % $._config, @@ -210,57 +255,94 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Bandwidth') .addPanel( g.panel('Receive Bandwidth') + - g.queryPanel('sum(irate(container_network_receive_bytes_total{namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + + g.queryPanel('sum(irate(container_network_receive_bytes_total{%(clusterLabel)s="$cluster", namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + g.stack + { yaxes: g.yaxes('Bps'), interval: $._config.grafanaK8s.minimumTimeInterval }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Transmit Bandwidth') + - g.queryPanel('sum(irate(container_network_transmit_bytes_total{namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + + g.queryPanel('sum(irate(container_network_transmit_bytes_total{%(clusterLabel)s="$cluster", namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + g.stack + { yaxes: g.yaxes('Bps'), interval: $._config.grafanaK8s.minimumTimeInterval }, ) ) .addRow( - g.row('Network') + g.row('Rate of Packets') .addPanel( g.panel('Rate of Received Packets') + - g.queryPanel('sum(irate(container_network_receive_packets_total{namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + + g.queryPanel('sum(irate(container_network_receive_packets_total{%(clusterLabel)s="$cluster", namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + g.stack + { yaxes: g.yaxes('Bps'), interval: $._config.grafanaK8s.minimumTimeInterval }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Rate of Transmitted Packets') + - g.queryPanel('sum(irate(container_network_transmit_packets_total{namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + + g.queryPanel('sum(irate(container_network_transmit_packets_total{%(clusterLabel)s="$cluster", namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + g.stack + { yaxes: g.yaxes('Bps'), interval: $._config.grafanaK8s.minimumTimeInterval }, ) ) .addRow( - g.row('Network') + g.row('Rate of Packets Dropped') .addPanel( g.panel('Rate of Received Packets Dropped') + - g.queryPanel('sum(irate(container_network_receive_packets_dropped_total{namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + + g.queryPanel('sum(irate(container_network_receive_packets_dropped_total{%(clusterLabel)s="$cluster", namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + + g.stack + + { yaxes: g.yaxes('Bps'), interval: $._config.grafanaK8s.minimumTimeInterval }, + ) + .addPanel( + g.panel('Rate of Transmitted Packets Dropped') + + g.queryPanel('sum(irate(container_network_transmit_packets_dropped_total{%(clusterLabel)s="$cluster", namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + g.stack + { yaxes: g.yaxes('Bps'), interval: $._config.grafanaK8s.minimumTimeInterval }, ) ) .addRow( - g.row('Network') + g.row('Storage IO - Distribution(Pod - Read & Writes)') .addPanel( - g.panel('Rate of Transmitted Packets Dropped') + - g.queryPanel('sum(irate(container_network_transmit_packets_dropped_total{namespace=~"$namespace", pod=~"$pod"}[%(grafanaIntervalVar)s])) by (pod)' % $._config, '{{pod}}') + + g.panel('IOPS') + + g.queryPanel(['ceil(sum by(pod) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod=~"$pod"}[5m])))' % $._config, 'ceil(sum by(pod) (rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod=~"$pod"}[5m])))' % $._config,], ['Reads','Writes']) + g.stack + - { yaxes: g.yaxes('Bps'), interval: $._config.grafanaK8s.minimumTimeInterval }, + { yaxes: g.yaxes('short'), decimals: -1 }, + ) + .addPanel( + g.panel('ThroughPut') + + g.queryPanel(['sum by(pod) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod=~"$pod"}[5m]))' % $._config, 'sum by(pod) (rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod=~"$pod"}[5m]))' % $._config,], ['Reads','Writes']) + + g.stack + + { yaxes: g.yaxes('Bps') }, + ) + ) + .addRow( + g.row('Storage IO - Distribution(Containers)') + .addPanel( + g.panel('IOPS(Reads+Writes)') + + g.queryPanel('ceil(sum by(container) (rate(container_fs_reads_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]) + rate(container_fs_writes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m])))' % $._config, '{{pod}}') + + g.stack + + { yaxes: g.yaxes('short'), decimals: -1 }, + ) + .addPanel( + g.panel('ThroughPut(Read+Write)') + + g.queryPanel('sum by(container) (rate(container_fs_reads_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]) + rate(container_fs_writes_bytes_total{container!="", %(clusterLabel)s="$cluster",namespace=~"$namespace", pod="$pod"}[5m]))' % $._config, '{{pod}}') + + g.stack + + { yaxes: g.yaxes('Bps') }, + ) + ) + .addRow( + g.row('Storage IO - Distribution') + .addPanel( + g.panel('Current Storage IO') + + g.tablePanel( + storageIOColumns, + storageIOTableStyles + ) + + { + sort: { + col: 4, + desc: true, + } + }, ) ) + { tags: $._config.grafanaK8s.dashboardTags, templating+: { list+: [clusterTemplate, namespaceTemplate, podTemplate] }, refresh: $._config.grafanaK8s.refresh }, }, diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/workload-namespace.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/workload-namespace.libsonnet index 0c08013..a58acc4 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/workload-namespace.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/workload-namespace.libsonnet @@ -4,23 +4,6 @@ local template = grafana.template; { grafanaDashboards+:: { - local typeTemplate = - template.new( - name='type', - datasource='$datasource', - query='label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~"$namespace", workload=~".+"}, workload_type)', - current='deployment', - hide='', - refresh=1, - includeAll=false, - sort=0 - ) + { - auto: false, - auto_count: 30, - auto_min: '10s', - definition: 'label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~"$namespace", workload=~".+"}, workload_type)', - skipUrlSync: false, - }, local clusterTemplate = template.new( @@ -29,10 +12,28 @@ local template = grafana.template; query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, current='', hide=if $._config.showMultiCluster then '' else '2', - refresh=1, + refresh=2, includeAll=false, sort=1 ), + + local typeTemplate = + template.new( + name='type', + datasource='$datasource', + query='label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster", namespace=~"$namespace", workload=~".+"}, workload_type)' % $._config.clusterLabel, + current='deployment', + hide='', + refresh=2, + includeAll=false, + sort=0 + ) + { + auto: false, + auto_count: 30, + auto_min: '10s', + definition: 'label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster", namespace=~"$namespace", workload=~".+"}, workload_type)' % $._config.clusterLabel, + skipUrlSync: false, + }, local namespaceTemplate = template.new( @@ -41,7 +42,7 @@ local template = grafana.template; query='label_values(kube_pod_info{%(clusterLabel)s="$cluster"}, namespace)' % $._config.clusterLabel, current='', hide='', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -135,7 +136,7 @@ local template = grafana.template; local cpuRequestsQuery = ||| sum( - kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace"} + kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", resource="cpu"} * on(namespace,pod) group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster", namespace="$namespace", workload_type="$type"} ) by (workload, workload_type) @@ -151,8 +152,8 @@ local template = grafana.template; group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster", namespace="$namespace", workload_type="$type"} ) by (workload, workload_type) ||| % $._config; - local memRequestsQuery = std.strReplace(cpuRequestsQuery, 'cpu_cores', 'memory_bytes'); - local memLimitsQuery = std.strReplace(cpuLimitsQuery, 'cpu_cores', 'memory_bytes'); + local memRequestsQuery = std.strReplace(cpuRequestsQuery, 'cpu', 'memory'); + local memLimitsQuery = std.strReplace(cpuLimitsQuery, 'cpu', 'memory'); local cpuQuotaRequestsQuery = 'scalar(kube_resourcequota{%(clusterLabel)s="$cluster", namespace="$namespace", type="hard",resource="requests.cpu"})' % $._config; local cpuQuotaLimitsQuery = std.strReplace(cpuQuotaRequestsQuery, 'requests.cpu', 'limits.cpu'); @@ -176,9 +177,10 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, + hiddenSeries: true, }, { alias: 'quota - limits', @@ -186,9 +188,10 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, + hiddenSeries: true, }, ], }, @@ -230,9 +233,10 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, + hiddenSeries: true, }, { alias: 'quota - limits', @@ -240,9 +244,10 @@ local template = grafana.template; dashes: true, fill: 0, hideTooltip: true, - legend: false, + legend: true, linewidth: 2, stack: false, + hiddenSeries: true, }, ], }, @@ -270,7 +275,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Current Network Usage') .addPanel( g.panel('Current Network Usage') + g.tablePanel( @@ -281,7 +286,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Bandwidth') .addPanel( g.panel('Receive Bandwidth') + g.queryPanel(||| @@ -292,9 +297,6 @@ local template = grafana.template; g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Transmit Bandwidth') + g.queryPanel(||| @@ -307,7 +309,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Average Container Bandwidth by Workload') .addPanel( g.panel('Average Container Bandwidth by Workload: Received') + g.queryPanel(||| @@ -318,9 +320,6 @@ local template = grafana.template; g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Average Container Bandwidth by Workload: Transmitted') + g.queryPanel(||| @@ -333,7 +332,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Rate of Packets') .addPanel( g.panel('Rate of Received Packets') + g.queryPanel(||| @@ -344,9 +343,6 @@ local template = grafana.template; g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Rate of Transmitted Packets') + g.queryPanel(||| @@ -359,7 +355,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Rate of Packets Dropped') .addPanel( g.panel('Rate of Received Packets Dropped') + g.queryPanel(||| @@ -370,9 +366,6 @@ local template = grafana.template; g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Rate of Transmitted Packets Dropped') + g.queryPanel(||| @@ -383,7 +376,7 @@ local template = grafana.template; g.stack + { yaxes: g.yaxes('Bps') }, ) - ) + { tags: $._config.grafanaK8s.dashboardTags, templating+: { list+: [typeTemplate, clusterTemplate, namespaceTemplate] }, refresh: $._config.grafanaK8s.refresh }, + ) + { tags: $._config.grafanaK8s.dashboardTags, templating+: { list+: [clusterTemplate, typeTemplate, namespaceTemplate] }, refresh: $._config.grafanaK8s.refresh }, }, } diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/workload.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/workload.libsonnet index 5b28554..bd30f4b 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/workload.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/resources/workload.libsonnet @@ -11,7 +11,7 @@ local template = grafana.template; query='label_values(kube_pod_info, %s)' % $._config.clusterLabel, current='', hide=if $._config.showMultiCluster then '' else '2', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -23,7 +23,7 @@ local template = grafana.template; query='label_values(kube_pod_info{%(clusterLabel)s="$cluster"}, namespace)' % $._config.clusterLabel, current='', hide='', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -35,7 +35,7 @@ local template = grafana.template; query='label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster", namespace="$namespace"}, workload)' % $._config.clusterLabel, current='', hide='', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -47,7 +47,7 @@ local template = grafana.template; query='label_values(namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster", namespace="$namespace", workload="$workload"}, workload_type)' % $._config.clusterLabel, current='', hide='', - refresh=1, + refresh=2, includeAll=false, sort=1 ), @@ -134,7 +134,7 @@ local template = grafana.template; local cpuRequestsQuery = ||| sum( - kube_pod_container_resource_requests_cpu_cores{%(clusterLabel)s="$cluster", namespace="$namespace"} + kube_pod_container_resource_requests{%(clusterLabel)s="$cluster", namespace="$namespace", resource="cpu"} * on(namespace,pod) group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster", namespace="$namespace", workload="$workload", workload_type="$type"} ) by (pod) @@ -149,8 +149,8 @@ local template = grafana.template; group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{%(clusterLabel)s="$cluster", namespace="$namespace", workload="$workload", workload_type="$type"} ) by (pod) ||| % $._config; - local memRequestsQuery = std.strReplace(cpuRequestsQuery, 'cpu_cores', 'memory_bytes'); - local memLimitsQuery = std.strReplace(cpuLimitsQuery, 'cpu_cores', 'memory_bytes'); + local memRequestsQuery = std.strReplace(cpuRequestsQuery, 'cpu', 'memory'); + local memLimitsQuery = std.strReplace(cpuLimitsQuery, 'cpu', 'memory'); g.dashboard( '%(dashboardNamePrefix)sCompute Resources / Workload' % $._config.grafanaK8s, @@ -212,7 +212,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Current Network Usage') .addPanel( g.panel('Current Network Usage') + g.tablePanel( @@ -223,7 +223,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Bandwidth') .addPanel( g.panel('Receive Bandwidth') + g.queryPanel(||| @@ -234,9 +234,6 @@ local template = grafana.template; g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Transmit Bandwidth') + g.queryPanel(||| @@ -249,7 +246,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Average Container Bandwidth by Pod') .addPanel( g.panel('Average Container Bandwidth by Pod: Received') + g.queryPanel(||| @@ -260,9 +257,6 @@ local template = grafana.template; g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Average Container Bandwidth by Pod: Transmitted') + g.queryPanel(||| @@ -275,7 +269,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Rate of Packets') .addPanel( g.panel('Rate of Received Packets') + g.queryPanel(||| @@ -286,9 +280,6 @@ local template = grafana.template; g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Rate of Transmitted Packets') + g.queryPanel(||| @@ -301,7 +292,7 @@ local template = grafana.template; ) ) .addRow( - g.row('Network') + g.row('Rate of Packets Dropped') .addPanel( g.panel('Rate of Received Packets Dropped') + g.queryPanel(||| @@ -312,9 +303,6 @@ local template = grafana.template; g.stack + { yaxes: g.yaxes('Bps') }, ) - ) - .addRow( - g.row('Network') .addPanel( g.panel('Rate of Transmitted Packets Dropped') + g.queryPanel(||| diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/scheduler.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/scheduler.libsonnet index 949b083..ded8342 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/scheduler.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/scheduler.libsonnet @@ -16,7 +16,7 @@ local singlestat = grafana.singlestat; span=2, valueName='min', ) - .addTarget(prometheus.target('sum(up{%(kubeSchedulerSelector)s})' % $._config)); + .addTarget(prometheus.target('sum(up{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s})' % $._config)); local schedulingRate = graphPanel.new( @@ -31,10 +31,10 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('sum(rate(scheduler_e2e_scheduling_duration_seconds_count{%(kubeSchedulerSelector)s, instance=~"$instance"}[5m])) by (instance)' % $._config, legendFormat='{{instance}} e2e')) - .addTarget(prometheus.target('sum(rate(scheduler_binding_duration_seconds_count{%(kubeSchedulerSelector)s, instance=~"$instance"}[5m])) by (instance)' % $._config, legendFormat='{{instance}} binding')) - .addTarget(prometheus.target('sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{%(kubeSchedulerSelector)s, instance=~"$instance"}[5m])) by (instance)' % $._config, legendFormat='{{instance}} scheduling algorithm')) - .addTarget(prometheus.target('sum(rate(scheduler_volume_scheduling_duration_seconds_count{%(kubeSchedulerSelector)s, instance=~"$instance"}[5m])) by (instance)' % $._config, legendFormat='{{instance}} volume')); + .addTarget(prometheus.target('sum(rate(scheduler_e2e_scheduling_duration_seconds_count{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance"}[5m])) by (instance)' % $._config, legendFormat='{{instance}} e2e')) + .addTarget(prometheus.target('sum(rate(scheduler_binding_duration_seconds_count{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance"}[5m])) by (instance)' % $._config, legendFormat='{{instance}} binding')) + .addTarget(prometheus.target('sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance"}[5m])) by (instance)' % $._config, legendFormat='{{instance}} scheduling algorithm')) + .addTarget(prometheus.target('sum(rate(scheduler_volume_scheduling_duration_seconds_count{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance"}[5m])) by (instance)' % $._config, legendFormat='{{instance}} volume')); local schedulingLatency = @@ -50,10 +50,10 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{%(kubeSchedulerSelector)s,instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}} e2e')) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{%(kubeSchedulerSelector)s,instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}} binding')) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{%(kubeSchedulerSelector)s,instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}} scheduling algorithm')) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{%(kubeSchedulerSelector)s,instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}} volume')); + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s,instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}} e2e')) + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s,instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}} binding')) + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s,instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}} scheduling algorithm')) + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s,instance=~"$instance"}[5m])) by (instance, le))' % $._config, legendFormat='{{instance}} volume')); local rpcRate = graphPanel.new( @@ -63,10 +63,10 @@ local singlestat = grafana.singlestat; format='ops', min=0, ) - .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(kubeSchedulerSelector)s, instance=~"$instance",code=~"2.."}[5m]))' % $._config, legendFormat='2xx')) - .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(kubeSchedulerSelector)s, instance=~"$instance",code=~"3.."}[5m]))' % $._config, legendFormat='3xx')) - .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(kubeSchedulerSelector)s, instance=~"$instance",code=~"4.."}[5m]))' % $._config, legendFormat='4xx')) - .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(kubeSchedulerSelector)s, instance=~"$instance",code=~"5.."}[5m]))' % $._config, legendFormat='5xx')); + .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance",code=~"2.."}[5m]))' % $._config, legendFormat='2xx')) + .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance",code=~"3.."}[5m]))' % $._config, legendFormat='3xx')) + .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance",code=~"4.."}[5m]))' % $._config, legendFormat='4xx')) + .addTarget(prometheus.target('sum(rate(rest_client_requests_total{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance",code=~"5.."}[5m]))' % $._config, legendFormat='5xx')); local postRequestLatency = graphPanel.new( @@ -76,7 +76,7 @@ local singlestat = grafana.singlestat; format='s', min=0, ) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(kubeSchedulerSelector)s, instance=~"$instance", verb="POST"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance", verb="POST"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); local getRequestLatency = graphPanel.new( @@ -91,7 +91,7 @@ local singlestat = grafana.singlestat; legend_alignAsTable=true, legend_rightSide=true, ) - .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(kubeSchedulerSelector)s, instance=~"$instance", verb="GET"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); + .addTarget(prometheus.target('histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance", verb="GET"}[5m])) by (verb, url, le))' % $._config, legendFormat='{{verb}} {{url}}')); local memory = graphPanel.new( @@ -100,7 +100,7 @@ local singlestat = grafana.singlestat; span=4, format='bytes', ) - .addTarget(prometheus.target('process_resident_memory_bytes{%(kubeSchedulerSelector)s, instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('process_resident_memory_bytes{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); local cpu = graphPanel.new( @@ -110,7 +110,7 @@ local singlestat = grafana.singlestat; format='bytes', min=0, ) - .addTarget(prometheus.target('rate(process_cpu_seconds_total{%(kubeSchedulerSelector)s, instance=~"$instance"}[5m])' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('rate(process_cpu_seconds_total{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s, instance=~"$instance"}[5m])' % $._config, legendFormat='{{instance}}')); local goroutines = graphPanel.new( @@ -119,7 +119,7 @@ local singlestat = grafana.singlestat; span=4, format='short', ) - .addTarget(prometheus.target('go_goroutines{%(kubeSchedulerSelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); + .addTarget(prometheus.target('go_goroutines{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s,instance=~"$instance"}' % $._config, legendFormat='{{instance}}')); dashboard.new( @@ -143,11 +143,22 @@ local singlestat = grafana.singlestat; type: 'datasource', }, ) + .addTemplate( + template.new( + 'cluster', + '$datasource', + 'label_values(kube_pod_info, %(clusterLabel)s)' % $._config, + label='cluster', + refresh='time', + hide=if $._config.showMultiCluster then '' else 'variable', + sort=1, + ) + ) .addTemplate( template.new( 'instance', '$datasource', - 'label_values(process_cpu_seconds_total{%(kubeSchedulerSelector)s}, instance)' % $._config, + 'label_values(process_cpu_seconds_total{%(clusterLabel)s="$cluster", %(kubeSchedulerSelector)s}, instance)' % $._config, refresh='time', includeAll=true, sort=1, @@ -172,4 +183,4 @@ local singlestat = grafana.singlestat; .addPanel(goroutines) ) + { refresh: $._config.grafanaK8s.refresh }, }, -} +} \ No newline at end of file diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/windows.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/windows.libsonnet index c3c8a89..c6fe159 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/windows.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/windows.libsonnet @@ -160,7 +160,7 @@ local g = import 'github.com/grafana/jsonnet-libs/grafana-builder/grafana.libson template.new( 'namespace', '$datasource', - 'label_values(windows_container_available, namespace)', + 'label_values(windows_pod_container_available, namespace)', label='Namespace', refresh='time', sort=1, @@ -253,7 +253,7 @@ local g = import 'github.com/grafana/jsonnet-libs/grafana-builder/grafana.libson template.new( 'namespace', '$datasource', - 'label_values(windows_container_available, namespace)', + 'label_values(windows_pod_container_available, namespace)', label='Namespace', refresh='time', sort=1, @@ -263,7 +263,7 @@ local g = import 'github.com/grafana/jsonnet-libs/grafana-builder/grafana.libson template.new( 'pod', '$datasource', - 'label_values(windows_container_available{namespace="$namespace"}, pod)', + 'label_values(windows_pod_container_available{namespace="$namespace"}, pod)', label='Pod', refresh='time', sort=1, @@ -514,7 +514,7 @@ local g = import 'github.com/grafana/jsonnet-libs/grafana-builder/grafana.libson { yaxes: g.yaxes('percentunit') }, ) .addPanel( - graphPanel.new('Disk I/O',) + graphPanel.new('Disk I/O', datasource='$datasource') .addTarget(prometheus.target('max(rate(windows_logical_disk_read_bytes_total{%(wmiExporterSelector)s, instance="$instance"}[2m]))' % $._config, legendFormat='read')) .addTarget(prometheus.target('max(rate(windows_logical_disk_write_bytes_total{%(wmiExporterSelector)s, instance="$instance"}[2m]))' % $._config, legendFormat='written')) .addTarget(prometheus.target('max(rate(windows_logical_disk_read_seconds_total{%(wmiExporterSelector)s, instance="$instance"}[2m]) + rate(windows_logical_disk_write_seconds_total{%(wmiExporterSelector)s, instance="$instance"}[2m]))' % $._config, legendFormat='io time')) + diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/apps.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/apps.libsonnet index f801eb2..fdc621f 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/apps.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/apps.libsonnet @@ -16,7 +16,7 @@ record: 'node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate', expr: ||| sum by (%(clusterLabel)s, namespace, pod, container) ( - rate(container_cpu_usage_seconds_total{%(cadvisorSelector)s, image!="", container!="POD"}[5m]) + rate(container_cpu_usage_seconds_total{%(cadvisorSelector)s, image!=""}[5m]) ) * on (%(clusterLabel)s, namespace, pod) group_left(node) topk by (%(clusterLabel)s, namespace, pod) ( 1, max by(%(clusterLabel)s, namespace, pod, node) (kube_pod_info{node!=""}) ) @@ -59,27 +59,27 @@ ||| % $._config, }, { - record: 'namespace:kube_pod_container_resource_requests_memory_bytes:sum', + record: 'namespace_memory:kube_pod_container_resource_requests:sum', expr: ||| - sum by (namespace) ( - sum by (namespace, pod) ( - max by (namespace, pod, container) ( - kube_pod_container_resource_requests_memory_bytes{%(kubeStateMetricsSelector)s} - ) * on(namespace, pod) group_left() max by (namespace, pod) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 + sum by (namespace, cluster) ( + sum by (namespace, pod, cluster) ( + max by (namespace, pod, container, cluster) ( + kube_pod_container_resource_requests{resource="memory",%(kubeStateMetricsSelector)s} + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ) ) ||| % $._config, }, { - record: 'namespace:kube_pod_container_resource_requests_cpu_cores:sum', + record: 'namespace_cpu:kube_pod_container_resource_requests:sum', expr: ||| - sum by (namespace) ( - sum by (namespace, pod) ( - max by (namespace, pod, container) ( - kube_pod_container_resource_requests_cpu_cores{%(kubeStateMetricsSelector)s} - ) * on(namespace, pod) group_left() max by (namespace, pod) ( + sum by (namespace, cluster) ( + sum by (namespace, pod, cluster) ( + max by (namespace, pod, container, cluster) ( + kube_pod_container_resource_requests{resource="cpu",%(kubeStateMetricsSelector)s} + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ) diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/kube_apiserver.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/kube_apiserver.libsonnet index 31dc44e..7b356f3 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/kube_apiserver.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/kube_apiserver.libsonnet @@ -219,12 +219,18 @@ verb: 'write', }, }, - ] + [ { record: 'code_verb:apiserver_request_total:increase%s' % SLODays, expr: ||| - sum by (code, verb) (increase(apiserver_request_total{%s,verb="%s",code=~"%s"}[%s])) - ||| % [$._config.kubeApiserverSelector, verb, code, SLODays], + avg_over_time(code_verb:apiserver_request_total:increase1h[%s]) * 24 * %d + ||| % [SLODays, $._config.SLOs.apiserver.days], + }, + ] + [ + { + record: 'code_verb:apiserver_request_total:increase1h', + expr: ||| + sum by (code, verb) (increase(apiserver_request_total{%s,verb="%s",code=~"%s"}[1h])) + ||| % [$._config.kubeApiserverSelector, verb, code], } for code in ['2..', '3..', '4..', '5..'] for verb in ['LIST', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE'] diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/node.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/node.libsonnet index 6928770..74bbaf6 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/node.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/node.libsonnet @@ -33,7 +33,7 @@ count by (%(clusterLabel)s, node) (sum by (node, cpu) ( node_cpu_seconds_total{%(nodeExporterSelector)s} * on (namespace, %(podLabel)s) group_left(node) - node_namespace_pod:kube_pod_info: + topk by(namespace, %(podLabel)s) (1, node_namespace_pod:kube_pod_info:) )) ||| % $._config, }, diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/windows.libsonnet b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/windows.libsonnet index b3964e0..740a544 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/windows.libsonnet +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/rules/windows.libsonnet @@ -159,16 +159,16 @@ { record: ':windows_node_net_saturation:sum_irate', expr: ||| - sum(irate(windows_net_packets_received_discarded{%(wmiExporterSelector)s}[1m])) + - sum(irate(windows_net_packets_outbound_discarded{%(wmiExporterSelector)s}[1m])) + sum(irate(windows_net_packets_received_discarded_total{%(wmiExporterSelector)s}[1m])) + + sum(irate(windows_net_packets_outbound_discarded_total{%(wmiExporterSelector)s}[1m])) ||| % $._config, }, { record: 'node:windows_node_net_saturation:sum_irate', expr: ||| sum by (instance) ( - (irate(windows_net_packets_received_discarded{%(wmiExporterSelector)s}[1m]) + - irate(windows_net_packets_outbound_discarded{%(wmiExporterSelector)s}[1m])) + (irate(windows_net_packets_received_discarded_total{%(wmiExporterSelector)s}[1m]) + + irate(windows_net_packets_outbound_discarded_total{%(wmiExporterSelector)s}[1m])) ) ||| % $._config, }, @@ -178,7 +178,7 @@ name: 'windows.pod.rules', rules: [ { - record: 'windows_container_available', + record: 'windows_pod_container_available', expr: ||| windows_container_available{%(wmiExporterSelector)s} * on(container_id) group_left(container, pod, namespace) max(kube_pod_container_info{%(kubeStateMetricsSelector)s}) by(container, container_id, pod, namespace) ||| % $._config, @@ -216,25 +216,29 @@ { record: 'kube_pod_windows_container_resource_memory_request', expr: ||| - kube_pod_container_resource_requests_memory_bytes {%(kubeStateMetricsSelector)s} * on(container,pod,namespace) (windows_container_available) + max by (namespace, pod, container) ( + kube_pod_container_resource_requests{resource="memory",%(kubeStateMetricsSelector)s} + ) * on(container,pod,namespace) (windows_pod_container_available) ||| % $._config, }, { record: 'kube_pod_windows_container_resource_memory_limit', expr: ||| - kube_pod_container_resource_limits_memory_bytes {%(kubeStateMetricsSelector)s} * on(container,pod,namespace) (windows_container_available) + kube_pod_container_resource_limits{resource="memory",%(kubeStateMetricsSelector)s} * on(container,pod,namespace) (windows_pod_container_available) ||| % $._config, }, { record: 'kube_pod_windows_container_resource_cpu_cores_request', expr: ||| - kube_pod_container_resource_requests_cpu_cores {%(kubeStateMetricsSelector)s} * on(container,pod,namespace) (windows_container_available) + max by (namespace, pod, container) ( + kube_pod_container_resource_requests{resource="cpu",%(kubeStateMetricsSelector)s} + ) * on(container,pod,namespace) (windows_pod_container_available) ||| % $._config, }, { record: 'kube_pod_windows_container_resource_cpu_cores_limit', expr: ||| - kube_pod_container_resource_limits_cpu_cores {%(kubeStateMetricsSelector)s} * on(container,pod,namespace) (windows_container_available) + kube_pod_container_resource_limits{resource="cpu",%(kubeStateMetricsSelector)s} * on(container,pod,namespace) (windows_pod_container_available) ||| % $._config, }, { diff --git a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/runbook.md b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/runbook.md index e8725a6..e7894ba 100644 --- a/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/runbook.md +++ b/monitoring/vendor/github.com/kubernetes-monitoring/kubernetes-mixin/runbook.md @@ -27,25 +27,25 @@ This page collects this repositories alerts and begins the process of describing ### Group Name: kubernetes-apps ##### Alert Name: KubePodCrashLooping + *Message*: `{{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf \"%.2f\" $value }} / second` -+ *Severity*: critical ++ *Severity*: warning ##### Alert Name: "KubePodNotReady" + *Message*: `{{ $labels.namespace }}/{{ $labels.pod }} is not ready.` -+ *Severity*: critical ++ *Severity*: warning ##### Alert Name: "KubeDeploymentGenerationMismatch" + *Message*: `Deployment {{ $labels.namespace }}/{{ $labels.deployment }} generation mismatch` -+ *Severity*: critical ++ *Severity*: warning ##### Alert Name: "KubeDeploymentReplicasMismatch" + *Message*: `Deployment {{ $labels.namespace }}/{{ $labels.deployment }} replica mismatch` -+ *Severity*: critical ++ *Severity*: warning ##### Alert Name: "KubeStatefulSetReplicasMismatch" + *Message*: `StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} replica mismatch` -+ *Severity*: critical ++ *Severity*: warning ##### Alert Name: "KubeStatefulSetGenerationMismatch" + *Message*: `StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} generation mismatch` -+ *Severity*: critical ++ *Severity*: warning ##### Alert Name: "KubeDaemonSetRolloutStuck" + *Message*: `Only {{$value | humanizePercentage }} of desired pods scheduled and ready for daemon set {{$labels.namespace}}/{{$labels.daemonset}}` -+ *Severity*: critical ++ *Severity*: warning ##### Alert Name: "KubeContainerWaiting" + *Message*: `{{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is in waiting state.` + *Severity*: warning @@ -69,16 +69,16 @@ This page collects this repositories alerts and begins the process of describing ### Group Name: "kubernetes-resources" ##### Alert Name: "KubeCPUOvercommit" -+ *Message*: `Overcommited CPU resource requests on Pods, cannot tolerate node failure.` ++ *Message*: `Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure.` + *Severity*: warning ##### Alert Name: "KubeMemOvercommit" -+ *Message*: `Overcommited Memory resource requests on Pods, cannot tolerate node failure.` ++ *Message*: `Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure.` + *Severity*: warning -##### Alert Name: "KubeCPUOvercommit" -+ *Message*: `Overcommited CPU resource request quota on Namespaces.` +##### Alert Name: "KubeCPUQuotaOvercommit" ++ *Message*: `Cluster has overcommitted CPU resource requests for Namespaces.` + *Severity*: warning -##### Alert Name: "KubeMemOvercommit" -+ *Message*: `Overcommited Memory resource request quota on Namespaces.` +##### Alert Name: "KubeMemQuotaOvercommit" ++ *Message*: `Cluster has overcommitted memory resource requests for Namespaces.` + *Severity*: warning ##### Alert Name: "KubeQuotaAlmostFull" + *Message*: `{{ $value | humanizePercentage }} usage of {{ $labels.resource }} in namespace {{ $labels.namespace }}.` @@ -118,6 +118,10 @@ This page collects this repositories alerts and begins the process of describing ##### Alert Name: "KubeClientCertificateExpiration" + *Message*: `A client certificate used to authenticate to the apiserver is expiring in less than 1 day.` + *Severity*: critical +##### Alert Name: "KubeAPITerminatedRequests" ++ *Message*: `The apiserver has terminated {{ $value | humanizePercentage }} of its incoming requests.` ++ *Severity*: warning ++ *Action*: Use the `apiserver_flowcontrol_rejected_requests_total` metric to determine which flow schema is throttling the traffic to the API Server. The flow schema also provides information on the affected resources and subjects. ## Other Kubernetes Runbooks and troubleshooting + [Troubleshoot Clusters ](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-cluster/) diff --git a/monitoring/vendor/github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/jsonnetfile.json b/monitoring/vendor/github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/jsonnetfile.json index d31ac11..677d981 100644 --- a/monitoring/vendor/github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/jsonnetfile.json +++ b/monitoring/vendor/github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/jsonnetfile.json @@ -1,14 +1,3 @@ { - "dependencies": [ - { - "name": "ksonnet", - "source": { - "git": { - "remote": "https://github.com/ksonnet/ksonnet-lib", - "subdir": "" - } - }, - "version": "master" - } - ] + "dependencies": [] } diff --git a/monitoring/vendor/github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet b/monitoring/vendor/github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet index 0f545fc..5b67a1a 100644 --- a/monitoring/vendor/github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet +++ b/monitoring/vendor/github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet @@ -1,5 +1,3 @@ -local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; - { local ksm = self, name:: error 'must set namespace', @@ -9,7 +7,7 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; commonLabels:: { 'app.kubernetes.io/name': 'kube-state-metrics', - 'app.kubernetes.io/version': 'v' + ksm.version, + 'app.kubernetes.io/version': ksm.version, }, podLabels:: { @@ -19,237 +17,292 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; }, clusterRoleBinding: - local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; - - clusterRoleBinding.new() + - clusterRoleBinding.mixin.metadata.withName(ksm.name) + - clusterRoleBinding.mixin.metadata.withLabels(ksm.commonLabels) + - clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - clusterRoleBinding.mixin.roleRef.withName(ksm.name) + - clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + - clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: ksm.name, namespace: ksm.namespace }]), + { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: ksm.name, + labels: ksm.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: ksm.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: ksm.name, + namespace: ksm.namespace, + }], + }, clusterRole: - local clusterRole = k.rbac.v1.clusterRole; - local rulesType = clusterRole.rulesType; - local rules = [ - rulesType.new() + - rulesType.withApiGroups(['']) + - rulesType.withResources([ - 'configmaps', - 'secrets', - 'nodes', - 'pods', - 'services', - 'resourcequotas', - 'replicationcontrollers', - 'limitranges', - 'persistentvolumeclaims', - 'persistentvolumes', - 'namespaces', - 'endpoints', - ]) + - rulesType.withVerbs(['list', 'watch']), - - rulesType.new() + - rulesType.withApiGroups(['extensions']) + - rulesType.withResources([ - 'daemonsets', - 'deployments', - 'replicasets', - 'ingresses', - ]) + - rulesType.withVerbs(['list', 'watch']), - - rulesType.new() + - rulesType.withApiGroups(['apps']) + - rulesType.withResources([ - 'statefulsets', - 'daemonsets', - 'deployments', - 'replicasets', - ]) + - rulesType.withVerbs(['list', 'watch']), - - rulesType.new() + - rulesType.withApiGroups(['batch']) + - rulesType.withResources([ - 'cronjobs', - 'jobs', - ]) + - rulesType.withVerbs(['list', 'watch']), - - rulesType.new() + - rulesType.withApiGroups(['autoscaling']) + - rulesType.withResources([ - 'horizontalpodautoscalers', - ]) + - rulesType.withVerbs(['list', 'watch']), - - rulesType.new() + - rulesType.withApiGroups(['authentication.k8s.io']) + - rulesType.withResources([ - 'tokenreviews', - ]) + - rulesType.withVerbs(['create']), - - rulesType.new() + - rulesType.withApiGroups(['authorization.k8s.io']) + - rulesType.withResources([ - 'subjectaccessreviews', - ]) + - rulesType.withVerbs(['create']), - - rulesType.new() + - rulesType.withApiGroups(['policy']) + - rulesType.withResources([ - 'poddisruptionbudgets', - ]) + - rulesType.withVerbs(['list', 'watch']), - - rulesType.new() + - rulesType.withApiGroups(['certificates.k8s.io']) + - rulesType.withResources([ - 'certificatesigningrequests', - ]) + - rulesType.withVerbs(['list', 'watch']), - - rulesType.new() + - rulesType.withApiGroups(['storage.k8s.io']) + - rulesType.withResources([ - 'storageclasses', - 'volumeattachments', - ]) + - rulesType.withVerbs(['list', 'watch']), - - rulesType.new() + - rulesType.withApiGroups(['admissionregistration.k8s.io']) + - rulesType.withResources([ - 'mutatingwebhookconfigurations', - 'validatingwebhookconfigurations', - ]) + - rulesType.withVerbs(['list', 'watch']), - - rulesType.new() + - rulesType.withApiGroups(['networking.k8s.io']) + - rulesType.withResources([ - 'networkpolicies', - ]) + - rulesType.withVerbs(['list', 'watch']), + { + apiGroups: [''], + resources: [ + 'configmaps', + 'secrets', + 'nodes', + 'pods', + 'services', + 'resourcequotas', + 'replicationcontrollers', + 'limitranges', + 'persistentvolumeclaims', + 'persistentvolumes', + 'namespaces', + 'endpoints', + ], + verbs: ['list', 'watch'], + }, + { + apiGroups: ['apps'], + resources: [ + 'statefulsets', + 'daemonsets', + 'deployments', + 'replicasets', + ], + verbs: ['list', 'watch'], + }, + { + apiGroups: ['batch'], + resources: [ + 'cronjobs', + 'jobs', + ], + verbs: ['list', 'watch'], + }, + { + apiGroups: ['autoscaling'], + resources: [ + 'horizontalpodautoscalers', + ], + verbs: ['list', 'watch'], + }, + { + apiGroups: ['authentication.k8s.io'], + resources: [ + 'tokenreviews', + ], + verbs: ['create'], + }, + { + apiGroups: ['authorization.k8s.io'], + resources: [ + 'subjectaccessreviews', + ], + verbs: ['create'], + }, + { + apiGroups: ['policy'], + resources: [ + 'poddisruptionbudgets', + ], + verbs: ['list', 'watch'], + }, + { + apiGroups: ['certificates.k8s.io'], + resources: [ + 'certificatesigningrequests', + ], + verbs: ['list', 'watch'], + }, + { + apiGroups: ['storage.k8s.io'], + resources: [ + 'storageclasses', + 'volumeattachments', + ], + verbs: ['list', 'watch'], + }, + { + apiGroups: ['admissionregistration.k8s.io'], + resources: [ + 'mutatingwebhookconfigurations', + 'validatingwebhookconfigurations', + ], + verbs: ['list', 'watch'], + }, + { + apiGroups: ['networking.k8s.io'], + resources: [ + 'networkpolicies', + 'ingresses', + ], + verbs: ['list', 'watch'], + }, + { + apiGroups: ['coordination.k8s.io'], + resources: [ + 'leases', + ], + verbs: ['list', 'watch'], + }, ]; - clusterRole.new() + - clusterRole.mixin.metadata.withName(ksm.name) + - clusterRole.mixin.metadata.withLabels(ksm.commonLabels) + - clusterRole.withRules(rules), + { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: ksm.name, + labels: ksm.commonLabels, + }, + rules: rules, + }, deployment: - local deployment = k.apps.v1.deployment; - local container = deployment.mixin.spec.template.spec.containersType; - local volume = deployment.mixin.spec.template.spec.volumesType; - local containerPort = container.portsType; - local containerVolumeMount = container.volumeMountsType; - local podSelector = deployment.mixin.spec.template.spec.selectorType; + local c = { + name: 'kube-state-metrics', + image: ksm.image, + ports: [ + { name: 'http-metrics', containerPort: 8080 }, + { name: 'telemetry', containerPort: 8081 }, + ], + securityContext: { runAsUser: 65534 }, + livenessProbe: { timeoutSeconds: 5, initialDelaySeconds: 5, httpGet: { + port: 8080, + path: '/healthz', + } }, + readinessProbe: { timeoutSeconds: 5, initialDelaySeconds: 5, httpGet: { + port: 8081, + path: '/', + } }, + }; - local c = - container.new('kube-state-metrics', ksm.image) + - container.withPorts([ - containerPort.newNamed(8080, 'http-metrics'), - containerPort.newNamed(8081, 'telemetry'), - ]) + - container.mixin.livenessProbe.httpGet.withPath('/healthz') + - container.mixin.livenessProbe.httpGet.withPort(8080) + - container.mixin.livenessProbe.withInitialDelaySeconds(5) + - container.mixin.livenessProbe.withTimeoutSeconds(5) + - container.mixin.readinessProbe.httpGet.withPath('/') + - container.mixin.readinessProbe.httpGet.withPort(8081) + - container.mixin.readinessProbe.withInitialDelaySeconds(5) + - container.mixin.readinessProbe.withTimeoutSeconds(5); - - deployment.new(ksm.name, 1, c, ksm.commonLabels) + - deployment.mixin.metadata.withNamespace(ksm.namespace) + - deployment.mixin.metadata.withLabels(ksm.commonLabels) + - deployment.mixin.spec.selector.withMatchLabels(ksm.podLabels) + - deployment.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) + - deployment.mixin.spec.template.spec.withServiceAccountName(ksm.name), + { + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: ksm.name, + namespace: ksm.namespace, + labels: ksm.commonLabels, + }, + spec: { + replicas: 1, + selector: { matchLabels: ksm.podLabels }, + template: { + metadata: { + labels: ksm.commonLabels, + }, + spec: { + containers: [c], + serviceAccountName: ksm.serviceAccount.metadata.name, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + }, + }, + }, + }, serviceAccount: - local serviceAccount = k.core.v1.serviceAccount; - - serviceAccount.new(ksm.name) + - serviceAccount.mixin.metadata.withNamespace(ksm.namespace) + - serviceAccount.mixin.metadata.withLabels(ksm.commonLabels), + { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: ksm.name, + namespace: ksm.namespace, + labels: ksm.commonLabels, + }, + }, service: - local service = k.core.v1.service; - local servicePort = service.mixin.spec.portsType; - - local ksmServicePortMain = servicePort.newNamed('http-metrics', 8080, 'http-metrics'); - local ksmServicePortSelf = servicePort.newNamed('telemetry', 8081, 'telemetry'); - - service.new(ksm.name, ksm.podLabels, [ksmServicePortMain, ksmServicePortSelf]) + - service.mixin.metadata.withNamespace(ksm.namespace) + - service.mixin.metadata.withLabels(ksm.commonLabels) + - service.mixin.spec.withClusterIp('None'), + { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: ksm.name, + namespace: ksm.namespace, + labels: ksm.commonLabels, + }, + spec: { + clusterIP: 'None', + selector: ksm.podLabels, + ports: [ + { name: 'http-metrics', port: 8080, targetPort: 'http-metrics' }, + { name: 'telemetry', port: 8081, targetPort: 'telemetry' }, + ], + }, + }, autosharding:: { role: - local role = k.rbac.v1.role; - local rulesType = role.rulesType; - - local rules = [ - rulesType.new() + - rulesType.withApiGroups(['']) + - rulesType.withResources(['pods']) + - rulesType.withVerbs(['get']), - rulesType.new() + - rulesType.withApiGroups(['apps']) + - rulesType.withResources(['statefulsets']) + - rulesType.withResourceNames([ksm.name]) + - rulesType.withVerbs(['get']), - ]; - - role.new() + - role.mixin.metadata.withName(ksm.name) + - role.mixin.metadata.withNamespace(ksm.namespace) + - role.mixin.metadata.withLabels(ksm.commonLabels) + - role.withRules(rules), + { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: ksm.name, + namespace: ksm.namespace, + labels: ksm.commonLabels, + }, + rules: [{ + apiGroups: [''], + resources: ['pods'], + verbs: ['get'], + }, { + apiGroups: ['apps'], + resourceNames: ['kube-state-metrics'], + resources: ['statefulsets'], + verbs: ['get'], + }], + }, roleBinding: - local roleBinding = k.rbac.v1.roleBinding; - - roleBinding.new() + - roleBinding.mixin.metadata.withName(ksm.name) + - roleBinding.mixin.metadata.withLabels(ksm.commonLabels) + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName(ksm.name) + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: ksm.name }]), + { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: ksm.name, + namespace: ksm.namespace, + labels: ksm.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'kube-state-metrics', + }, + subjects: [{ + kind: 'ServiceAccount', + name: ksm.serviceAccount.metadata.name, + }], + }, statefulset: - local statefulset = k.apps.v1.statefulSet; - local container = statefulset.mixin.spec.template.spec.containersType; - local containerEnv = container.envType; + // extending the default container from above + local c = ksm.deployment.spec.template.spec.containers[0] { + args: [ + '--pod=$(POD_NAME)', + '--pod-namespace=$(POD_NAMESPACE)', + ], + env: [ + { name: 'POD_NAME', valueFrom: { fieldRef: { fieldPath: 'metadata.name' } } }, + { name: 'POD_NAMESPACE', valueFrom: { fieldRef: { fieldPath: 'metadata.namespace' } } }, + ], + }; - local c = ksm.deployment.spec.template.spec.containers[0] + - container.withArgs([ - '--pod=$(POD_NAME)', - '--pod-namespace=$(POD_NAMESPACE)', - ]) + - container.withEnv([ - containerEnv.new('POD_NAME') + - containerEnv.mixin.valueFrom.fieldRef.withFieldPath('metadata.name'), - containerEnv.new('POD_NAMESPACE') + - containerEnv.mixin.valueFrom.fieldRef.withFieldPath('metadata.namespace'), - ]); - - statefulset.new(ksm.name, 2, c, [], ksm.commonLabels) + - statefulset.mixin.metadata.withNamespace(ksm.namespace) + - statefulset.mixin.metadata.withLabels(ksm.commonLabels) + - statefulset.mixin.spec.withServiceName(ksm.service.metadata.name) + - statefulset.mixin.spec.selector.withMatchLabels(ksm.podLabels) + - statefulset.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) + - statefulset.mixin.spec.template.spec.withServiceAccountName(ksm.name), + { + apiVersion: 'apps/v1', + kind: 'StatefulSet', + metadata: { + name: ksm.name, + namespace: ksm.namespace, + labels: ksm.commonLabels, + }, + spec: { + replicas: 2, + selector: { matchLabels: ksm.podLabels }, + serviceName: ksm.service.metadata.name, + template: { + metadata: { + labels: ksm.commonLabels, + }, + spec: { + containers: [c], + serviceAccountName: ksm.serviceAccount.metadata.name, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + }, + }, + }, + }, } + { service: ksm.service, serviceAccount: ksm.serviceAccount, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-all-namespaces.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-all-namespaces.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet new file mode 100644 index 0000000..f71c458 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet @@ -0,0 +1,99 @@ +{ + values+:: { + alertmanager+: { + podAntiAffinity: 'soft', + podAntiAffinityTopologyKey: 'kubernetes.io/hostname', + }, + prometheus+: { + podAntiAffinity: 'soft', + podAntiAffinityTopologyKey: 'kubernetes.io/hostname', + }, + blackboxExporter+: { + podAntiAffinity: 'soft', + podAntiAffinityTopologyKey: 'kubernetes.io/hostname', + }, + prometheusAdapter+: { + podAntiAffinity: 'soft', + podAntiAffinityTopologyKey: 'kubernetes.io/hostname', + }, + }, + + antiaffinity(labelSelector, namespace, type, topologyKey): { + local podAffinityTerm = { + namespaces: [namespace], + topologyKey: topologyKey, + labelSelector: { + matchLabels: labelSelector, + }, + }, + + affinity: { + podAntiAffinity: if type == 'soft' then { + preferredDuringSchedulingIgnoredDuringExecution: [{ + weight: 100, + podAffinityTerm: podAffinityTerm, + }], + } else if type == 'hard' then { + requiredDuringSchedulingIgnoredDuringExecution: [ + podAffinityTerm, + ], + } else error 'podAntiAffinity must be either "soft" or "hard"', + }, + }, + + alertmanager+: { + alertmanager+: { + spec+: + $.antiaffinity( + $.alertmanager._config.selectorLabels, + $.values.common.namespace, + $.values.alertmanager.podAntiAffinity, + $.values.alertmanager.podAntiAffinityTopologyKey, + ), + }, + }, + + prometheus+: { + prometheus+: { + spec+: + $.antiaffinity( + $.prometheus._config.selectorLabels, + $.values.common.namespace, + $.values.prometheus.podAntiAffinity, + $.values.prometheus.podAntiAffinityTopologyKey, + ), + }, + }, + + blackboxExporter+: { + deployment+: { + spec+: { + template+: { + spec+: + $.antiaffinity( + $.blackboxExporter._config.selectorLabels, + $.values.common.namespace, + $.values.blackboxExporter.podAntiAffinity, + $.values.blackboxExporter.podAntiAffinityTopologyKey, + ), + }, + }, + }, + }, + + prometheusAdapter+: { + deployment+: { + spec+: { + template+: { + spec+: + $.antiaffinity( + $.prometheusAdapter._config.selectorLabels, + $.values.common.namespace, + $.values.prometheusAdapter.podAntiAffinity, + $.values.prometheusAdapter.podAntiAffinityTopologyKey, + ), + }, + }, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/config-mixins.libsonnet similarity index 55% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/config-mixins.libsonnet index ff8fd29..79f2504 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/config-mixins.libsonnet @@ -1,4 +1,18 @@ -local l = import 'lib/lib.libsonnet'; +local imageName(image) = + local parts = std.split(image, '/'); + local len = std.length(parts); + if len == 3 then + // registry.com/org/image + parts[2] + else if len == 2 then + // org/image + parts[1] + else if len == 1 then + // image, ie. busybox + parts[0] + else + error 'unknown image format: ' + image; + // withImageRepository is a mixin that replaces all images prefixes by repository. eg. // quay.io/coreos/addon-resizer -> $repository/addon-resizer @@ -6,8 +20,8 @@ local l = import 'lib/lib.libsonnet'; local withImageRepository(repository) = { local oldRepos = super._config.imageRepos, local substituteRepository(image, repository) = - if repository == null then image else repository + '/' + l.imageName(image), - _config+:: { + if repository == null then image else repository + '/' + imageName(image), + values+:: { imageRepos:: { [field]: substituteRepository(oldRepos[field], repository) for field in std.objectFields(oldRepos) diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-custom-metrics.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet similarity index 94% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-custom-metrics.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet index d98b133..06e9c5a 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-custom-metrics.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet @@ -2,9 +2,9 @@ // For more details on usage visit https://github.com/DirectXMan12/k8s-prometheus-adapter#quick-links { - _config+:: { - prometheusAdapter+:: { - namespace: $._config.namespace, + values+:: { + prometheusAdapter+: { + namespace: $.values.common.namespace, // Rules for custom-metrics config+:: { rules+: [ @@ -78,7 +78,7 @@ }, }, - prometheusAdapter+:: { + prometheusAdapter+: { customMetricsApiService: { apiVersion: 'apiregistration.k8s.io/v1', kind: 'APIService', @@ -88,7 +88,7 @@ spec: { service: { name: $.prometheusAdapter.service.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }, group: 'custom.metrics.k8s.io', version: 'v1beta1', @@ -106,7 +106,7 @@ spec: { service: { name: $.prometheusAdapter.service.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }, group: 'custom.metrics.k8s.io', version: 'v1beta2', @@ -141,7 +141,7 @@ subjects: [{ kind: 'ServiceAccount', name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }], }, customMetricsClusterRoleBindingHPA: { diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-external-metrics.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/external-metrics.libsonnet similarity index 91% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-external-metrics.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/external-metrics.libsonnet index abe35b0..928d29e 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-external-metrics.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/external-metrics.libsonnet @@ -2,9 +2,9 @@ // For more details on usage visit https://github.com/DirectXMan12/k8s-prometheus-adapter#quick-links { - _config+:: { - prometheusAdapter+:: { - namespace: $._config.namespace, + values+:: { + prometheusAdapter+: { + namespace: $.values.common.namespace, // Rules for external-metrics config+:: { externalRules+: [ @@ -24,7 +24,7 @@ }, }, - prometheusAdapter+:: { + prometheusAdapter+: { externalMetricsApiService: { apiVersion: 'apiregistration.k8s.io/v1', kind: 'APIService', @@ -34,7 +34,7 @@ spec: { service: { name: $.prometheusAdapter.service.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }, group: 'external.metrics.k8s.io', version: 'v1beta1', @@ -70,7 +70,7 @@ subjects: [{ kind: 'ServiceAccount', name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }], }, externalMetricsClusterRoleBindingHPA: { diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet similarity index 98% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet index 73d0b9d..ab6f294 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet @@ -1,5 +1,5 @@ { - prometheus+:: { + prometheus+: { serviceMonitorKubelet+: { spec+: { diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet similarity index 69% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet index 88154ac..fa2caf0 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet @@ -1,14 +1,15 @@ { - _config+:: { - versions+:: { clusterVerticalAutoscaler: '0.8.1' }, - imageRepos+:: { clusterVerticalAutoscaler: 'gcr.io/google_containers/cpvpa-amd64' }, - - kubeStateMetrics+:: { + values+:: { + clusterVerticalAutoscaler: { + version: '0.8.1', + image: 'gcr.io/google_containers/cpvpa-amd64:v0.8.1', + baseCPU: '1m', stepCPU: '1m', + baseMemory: '1Mi', stepMemory: '2Mi', }, }, - ksmAutoscaler+:: { + ksmAutoscaler+: { clusterRole: { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRole', @@ -29,7 +30,7 @@ kind: 'ClusterRole', name: 'ksm-autoscaler', }, - subjects: [{ kind: 'ServiceAccount', name: 'ksm-autoscaler', namespace: $._config.namespace }], + subjects: [{ kind: 'ServiceAccount', name: 'ksm-autoscaler', namespace: $.values.common.namespace }], }, roleBinding: { @@ -37,7 +38,7 @@ kind: 'RoleBinding', metadata: { name: 'ksm-autoscaler', - namespace: $._config.namespace, + namespace: $.values.common.namespace, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -52,7 +53,7 @@ kind: 'Role', metadata: { name: 'ksm-autoscaler', - namespace: $._config.namespace, + namespace: $.values.common.namespace, }, rules: [ { @@ -75,7 +76,7 @@ kind: 'ServiceAccount', metadata: { name: 'ksm-autoscaler', - namespace: $._config.namespace, + namespace: $.values.common.namespace, }, }, @@ -83,14 +84,21 @@ local podLabels = { app: 'ksm-autoscaler' }; local c = { name: 'ksm-autoscaler', - image: $._config.imageRepos.clusterVerticalAutoscaler + ':v' + $._config.versions.clusterVerticalAutoscaler, + image: $.values.clusterVerticalAutoscaler.image, args: [ '/cpvpa', '--target=deployment/kube-state-metrics', - '--namespace=' + $._config.namespace, + '--namespace=' + $.values.common.namespace, '--logtostderr=true', '--poll-period-seconds=10', - '--default-config={"kube-state-metrics":{"requests":{"cpu":{"base":"' + $._config.kubeStateMetrics.baseCPU + '","step":"' + $._config.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $._config.kubeStateMetrics.baseMemory + '","step":"' + $._config.kubeStateMetrics.stepMemory + '","nodesPerStep":1}},"limits":{"cpu":{"base":"' + $._config.kubeStateMetrics.baseCPU + '","step":"' + $._config.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $._config.kubeStateMetrics.baseMemory + '","step":"' + $._config.kubeStateMetrics.stepMemory + '","nodesPerStep":1}}}}', + '--default-config={"kube-state-metrics":{"requests":{"cpu":{"base":"' + $.values.clusterVerticalAutoscaler.baseCPU + + '","step":"' + $.values.clusterVerticalAutoscaler.stepCPU + + '","nodesPerStep":1},"memory":{"base":"' + $.values.clusterVerticalAutoscaler.baseMemory + + '","step":"' + $.values.clusterVerticalAutoscaler.stepMemory + + '","nodesPerStep":1}},"limits":{"cpu":{"base":"' + $.values.clusterVerticalAutoscaler.baseCPU + + '","step":"' + $.values.clusterVerticalAutoscaler.stepCPU + + '","nodesPerStep":1},"memory":{"base":"' + $.values.clusterVerticalAutoscaler.baseMemory + + '","step":"' + $.values.clusterVerticalAutoscaler.stepMemory + '","nodesPerStep":1}}}}', ], resources: { requests: { cpu: '20m', memory: '10Mi' }, @@ -102,7 +110,7 @@ kind: 'Deployment', metadata: { name: 'ksm-autoscaler', - namespace: $._config.namespace, + namespace: $.values.common.namespace, labels: podLabels, }, spec: { diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet new file mode 100644 index 0000000..18791e1 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet @@ -0,0 +1,39 @@ +local addArgs(args, name, containers) = std.map( + function(c) if c.name == name then + c { + args+: args, + } + else c, + containers, +); + +{ + kubeStateMetrics+: { + deployment+: { + spec+: { + template+: { + spec+: { + containers: addArgs( + [||| + --metric-denylist= + kube_*_created, + kube_*_metadata_resource_version, + kube_replicaset_metadata_generation, + kube_replicaset_status_observed_generation, + kube_pod_restart_policy, + kube_pod_init_container_status_terminated, + kube_pod_init_container_status_running, + kube_pod_container_status_terminated, + kube_pod_container_status_running, + kube_pod_completion_time, + kube_pod_status_scheduled + |||], + 'kube-state-metrics', + super.containers + ), + }, + }, + }, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet new file mode 100644 index 0000000..79c464a --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet @@ -0,0 +1,20 @@ +// On managed Kubernetes clusters some of the control plane components are not exposed to customers. +// Disable scrape jobs, service monitors, and alert groups for these components by overwriting 'main.libsonnet' defaults + +{ + kubernetesControlPlane+: { + serviceMonitorKubeControllerManager:: null, + serviceMonitorKubeScheduler:: null, + } + { + prometheusRule+: { + spec+: { + local g = super.groups, + groups: [ + h + for h in g + if !std.setMember(h.name, ['kubernetes-system-controller-manager', 'kubernetes-system-scheduler']) + ], + }, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/node-ports.libsonnet similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/node-ports.libsonnet diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet new file mode 100644 index 0000000..838db3b --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -0,0 +1,260 @@ +local restrictedPodSecurityPolicy = { + apiVersion: 'policy/v1beta1', + kind: 'PodSecurityPolicy', + metadata: { + name: 'kube-prometheus-restricted', + }, + spec: { + privileged: false, + // Required to prevent escalations to root. + allowPrivilegeEscalation: false, + // This is redundant with non-root + disallow privilege escalation, + // but we can provide it for defense in depth. + requiredDropCapabilities: ['ALL'], + // Allow core volume types. + volumes: [ + 'configMap', + 'emptyDir', + 'secret', + // Assume that persistentVolumes set up by the cluster admin are safe to use. + 'persistentVolumeClaim', + ], + hostNetwork: false, + hostIPC: false, + hostPID: false, + runAsUser: { + // Require the container to run without root privileges. + rule: 'MustRunAsNonRoot', + }, + seLinux: { + // This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny', + }, + supplementalGroups: { + rule: 'MustRunAs', + ranges: [{ + // Forbid adding the root group. + min: 1, + max: 65535, + }], + }, + fsGroup: { + rule: 'MustRunAs', + ranges: [{ + // Forbid adding the root group. + min: 1, + max: 65535, + }], + }, + readOnlyRootFilesystem: false, + }, +}; + +{ + restrictedPodSecurityPolicy: restrictedPodSecurityPolicy, + + alertmanager+: { + role: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'alertmanager-' + $.values.alertmanager.name, + namespace: $.values.common.namespace, + }, + rules: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + + roleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'alertmanager-' + $.values.alertmanager.name, + namespace: $.values.common.namespace, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'alertmanager-' + $.values.alertmanager.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'alertmanager-' + $.values.alertmanager.name, + namespace: $.values.alertmanager.namespace, + }], + }, + }, + + blackboxExporter+: { + clusterRole+: { + rules+: [ + { + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: ['blackbox-exporter-psp'], + }, + ], + }, + + podSecurityPolicy: + local blackboxExporterPspPrivileged = + if $.blackboxExporter._config.privileged then + { + metadata+: { + name: 'blackbox-exporter-psp', + }, + spec+: { + privileged: true, + allowedCapabilities: ['NET_RAW'], + runAsUser: { + rule: 'RunAsAny', + }, + }, + } + else + {}; + + restrictedPodSecurityPolicy + blackboxExporterPspPrivileged, + }, + + grafana+: { + role: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'grafana', + namespace: $.values.common.namespace, + }, + rules: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + + roleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'grafana', + namespace: $.values.common.namespace, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'grafana', + }, + subjects: [{ + kind: 'ServiceAccount', + name: $.grafana.serviceAccount.metadata.name, + namespace: $.grafana.serviceAccount.metadata.namespace, + }], + }, + }, + + kubeStateMetrics+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: ['kube-state-metrics-psp'], + }], + }, + + podSecurityPolicy: restrictedPodSecurityPolicy { + metadata+: { + name: 'kube-state-metrics-psp', + }, + spec+: { + runAsUser: { + rule: 'RunAsAny', + }, + }, + }, + }, + + nodeExporter+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: ['node-exporter-psp'], + }], + }, + + podSecurityPolicy: restrictedPodSecurityPolicy { + metadata+: { + name: 'node-exporter-psp', + }, + spec+: { + allowedHostPaths+: [ + { + pathPrefix: '/proc', + readOnly: true, + }, + { + pathPrefix: '/sys', + readOnly: true, + }, + { + pathPrefix: '/', + readOnly: true, + }, + ], + hostNetwork: true, + hostPID: true, + hostPorts: [ + { + max: $.nodeExporter._config.port, + min: $.nodeExporter._config.port, + }, + ], + readOnlyRootFilesystem: true, + volumes+: [ + 'hostPath', + ], + }, + }, + }, + + prometheusAdapter+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + }, + + prometheusOperator+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + }, + + prometheus+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/static-etcd.libsonnet similarity index 73% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/static-etcd.libsonnet index 2994023..4f11a07 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/static-etcd.libsonnet @@ -1,5 +1,5 @@ -(import 'github.com/etcd-io/etcd/Documentation/etcd-mixin/mixin.libsonnet') + { - _config+:: { +(import 'github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet') + { + values+:: { etcd: { ips: [], clientCA: null, @@ -9,14 +9,14 @@ insecureSkipVerify: null, }, }, - prometheus+:: { + prometheus+: { serviceEtcd: { apiVersion: 'v1', kind: 'Service', metadata: { name: 'etcd', namespace: 'kube-system', - labels: { 'k8s-app': 'etcd' }, + labels: { 'app.kubernetes.io/name': 'etcd' }, }, spec: { ports: [ @@ -31,12 +31,12 @@ metadata: { name: 'etcd', namespace: 'kube-system', - labels: { 'k8s-app': 'etcd' }, + labels: { 'app.kubernetes.io/name': 'etcd' }, }, subsets: [{ addresses: [ { ip: etcdIP } - for etcdIP in $._config.etcd.ips + for etcdIP in $.values.etcd.ips ], ports: [ { name: 'metrics', port: 2379, protocol: 'TCP' }, @@ -50,11 +50,11 @@ name: 'etcd', namespace: 'kube-system', labels: { - 'k8s-app': 'etcd', + 'app.kubernetes.io/name': 'etcd', }, }, spec: { - jobLabel: 'k8s-app', + jobLabel: 'app.kubernetes.io/name', endpoints: [ { port: 'metrics', @@ -65,14 +65,14 @@ caFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt', keyFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key', certFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.crt', - [if $._config.etcd.serverName != null then 'serverName']: $._config.etcd.serverName, - [if $._config.etcd.insecureSkipVerify != null then 'insecureSkipVerify']: $._config.etcd.insecureSkipVerify, + [if $.values.etcd.serverName != null then 'serverName']: $.values.etcd.serverName, + [if $.values.etcd.insecureSkipVerify != null then 'insecureSkipVerify']: $.values.etcd.insecureSkipVerify, }, }, ], selector: { matchLabels: { - 'k8s-app': 'etcd', + 'app.kubernetes.io/name': 'etcd', }, }, }, @@ -84,12 +84,12 @@ type: 'Opaque', metadata: { name: 'kube-etcd-client-certs', - namespace: $._config.namespace, + namespace: $.values.common.namespace, }, data: { - 'etcd-client-ca.crt': std.base64($._config.etcd.clientCA), - 'etcd-client.key': std.base64($._config.etcd.clientKey), - 'etcd-client.crt': std.base64($._config.etcd.clientCert), + 'etcd-client-ca.crt': std.base64($.values.etcd.clientCA), + 'etcd-client.key': std.base64($.values.etcd.clientKey), + 'etcd-client.crt': std.base64($.values.etcd.clientCert), }, }, prometheus+: { diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/strip-limits.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/strip-limits.libsonnet new file mode 100644 index 0000000..83c5f77 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/strip-limits.libsonnet @@ -0,0 +1,48 @@ +// Strips spec.containers[].limits for certain containers +// https://github.com/prometheus-operator/kube-prometheus/issues/72 + +{ + local noLimit(c) = + //if std.objectHas(c, 'resources') && c.name != 'kube-state-metrics' + if c.name != 'kube-state-metrics' + then c { resources+: { limits: {} } } + else c, + + nodeExporter+: { + daemonset+: { + spec+: { + template+: { + spec+: { + containers: std.map(noLimit, super.containers), + }, + }, + }, + }, + }, + kubeStateMetrics+: { + deployment+: { + spec+: { + template+: { + spec+: { + containers: std.map(noLimit, super.containers), + }, + }, + }, + }, + }, + prometheusOperator+: { + deployment+: { + spec+: { + template+: { + spec+: { + local addArgs(c) = + if c.name == 'prometheus-operator' + then c { args+: ['--config-reloader-cpu=0'] } + else c, + containers: std.map(addArgs, super.containers), + }, + }, + }, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/alerts.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/alerts.libsonnet new file mode 100644 index 0000000..c0ca940 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/alerts.libsonnet @@ -0,0 +1,134 @@ +[ + { + alert: 'WeaveNetIPAMSplitBrain', + expr: 'max(weave_ipam_unreachable_percentage) - min(weave_ipam_unreachable_percentage) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Percentage of all IP addresses owned by unreachable peers is not same for every node.', + description: 'actionable: Weave Net network has a split brain problem. Please find the problem and fix it.', + }, + }, + { + alert: 'WeaveNetIPAMUnreachable', + expr: 'weave_ipam_unreachable_percentage > 25', + 'for': '10m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Percentage of all IP addresses owned by unreachable peers is above threshold.', + description: 'actionable: Please find the problem and fix it.', + }, + }, + { + alert: 'WeaveNetIPAMPendingAllocates', + expr: 'sum(weave_ipam_pending_allocates) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Number of pending allocates is above the threshold.', + description: 'actionable: Please find the problem and fix it.', + }, + }, + { + alert: 'WeaveNetIPAMPendingClaims', + expr: 'sum(weave_ipam_pending_claims) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Number of pending claims is above the threshold.', + description: 'actionable: Please find the problem and fix it.', + }, + }, + { + alert: 'WeaveNetFastDPFlowsLow', + expr: 'sum(weave_flows) < 15000', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Number of FastDP flows is below the threshold.', + description: 'actionable: Please find the reason for FastDP flows to go below the threshold and fix it.', + }, + }, + { + alert: 'WeaveNetFastDPFlowsOff', + expr: 'sum(weave_flows == bool 0) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'FastDP flows is zero.', + description: 'actionable: Please find the reason for FastDP flows to be off and fix it.', + }, + }, + { + alert: 'WeaveNetHighConnectionTerminationRate', + expr: 'rate(weave_connection_terminations_total[5m]) > 0.1', + 'for': '5m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are getting terminated.', + description: 'actionable: Please find the reason for the high connection termination rate and fix it.', + }, + }, + { + alert: 'WeaveNetConnectionsConnecting', + expr: 'sum(weave_connections{state="connecting"}) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are in connecting state.', + description: 'actionable: Please find the reason for this and fix it.', + }, + }, + { + alert: 'WeaveNetConnectionsRetying', + expr: 'sum(weave_connections{state="retrying"}) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are in retrying state.', + description: 'actionable: Please find the reason for this and fix it.', + }, + }, + { + alert: 'WeaveNetConnectionsPending', + expr: 'sum(weave_connections{state="pending"}) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are in pending state.', + description: 'actionable: Please find the reason for this and fix it.', + }, + }, + { + alert: 'WeaveNetConnectionsFailed', + expr: 'sum(weave_connections{state="failed"}) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are in failed state.', + description: 'actionable: Please find the reason and fix it.', + }, + }, +] diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/grafana-weave-net-cluster.json b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net-cluster.json similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/grafana-weave-net-cluster.json rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net-cluster.json diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/grafana-weave-net.json b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net.json similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/grafana-weave-net.json rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net.json diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet new file mode 100644 index 0000000..d5cc9ea --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet @@ -0,0 +1,73 @@ +{ + prometheus+: { + local p = self, + serviceWeaveNet: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'weave-net', + namespace: 'kube-system', + labels: { 'app.kubernetes.io/name': 'weave-net' }, + }, + spec: { + ports: [ + { name: 'weave-net-metrics', targetPort: 6782, port: 6782 }, + ], + selector: { name: 'weave-net' }, + clusterIP: 'None', + }, + }, + serviceMonitorWeaveNet: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'weave-net', + labels: { + 'app.kubernetes.io/name': 'weave-net', + }, + namespace: 'monitoring', + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [ + { + port: 'weave-net-metrics', + path: '/metrics', + interval: '15s', + }, + ], + namespaceSelector: { + matchNames: [ + 'kube-system', + ], + }, + selector: { + matchLabels: { + 'app.kubernetes.io/name': 'weave-net', + }, + }, + }, + }, + prometheusRuleWeaveNet: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: p._config.mixin.ruleLabels, + name: 'weave-net-rules', + namespace: p._config.namespace, + }, + spec: { + groups: [{ + name: 'weave-net', + rules: (import './alerts.libsonnet'), + }], + }, + }, + mixin+:: { + grafanaDashboards+:: { + 'weave-net.json': (import './grafana-weave-net.json'), + 'weave-net-cluster.json': (import './grafana-weave-net-cluster.json'), + }, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/windows.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/windows.libsonnet new file mode 100644 index 0000000..8992032 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/windows.libsonnet @@ -0,0 +1,70 @@ +local windowsdashboards = import 'kubernetes-mixin/dashboards/windows.libsonnet'; +local windowsrules = import 'kubernetes-mixin/rules/windows.libsonnet'; + +{ + values+:: { + // This needs to follow prometheus naming convention and not prometheus-operator one + windowsScrapeConfig+:: { + job_name: 'windows-exporter', + static_configs: [ + { + targets: [error 'must provide targets array'], + }, + ], + relabel_configs: [ + { + action: 'replace', + regex: '(.*)', + replacement: '$1', + source_labels: [ + '__meta_kubernetes_endpoint_address_target_name', + ], + target_label: 'instance', + }, + ], + }, + + grafana+:: { + dashboards+:: windowsdashboards { + _config: $.kubernetesControlPlane.mixin._config { + wmiExporterSelector: 'job="' + $.values.windowsScrapeConfig.job_name + '"', + }, + }.grafanaDashboards, + }, + }, + kubernetesControlPlane+: { + mixin+:: { + prometheusRules+:: { + groups+: windowsrules { + _config: $.kubernetesControlPlane.mixin._config { + wmiExporterSelector: 'job="' + $.values.windowsScrapeConfig.job_name + '"', + }, + }.prometheusRules.groups, + }, + }, + }, + prometheus+: { + local p = self, + local sc = [$.values.windowsScrapeConfig], + prometheus+: { + spec+: { + additionalScrapeConfigs: { + name: 'prometheus-' + p._config.name + '-additional-scrape-config', + key: 'prometheus-additional.yaml', + }, + }, + + }, + windowsConfig: { + apiVersion: 'v1', + kind: 'Secret', + metadata: { + name: 'prometheus-' + p._config.name + '-additional-scrape-config', + namespace: p._config.namespace, + }, + stringData: { + 'prometheus-additional.yaml': std.manifestYamlDoc(sc), + }, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet deleted file mode 100644 index 6c9acda..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet +++ /dev/null @@ -1,147 +0,0 @@ -{ - _config+:: { - namespace: 'default', - - versions+:: { - alertmanager: 'v0.21.0', - }, - - imageRepos+:: { - alertmanager: 'quay.io/prometheus/alertmanager', - }, - - alertmanager+:: { - name: 'main', - config: { - global: { - resolve_timeout: '5m', - }, - inhibit_rules: [{ - source_match: { - severity: 'critical', - }, - target_match_re: { - severity: 'warning|info', - }, - equal: ['namespace', 'alertname'], - }, { - source_match: { - severity: 'warning', - }, - target_match_re: { - severity: 'info', - }, - equal: ['namespace', 'alertname'], - }], - route: { - group_by: ['namespace'], - group_wait: '30s', - group_interval: '5m', - repeat_interval: '12h', - receiver: 'Default', - routes: [ - { receiver: 'Watchdog', match: { alertname: 'Watchdog' } }, - { receiver: 'Critical', match: { severity: 'critical' } }, - ], - }, - receivers: [ - { name: 'Default' }, - { name: 'Watchdog' }, - { name: 'Critical' }, - ], - }, - replicas: 3, - }, - }, - - alertmanager+:: { - secret: { - apiVersion: 'v1', - kind: 'Secret', - type: 'Opaque', - metadata: { - name: 'alertmanager-' + $._config.alertmanager.name, - namespace: $._config.namespace, - }, - stringData: { - 'alertmanager.yaml': if std.type($._config.alertmanager.config) == 'object' - then - std.manifestYamlDoc($._config.alertmanager.config) - else - $._config.alertmanager.config, - }, - }, - - serviceAccount: { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - name: 'alertmanager-' + $._config.alertmanager.name, - namespace: $._config.namespace, - }, - }, - - service: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'alertmanager-' + $._config.alertmanager.name, - namespace: $._config.namespace, - labels: { alertmanager: $._config.alertmanager.name }, - }, - spec: { - ports: [ - { name: 'web', targetPort: 'web', port: 9093 }, - ], - selector: { app: 'alertmanager', alertmanager: $._config.alertmanager.name }, - sessionAffinity: 'ClientIP', - }, - }, - - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'alertmanager', - namespace: $._config.namespace, - labels: { - 'k8s-app': 'alertmanager', - }, - }, - spec: { - selector: { - matchLabels: { - alertmanager: $._config.alertmanager.name, - }, - }, - endpoints: [ - { port: 'web', interval: '30s' }, - ], - }, - }, - - alertmanager: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'Alertmanager', - metadata: { - name: $._config.alertmanager.name, - namespace: $._config.namespace, - labels: { - alertmanager: $._config.alertmanager.name, - }, - }, - spec: { - replicas: $._config.alertmanager.replicas, - version: $._config.versions.alertmanager, - image: $._config.imageRepos.alertmanager + ':' + $._config.versions.alertmanager, - nodeSelector: { 'kubernetes.io/os': 'linux' }, - serviceAccountName: 'alertmanager-' + $._config.alertmanager.name, - securityContext: { - runAsUser: 1000, - runAsNonRoot: true, - fsGroup: 2000, - }, - }, - }, - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/alertmanager.libsonnet new file mode 100644 index 0000000..6038566 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -0,0 +1,213 @@ +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + image: error 'must provide image', + version: error 'must provide version', + resources: { + limits: { cpu: '100m', memory: '100Mi' }, + requests: { cpu: '4m', memory: '100Mi' }, + }, + commonLabels:: { + 'app.kubernetes.io/name': 'alertmanager', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'alert-router', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + name: error 'must provide name', + config: { + global: { + resolve_timeout: '5m', + }, + inhibit_rules: [{ + source_match: { + severity: 'critical', + }, + target_match_re: { + severity: 'warning|info', + }, + equal: ['namespace', 'alertname'], + }, { + source_match: { + severity: 'warning', + }, + target_match_re: { + severity: 'info', + }, + equal: ['namespace', 'alertname'], + }], + route: { + group_by: ['namespace'], + group_wait: '30s', + group_interval: '5m', + repeat_interval: '12h', + receiver: 'Default', + routes: [ + { receiver: 'Watchdog', match: { alertname: 'Watchdog' } }, + { receiver: 'Critical', match: { severity: 'critical' } }, + ], + }, + receivers: [ + { name: 'Default' }, + { name: 'Watchdog' }, + { name: 'Critical' }, + ], + }, + replicas: 3, + mixin: { + ruleLabels: {}, + _config: { + alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', + alertmanagerClusterLabels: 'namespace,service', + alertmanagerSelector: 'job="alertmanager-' + defaults.name + '",namespace="' + defaults.namespace + '"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + }, + }, +}; + + +function(params) { + local am = self, + _config:: defaults + params, + // Safety check + assert std.isObject(am._config.resources), + assert std.isObject(am._config.mixin._config), + + mixin:: (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: am._config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: am._config.commonLabels + am._config.mixin.ruleLabels, + name: 'alertmanager-' + am._config.name + '-rules', + namespace: am._config.namespace, + }, + spec: { + local r = if std.objectHasAll(am.mixin, 'prometheusRules') then am.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(am.mixin, 'prometheusAlerts') then am.mixin.prometheusAlerts.groups else [], + groups: a + r, + }, + }, + + secret: { + apiVersion: 'v1', + kind: 'Secret', + type: 'Opaque', + metadata: { + name: 'alertmanager-' + am._config.name, + namespace: am._config.namespace, + labels: { alertmanager: am._config.name } + am._config.commonLabels, + }, + stringData: { + 'alertmanager.yaml': if std.type(am._config.config) == 'object' + then + std.manifestYamlDoc(am._config.config) + else + am._config.config, + }, + }, + + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'alertmanager-' + am._config.name, + namespace: am._config.namespace, + labels: { alertmanager: am._config.name } + am._config.commonLabels, + }, + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'alertmanager-' + am._config.name, + namespace: am._config.namespace, + labels: { alertmanager: am._config.name } + am._config.commonLabels, + }, + spec: { + ports: [ + { name: 'web', targetPort: 'web', port: 9093 }, + ], + selector: { + app: 'alertmanager', + alertmanager: am._config.name, + } + am._config.selectorLabels, + sessionAffinity: 'ClientIP', + }, + }, + + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'alertmanager', + namespace: am._config.namespace, + labels: am._config.commonLabels, + }, + spec: { + selector: { + matchLabels: { + alertmanager: am._config.name, + } + am._config.selectorLabels, + }, + endpoints: [ + { port: 'web', interval: '30s' }, + ], + }, + }, + + [if (defaults + params).replicas > 1 then 'podDisruptionBudget']: { + apiVersion: 'policy/v1beta1', + kind: 'PodDisruptionBudget', + metadata: { + name: 'alertmanager-' + am._config.name, + namespace: am._config.namespace, + labels: am._config.commonLabels, + }, + spec: { + maxUnavailable: 1, + selector: { + matchLabels: { + alertmanager: am._config.name, + } + am._config.selectorLabels, + }, + }, + }, + + alertmanager: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'Alertmanager', + metadata: { + name: am._config.name, + namespace: am._config.namespace, + labels: { + alertmanager: am._config.name, + } + am._config.commonLabels, + }, + spec: { + replicas: am._config.replicas, + version: am._config.version, + image: am._config.image, + podMetadata: { + labels: am._config.commonLabels, + }, + resources: am._config.resources, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + serviceAccountName: 'alertmanager-' + am._config.name, + securityContext: { + runAsUser: 1000, + runAsNonRoot: true, + fsGroup: 2000, + }, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet new file mode 100644 index 0000000..e574c9f --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -0,0 +1,287 @@ +local krp = import './kube-rbac-proxy.libsonnet'; + +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide version', + resources: { + requests: { cpu: '10m', memory: '20Mi' }, + limits: { cpu: '20m', memory: '40Mi' }, + }, + commonLabels:: { + 'app.kubernetes.io/name': 'blackbox-exporter', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + configmapReloaderImage: 'jimmidyson/configmap-reload:v0.5.0', + + port: 9115, + internalPort: 19115, + replicas: 1, + modules: { + http_2xx: { + prober: 'http', + http: { + preferred_ip_protocol: 'ip4', + }, + }, + http_post_2xx: { + prober: 'http', + http: { + method: 'POST', + preferred_ip_protocol: 'ip4', + }, + }, + tcp_connect: { + prober: 'tcp', + tcp: { + preferred_ip_protocol: 'ip4', + }, + }, + pop3s_banner: { + prober: 'tcp', + tcp: { + query_response: [ + { expect: '^+OK' }, + ], + tls: true, + tls_config: { + insecure_skip_verify: false, + }, + preferred_ip_protocol: 'ip4', + }, + }, + ssh_banner: { + prober: 'tcp', + tcp: { + query_response: [ + { expect: '^SSH-2.0-' }, + ], + preferred_ip_protocol: 'ip4', + }, + }, + irc_banner: { + prober: 'tcp', + tcp: { + query_response: [ + { send: 'NICK prober' }, + { send: 'USER prober prober prober :prober' }, + { expect: 'PING :([^ ]+)', send: 'PONG ${1}' }, + { expect: '^:[^ ]+ 001' }, + ], + preferred_ip_protocol: 'ip4', + }, + }, + }, + privileged: + local icmpModules = [self.modules[m] for m in std.objectFields(self.modules) if self.modules[m].prober == 'icmp']; + std.length(icmpModules) > 0, +}; + + +function(params) { + local bb = self, + _config:: defaults + params, + // Safety check + assert std.isObject(bb._config.resources), + + configuration: { + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: 'blackbox-exporter-configuration', + namespace: bb._config.namespace, + labels: bb._config.commonLabels, + }, + data: { + 'config.yml': std.manifestYamlDoc({ modules: bb._config.modules }), + }, + }, + + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'blackbox-exporter', + namespace: bb._config.namespace, + }, + }, + + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'blackbox-exporter', + }, + rules: [ + { + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], + }, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], + }, + ], + }, + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'blackbox-exporter', + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'blackbox-exporter', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'blackbox-exporter', + namespace: bb._config.namespace, + }], + }, + + deployment: + local blackboxExporter = { + name: 'blackbox-exporter', + image: bb._config.image, + args: [ + '--config.file=/etc/blackbox_exporter/config.yml', + '--web.listen-address=:%d' % bb._config.internalPort, + ], + ports: [{ + name: 'http', + containerPort: bb._config.internalPort, + }], + resources: bb._config.resources, + securityContext: if bb._config.privileged then { + runAsNonRoot: false, + capabilities: { drop: ['ALL'], add: ['NET_RAW'] }, + } else { + runAsNonRoot: true, + runAsUser: 65534, + }, + volumeMounts: [{ + mountPath: '/etc/blackbox_exporter/', + name: 'config', + readOnly: true, + }], + }; + + local reloader = { + name: 'module-configmap-reloader', + image: bb._config.configmapReloaderImage, + args: [ + '--webhook-url=http://localhost:%d/-/reload' % bb._config.internalPort, + '--volume-dir=/etc/blackbox_exporter/', + ], + resources: bb._config.resources, + securityContext: { runAsNonRoot: true, runAsUser: 65534 }, + terminationMessagePath: '/dev/termination-log', + terminationMessagePolicy: 'FallbackToLogsOnError', + volumeMounts: [{ + mountPath: '/etc/blackbox_exporter/', + name: 'config', + readOnly: true, + }], + }; + + local kubeRbacProxy = krp({ + name: 'kube-rbac-proxy', + upstream: 'http://127.0.0.1:' + bb._config.internalPort + '/', + secureListenAddress: ':' + bb._config.port, + ports: [ + { name: 'https', containerPort: bb._config.port }, + ], + }); + + { + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: 'blackbox-exporter', + namespace: bb._config.namespace, + labels: bb._config.commonLabels, + }, + spec: { + replicas: bb._config.replicas, + selector: { matchLabels: bb._config.selectorLabels }, + template: { + metadata: { + labels: bb._config.commonLabels, + annotations: { + 'kubectl.kubernetes.io/default-container': blackboxExporter.name, + }, + }, + spec: { + containers: [blackboxExporter, reloader, kubeRbacProxy], + nodeSelector: { 'kubernetes.io/os': 'linux' }, + serviceAccountName: 'blackbox-exporter', + volumes: [{ + name: 'config', + configMap: { name: 'blackbox-exporter-configuration' }, + }], + }, + }, + }, + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'blackbox-exporter', + namespace: bb._config.namespace, + labels: bb._config.commonLabels, + }, + spec: { + ports: [{ + name: 'https', + port: bb._config.port, + targetPort: 'https', + }, { + name: 'probe', + port: bb._config.internalPort, + targetPort: 'http', + }], + selector: bb._config.selectorLabels, + }, + }, + + serviceMonitor: + { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'blackbox-exporter', + namespace: bb._config.namespace, + labels: bb._config.commonLabels, + }, + spec: { + endpoints: [{ + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + interval: '30s', + path: '/metrics', + port: 'https', + scheme: 'https', + tlsConfig: { + insecureSkipVerify: true, + }, + }], + selector: { + matchLabels: bb._config.selectorLabels, + }, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/grafana.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/grafana.libsonnet new file mode 100644 index 0000000..5d2eeb5 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -0,0 +1,103 @@ +local defaults = { + local defaults = self, + name: 'grafana', + namespace: error 'must provide namespace', + version: error 'must provide version', + // image: error 'must provide image', + imageRepos: 'grafana/grafana', + resources: { + requests: { cpu: '100m', memory: '100Mi' }, + limits: { cpu: '200m', memory: '200Mi' }, + }, + commonLabels:: { + 'app.kubernetes.io/name': defaults.name, + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'grafana', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + prometheusName: error 'must provide prometheus name', + dashboards: {}, + // TODO(paulfantom): expose those to have a stable API. After kubernetes-grafana refactor those could probably be removed. + rawDashboards: {}, + folderDashboards: {}, + containers: [], + datasources: [], + config: {}, + plugins: [], +}; + +function(params) { + local g = self, + _config:: defaults + params, + // Safety check + assert std.isObject(g._config.resources), + + local glib = (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + { + _config+:: { + namespace: g._config.namespace, + versions+:: { + grafana: g._config.version, + }, + imageRepos+:: { + grafana: g._config.imageRepos, + }, + prometheus+:: { + name: g._config.prometheusName, + }, + grafana+:: { + labels: g._config.commonLabels, + dashboards: g._config.dashboards, + resources: g._config.resources, + rawDashboards: g._config.rawDashboards, + folderDashboards: g._config.folderDashboards, + containers: g._config.containers, + config+: g._config.config, + plugins+: g._config.plugins, + } + ( + // Conditionally overwrite default setting. + if std.length(g._config.datasources) > 0 then + { datasources: g._config.datasources } + else {} + ), + }, + }, + + // Add object only if user passes config and config is not empty + [if std.objectHas(params, 'config') && std.length(params.config) > 0 then 'config']: glib.grafana.config, + service: glib.grafana.service, + serviceAccount: glib.grafana.serviceAccount, + deployment: glib.grafana.deployment, + dashboardDatasources: glib.grafana.dashboardDatasources, + dashboardSources: glib.grafana.dashboardSources, + + dashboardDefinitions: if std.length(g._config.dashboards) > 0 then { + apiVersion: 'v1', + kind: 'ConfigMapList', + items: glib.grafana.dashboardDefinitions, + }, + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'grafana', + namespace: g._config.namespace, + labels: g._config.commonLabels, + }, + spec: { + selector: { + matchLabels: { + 'app.kubernetes.io/name': 'grafana', + }, + }, + endpoints: [{ + port: 'http', + interval: '15s', + }], + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet new file mode 100644 index 0000000..fdc6e49 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet @@ -0,0 +1,262 @@ +local relabelings = import '../addons/dropping-deprecated-metrics-relabelings.libsonnet'; + +local defaults = { + namespace: error 'must provide namespace', + commonLabels:: { + 'app.kubernetes.io/name': 'kube-prometheus', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + mixin: { + ruleLabels: {}, + _config: { + cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', + kubeletSelector: 'job="kubelet", metrics_path="/metrics"', + kubeStateMetricsSelector: 'job="kube-state-metrics"', + nodeExporterSelector: 'job="node-exporter"', + kubeSchedulerSelector: 'job="kube-scheduler"', + kubeControllerManagerSelector: 'job="kube-controller-manager"', + kubeApiserverSelector: 'job="apiserver"', + podLabel: 'pod', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', + }, + }, +}; + +function(params) { + local k8s = self, + _config:: defaults + params, + + mixin:: (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') { + _config+:: k8s._config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: k8s._config.commonLabels + k8s._config.mixin.ruleLabels, + name: 'kubernetes-monitoring-rules', + namespace: k8s._config.namespace, + }, + spec: { + local r = if std.objectHasAll(k8s.mixin, 'prometheusRules') then k8s.mixin.prometheusRules.groups else {}, + local a = if std.objectHasAll(k8s.mixin, 'prometheusAlerts') then k8s.mixin.prometheusAlerts.groups else {}, + groups: a + r, + }, + }, + + serviceMonitorKubeScheduler: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-scheduler', + namespace: k8s._config.namespace, + labels: { 'app.kubernetes.io/name': 'kube-scheduler' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [{ + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { insecureSkipVerify: true }, + }], + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorKubelet: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kubelet', + namespace: k8s._config.namespace, + labels: { 'app.kubernetes.io/name': 'kubelet' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [ + { + port: 'https-metrics', + scheme: 'https', + interval: '30s', + honorLabels: true, + tlsConfig: { insecureSkipVerify: true }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: relabelings, + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + }, + { + port: 'https-metrics', + scheme: 'https', + path: '/metrics/cadvisor', + interval: '30s', + honorLabels: true, + honorTimestamps: false, + tlsConfig: { + insecureSkipVerify: true, + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + metricRelabelings: [ + // Drop a bunch of metrics which are disabled but still sent, see + // https://github.com/google/cadvisor/issues/1925. + { + sourceLabels: ['__name__'], + regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', + action: 'drop', + }, + ], + }, + { + port: 'https-metrics', + scheme: 'https', + path: '/metrics/probes', + interval: '30s', + honorLabels: true, + tlsConfig: { insecureSkipVerify: true }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + }, + ], + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kubelet' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorKubeControllerManager: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-controller-manager', + namespace: k8s._config.namespace, + labels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [{ + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + metricRelabelings: relabelings + [ + { + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|request|server).*', + action: 'drop', + }, + ], + }], + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorApiserver: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-apiserver', + namespace: k8s._config.namespace, + labels: { 'app.kubernetes.io/name': 'apiserver' }, + }, + spec: { + jobLabel: 'component', + selector: { + matchLabels: { + component: 'apiserver', + provider: 'kubernetes', + }, + }, + namespaceSelector: { + matchNames: ['default'], + }, + endpoints: [{ + port: 'https', + interval: '30s', + scheme: 'https', + tlsConfig: { + caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', + serverName: 'kubernetes', + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: relabelings + [ + { + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|server).*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_step_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__', 'le'], + regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', + action: 'drop', + }, + ], + }], + }, + }, + + serviceMonitorCoreDNS: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'coredns', + namespace: k8s._config.namespace, + labels: { 'app.kubernetes.io/name': 'coredns' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kube-dns' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + endpoints: [{ + port: 'metrics', + interval: '15s', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + }], + }, + }, + + +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet new file mode 100644 index 0000000..faec1f4 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet @@ -0,0 +1,63 @@ +local defaults = { + namespace: error 'must provide namespace', + image: 'quay.io/brancz/kube-rbac-proxy:v0.8.0', + ports: error 'must provide ports', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + resources: { + requests: { cpu: '10m', memory: '20Mi' }, + limits: { cpu: '20m', memory: '40Mi' }, + }, + tlsCipherSuites: [ + 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 + + // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 + // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 + // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 + // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 + // 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 + // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2 + // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2 + // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 + // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 + // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 + // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 + // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 + + // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go + + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305', + 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', + ], +}; + + +function(params) { + local krp = self, + _config:: defaults + params, + // Safety check + assert std.isObject(krp._config.resources), + + name: krp._config.name, + image: krp._config.image, + args: [ + '--logtostderr', + '--secure-listen-address=' + krp._config.secureListenAddress, + '--tls-cipher-suites=' + std.join(',', krp._config.tlsCipherSuites), + '--upstream=' + krp._config.upstream, + ], + resources: krp._config.resources, + ports: krp._config.ports, + securityContext: { + runAsUser: 65532, + runAsGroup: 65532, + runAsNonRoot: true, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet new file mode 100644 index 0000000..7599f61 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -0,0 +1,171 @@ +local krp = import './kube-rbac-proxy.libsonnet'; + +local defaults = { + local defaults = self, + name: 'kube-state-metrics', + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide version', + resources: { + requests: { cpu: '10m', memory: '190Mi' }, + limits: { cpu: '100m', memory: '250Mi' }, + }, + + scrapeInterval: '30s', + scrapeTimeout: '30s', + commonLabels:: { + 'app.kubernetes.io/name': defaults.name, + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + mixin: { + ruleLabels: {}, + _config: { + kubeStateMetricsSelector: 'job="' + defaults.name + '"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + }, + }, +}; + +function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet') { + local ksm = self, + _config:: defaults + params, + // Safety check + assert std.isObject(ksm._config.resources), + assert std.isObject(ksm._config.mixin._config), + + name:: ksm._config.name, + namespace:: ksm._config.namespace, + version:: ksm._config.version, + image:: ksm._config.image, + commonLabels:: ksm._config.commonLabels, + podLabels:: ksm._config.selectorLabels, + + mixin:: (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: ksm._config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: ksm._config.commonLabels + ksm._config.mixin.ruleLabels, + name: ksm._config.name + '-rules', + namespace: ksm._config.namespace, + }, + spec: { + local r = if std.objectHasAll(ksm.mixin, 'prometheusRules') then ksm.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(ksm.mixin, 'prometheusAlerts') then ksm.mixin.prometheusAlerts.groups else [], + groups: a + r, + }, + }, + + service+: { + spec+: { + ports: [ + { + name: 'https-main', + port: 8443, + targetPort: 'https-main', + }, + { + name: 'https-self', + port: 9443, + targetPort: 'https-self', + }, + ], + }, + }, + + local kubeRbacProxyMain = krp({ + name: 'kube-rbac-proxy-main', + upstream: 'http://127.0.0.1:8081/', + secureListenAddress: ':8443', + ports: [ + { name: 'https-main', containerPort: 8443 }, + ], + resources+: { + limits+: { cpu: '40m' }, + requests+: { cpu: '20m' }, + }, + }), + + local kubeRbacProxySelf = krp({ + name: 'kube-rbac-proxy-self', + upstream: 'http://127.0.0.1:8082/', + secureListenAddress: ':9443', + ports: [ + { name: 'https-self', containerPort: 9443 }, + ], + }), + + deployment+: { + spec+: { + template+: { + metadata+: { + annotations+: { + 'kubectl.kubernetes.io/default-container': 'kube-state-metrics', + }, + }, + spec+: { + containers: std.map(function(c) c { + ports:: null, + livenessProbe:: null, + readinessProbe:: null, + args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'], + resources: ksm._config.resources, + }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf], + }, + }, + }, + }, + serviceMonitor: + { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: ksm.name, + namespace: ksm._config.namespace, + labels: ksm._config.commonLabels, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { matchLabels: ksm._config.selectorLabels }, + endpoints: [ + { + port: 'https-main', + scheme: 'https', + interval: ksm._config.scrapeInterval, + scrapeTimeout: ksm._config.scrapeTimeout, + honorLabels: true, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [ + { + regex: '(pod|service|endpoint|namespace)', + action: 'labeldrop', + }, + ], + tlsConfig: { + insecureSkipVerify: true, + }, + }, + { + port: 'https-self', + scheme: 'https', + interval: ksm._config.scrapeInterval, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + }, + ], + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/alerts.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/alerts.libsonnet similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/alerts.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/alerts.libsonnet diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/general.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet similarity index 75% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/general.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet index 16f3e39..cd5c716 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/general.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet @@ -7,7 +7,8 @@ { alert: 'TargetDown', annotations: { - message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.', + summary: 'One or more targets are unreachable.', + description: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.', }, expr: '100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10', 'for': '10m', @@ -18,7 +19,8 @@ { alert: 'Watchdog', annotations: { - message: ||| + summary: 'An alert that should always be firing to certify that Alertmanager is working properly.', + description: ||| This is an alert meant to ensure that the entire alerting pipeline is functional. This alert is always firing, therefore it should always be firing in Alertmanager and always fire against a receiver. There are integrations with various notification diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/node.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet similarity index 95% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/node.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet index d1b9caf..74cfb4f 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/node.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet @@ -7,7 +7,7 @@ { alert: 'NodeNetworkInterfaceFlapping', annotations: { - message: 'Network interface "{{ $labels.device }}" changing it\'s up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}"', + message: 'Network interface "{{ $labels.device }}" changing it\'s up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}', }, expr: ||| changes(node_network_up{%(nodeExporterSelector)s,%(hostNetworkInterfaceSelector)s}[2m]) > 2 diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/tests.yaml b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/tests.yaml similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/alerts/tests.yaml rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/alerts/tests.yaml diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/custom.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/custom.libsonnet new file mode 100644 index 0000000..b32f946 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/custom.libsonnet @@ -0,0 +1,44 @@ +local defaults = { + name: 'kube-prometheus', + namespace: error 'must provide namespace', + commonLabels:: { + 'app.kubernetes.io/name': 'kube-prometheus', + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + mixin: { + ruleLabels: {}, + _config: { + nodeExporterSelector: 'job="node-exporter"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + }, + }, +}; + +function(params) { + local m = self, + _config:: defaults + params, + + local alertsandrules = (import './alerts/alerts.libsonnet') + (import './rules/rules.libsonnet'), + + mixin:: alertsandrules + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: m._config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: m._config.commonLabels + m._config.mixin.ruleLabels, + name: m._config.name + '-rules', + namespace: m._config.namespace, + }, + spec: { + local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(m.mixin, 'prometheusAlerts') then m.mixin.prometheusAlerts.groups else [], + groups: a + r, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/rules/general.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/rules/general.libsonnet similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/rules/general.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/rules/general.libsonnet diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/rules/node-rules.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/rules/node-rules.libsonnet similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/rules/node-rules.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/rules/node-rules.libsonnet diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/rules/rules.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/rules/rules.libsonnet similarity index 100% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/rules/rules.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/mixin/rules/rules.libsonnet diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/node-exporter.libsonnet new file mode 100644 index 0000000..0f07f8a --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -0,0 +1,248 @@ +local krp = import './kube-rbac-proxy.libsonnet'; + +local defaults = { + local defaults = self, + name: 'node-exporter', + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide version', + resources: { + requests: { cpu: '102m', memory: '180Mi' }, + limits: { cpu: '250m', memory: '180Mi' }, + }, + listenAddress: '127.0.0.1', + port: 9100, + commonLabels:: { + 'app.kubernetes.io/name': defaults.name, + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + mixin: { + ruleLabels: {}, + _config: { + nodeExporterSelector: 'job="' + defaults.name + '"', + fsSpaceFillingUpCriticalThreshold: 15, + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + }, + }, +}; + + +function(params) { + local ne = self, + _config:: defaults + params, + // Safety check + assert std.isObject(ne._config.resources), + assert std.isObject(ne._config.mixin._config), + + mixin:: (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: ne._config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: ne._config.commonLabels + ne._config.mixin.ruleLabels, + name: ne._config.name + '-rules', + namespace: ne._config.namespace, + }, + spec: { + local r = if std.objectHasAll(ne.mixin, 'prometheusRules') then ne.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(ne.mixin, 'prometheusAlerts') then ne.mixin.prometheusAlerts.groups else [], + groups: a + r, + }, + }, + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: ne._config.name, + labels: ne._config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: ne._config.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: ne._config.name, + namespace: ne._config.namespace, + }], + }, + + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: ne._config.name, + labels: ne._config.commonLabels, + }, + rules: [ + { + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], + }, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], + }, + ], + }, + + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: ne._config.name, + namespace: ne._config.namespace, + labels: ne._config.commonLabels, + }, + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: ne._config.name, + namespace: ne._config.namespace, + labels: ne._config.commonLabels, + }, + spec: { + ports: [ + { name: 'https', targetPort: 'https', port: ne._config.port }, + ], + selector: ne._config.selectorLabels, + clusterIP: 'None', + }, + }, + + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: ne._config.name, + namespace: ne._config.namespace, + labels: ne._config.commonLabels, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { + matchLabels: ne._config.selectorLabels, + }, + endpoints: [{ + port: 'https', + scheme: 'https', + interval: '15s', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [ + { + action: 'replace', + regex: '(.*)', + replacement: '$1', + sourceLabels: ['__meta_kubernetes_pod_node_name'], + targetLabel: 'instance', + }, + ], + tlsConfig: { + insecureSkipVerify: true, + }, + }], + }, + }, + + daemonset: + local nodeExporter = { + name: ne._config.name, + image: ne._config.image, + args: [ + '--web.listen-address=' + std.join(':', [ne._config.listenAddress, std.toString(ne._config.port)]), + '--path.sysfs=/host/sys', + '--path.rootfs=/host/root', + '--no-collector.wifi', + '--no-collector.hwmon', + '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)', + '--collector.netclass.ignored-devices=^(veth.*)$', + '--collector.netdev.device-exclude=^(veth.*)$', + ], + volumeMounts: [ + { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, + { name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true }, + ], + resources: ne._config.resources, + }; + + local kubeRbacProxy = krp({ + name: 'kube-rbac-proxy', + //image: krpImage, + upstream: 'http://127.0.0.1:' + ne._config.port + '/', + secureListenAddress: '[$(IP)]:' + ne._config.port, + // Keep `hostPort` here, rather than in the node-exporter container + // because Kubernetes mandates that if you define a `hostPort` then + // `containerPort` must match. In our case, we are splitting the + // host port and container port between the two containers. + // We'll keep the port specification here so that the named port + // used by the service is tied to the proxy container. We *could* + // forgo declaring the host port, however it is important to declare + // it so that the scheduler can decide if the pod is schedulable. + ports: [ + { name: 'https', containerPort: ne._config.port, hostPort: ne._config.port }, + ], + }) + { + env: [ + { name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } }, + ], + }; + + { + apiVersion: 'apps/v1', + kind: 'DaemonSet', + metadata: { + name: ne._config.name, + namespace: ne._config.namespace, + labels: ne._config.commonLabels, + }, + spec: { + selector: { matchLabels: ne._config.selectorLabels }, + updateStrategy: { + type: 'RollingUpdate', + rollingUpdate: { maxUnavailable: '10%' }, + }, + template: { + metadata: { labels: ne._config.commonLabels }, + spec: { + nodeSelector: { 'kubernetes.io/os': 'linux' }, + tolerations: [{ + operator: 'Exists', + }], + containers: [nodeExporter, kubeRbacProxy], + volumes: [ + { name: 'sys', hostPath: { path: '/sys' } }, + { name: 'root', hostPath: { path: '/' } }, + ], + serviceAccountName: ne._config.name, + securityContext: { + runAsUser: 65534, + runAsNonRoot: true, + }, + hostPID: true, + hostNetwork: true, + }, + }, + }, + }, + + +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet new file mode 100644 index 0000000..341a2f5 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -0,0 +1,303 @@ +local defaults = { + local defaults = self, + name: 'prometheus-adapter', + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide image', + resources: { + requests: { cpu: '102m', memory: '180Mi' }, + limits: { cpu: '250m', memory: '180Mi' }, + }, + replicas: 2, + listenAddress: '127.0.0.1', + port: 9100, + commonLabels:: { + 'app.kubernetes.io/name': 'prometheus-adapter', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'metrics-adapter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + + prometheusURL: error 'must provide prometheusURL', + config: { + resourceRules: { + cpu: { + containerQuery: 'sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[5m])) by (<<.GroupBy>>)', + nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>)', + resources: { + overrides: { + node: { resource: 'node' }, + namespace: { resource: 'namespace' }, + pod: { resource: 'pod' }, + }, + }, + containerLabel: 'container', + }, + memory: { + containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""}) by (<<.GroupBy>>)', + nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum(windows_cs_physical_memory_bytes{job="windows-exporter",<<.LabelMatchers>>} - windows_memory_available_bytes{job="windows-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', + resources: { + overrides: { + instance: { resource: 'node' }, + namespace: { resource: 'namespace' }, + pod: { resource: 'pod' }, + }, + }, + containerLabel: 'container', + }, + window: '5m', + }, + }, +}; + +function(params) { + local pa = self, + _config:: defaults + params, + // Safety check + assert std.isObject(pa._config.resources), + + apiService: { + apiVersion: 'apiregistration.k8s.io/v1', + kind: 'APIService', + metadata: { + name: 'v1beta1.metrics.k8s.io', + labels: pa._config.commonLabels, + }, + spec: { + service: { + name: $.service.metadata.name, + namespace: pa._config.namespace, + }, + group: 'metrics.k8s.io', + version: 'v1beta1', + insecureSkipTLSVerify: true, + groupPriorityMinimum: 100, + versionPriority: 100, + }, + }, + + configMap: { + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: 'adapter-config', + namespace: pa._config.namespace, + labels: pa._config.commonLabels, + }, + data: { 'config.yaml': std.manifestYamlDoc(pa._config.config) }, + }, + + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: pa._config.name, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, + }, + spec: { + selector: { + matchLabels: pa._config.selectorLabels, + }, + endpoints: [ + { + port: 'https', + interval: '30s', + scheme: 'https', + tlsConfig: { + insecureSkipVerify: true, + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + }, + ], + }, + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: pa._config.name, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, + }, + spec: { + ports: [ + { name: 'https', targetPort: 6443, port: 443 }, + ], + selector: pa._config.selectorLabels, + }, + }, + + deployment: + local c = { + name: pa._config.name, + image: pa._config.image, + args: [ + '--cert-dir=/var/run/serving-cert', + '--config=/etc/adapter/config.yaml', + '--logtostderr=true', + '--metrics-relist-interval=1m', + '--prometheus-url=' + pa._config.prometheusURL, + '--secure-port=6443', + ], + ports: [{ containerPort: 6443 }], + volumeMounts: [ + { name: 'tmpfs', mountPath: '/tmp', readOnly: false }, + { name: 'volume-serving-cert', mountPath: '/var/run/serving-cert', readOnly: false }, + { name: 'config', mountPath: '/etc/adapter', readOnly: false }, + ], + }; + + { + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: pa._config.name, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, + }, + spec: { + replicas: pa._config.replicas, + selector: { matchLabels: pa._config.selectorLabels }, + strategy: { + rollingUpdate: { + maxSurge: 1, + maxUnavailable: 1, + }, + }, + template: { + metadata: { labels: pa._config.commonLabels }, + spec: { + containers: [c], + serviceAccountName: $.serviceAccount.metadata.name, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + volumes: [ + { name: 'tmpfs', emptyDir: {} }, + { name: 'volume-serving-cert', emptyDir: {} }, + { name: 'config', configMap: { name: 'adapter-config' } }, + ], + }, + }, + }, + }, + + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: pa._config.name, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, + }, + }, + + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: pa._config.name, + labels: pa._config.commonLabels, + }, + rules: [{ + apiGroups: [''], + resources: ['nodes', 'namespaces', 'pods', 'services'], + verbs: ['get', 'list', 'watch'], + }], + }, + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: pa._config.name, + labels: pa._config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: $.clusterRole.metadata.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: $.serviceAccount.metadata.name, + namespace: pa._config.namespace, + }], + }, + + clusterRoleBindingDelegator: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'resource-metrics:system:auth-delegator', + labels: pa._config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'system:auth-delegator', + }, + subjects: [{ + kind: 'ServiceAccount', + name: $.serviceAccount.metadata.name, + namespace: pa._config.namespace, + }], + }, + + clusterRoleServerResources: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'resource-metrics-server-resources', + labels: pa._config.commonLabels, + }, + rules: [{ + apiGroups: ['metrics.k8s.io'], + resources: ['*'], + verbs: ['*'], + }], + }, + + clusterRoleAggregatedMetricsReader: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'system:aggregated-metrics-reader', + labels: { + 'rbac.authorization.k8s.io/aggregate-to-admin': 'true', + 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', + 'rbac.authorization.k8s.io/aggregate-to-view': 'true', + } + pa._config.commonLabels, + }, + rules: [{ + apiGroups: ['metrics.k8s.io'], + resources: ['pods', 'nodes'], + verbs: ['get', 'list', 'watch'], + }], + }, + + roleBindingAuthReader: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'resource-metrics-auth-reader', + namespace: 'kube-system', + labels: pa._config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'extension-apiserver-authentication-reader', + }, + subjects: [{ + kind: 'ServiceAccount', + name: $.serviceAccount.metadata.name, + namespace: pa._config.namespace, + }], + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet new file mode 100644 index 0000000..7b6d0a3 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet @@ -0,0 +1,128 @@ +local krp = import './kube-rbac-proxy.libsonnet'; +local prometheusOperator = import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet'; + +local defaults = { + local defaults = self, + name: 'prometheus-operator', + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide image', + configReloaderImage: error 'must provide config reloader image', + resources: { + limits: { cpu: '200m', memory: '200Mi' }, + requests: { cpu: '100m', memory: '100Mi' }, + }, + commonLabels:: { + 'app.kubernetes.io/name': defaults.name, + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'controller', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + mixin: { + ruleLabels: { + role: 'alert-rules', + prometheus: defaults.name, + }, + _config: { + prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + defaults.namespace + '"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + }, + }, +}; + +function(params) + local config = defaults + params; + // Safety check + assert std.isObject(config.resources); + + prometheusOperator(config) { + local po = self, + // declare variable as a field to allow overriding options and to have unified API across all components + _config:: config, + mixin:: (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: po._config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: po._config.commonLabels + po._config.mixin.ruleLabels, + name: po._config.name + '-rules', + namespace: po._config.namespace, + }, + spec: { + local r = if std.objectHasAll(po.mixin, 'prometheusRules') then po.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(po.mixin, 'prometheusAlerts') then po.mixin.prometheusAlerts.groups else [], + groups: a + r, + }, + }, + + service+: { + spec+: { + ports: [ + { + name: 'https', + port: 8443, + targetPort: 'https', + }, + ], + }, + }, + + serviceMonitor+: { + spec+: { + endpoints: [ + { + port: 'https', + scheme: 'https', + honorLabels: true, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + }, + ], + }, + }, + + clusterRole+: { + rules+: [ + { + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], + }, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], + }, + ], + }, + + local kubeRbacProxy = krp({ + name: 'kube-rbac-proxy', + upstream: 'http://127.0.0.1:8080/', + secureListenAddress: ':8443', + ports: [ + { name: 'https', containerPort: 8443 }, + ], + }), + + deployment+: { + spec+: { + template+: { + spec+: { + containers+: [kubeRbacProxy], + }, + }, + }, + }, + } diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus.libsonnet new file mode 100644 index 0000000..b3e919f --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -0,0 +1,376 @@ +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide image', + resources: { + requests: { memory: '400Mi' }, + }, + + name: error 'must provide name', + alertmanagerName: error 'must provide alertmanagerName', + namespaces: ['default', 'kube-system', defaults.namespace], + replicas: 2, + externalLabels: {}, + commonLabels:: { + 'app.kubernetes.io/name': 'prometheus', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'prometheus', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + } + { prometheus: defaults.name }, + ruleSelector: { + matchLabels: defaults.mixin.ruleLabels, + }, + mixin: { + ruleLabels: { + role: 'alert-rules', + prometheus: defaults.name, + }, + _config: { + prometheusSelector: 'job="prometheus-' + defaults.name + '",namespace="' + defaults.namespace + '"', + prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', + thanosSelector: 'job="thanos-sidecar"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + }, + }, + thanos: {}, +}; + + +function(params) { + local p = self, + _config:: defaults + params, + // Safety check + assert std.isObject(p._config.resources), + assert std.isObject(p._config.mixin._config), + + mixin:: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') + ( + if p._config.thanos != {} then + (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { + sidecar: { + selector: p._config.mixin._config.thanosSelector, + }, + } + else {} + ) { + _config+:: p._config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: p._config.commonLabels + p._config.mixin.ruleLabels, + name: 'prometheus-' + p._config.name + '-prometheus-rules', + namespace: p._config.namespace, + }, + spec: { + local r = if std.objectHasAll(p.mixin, 'prometheusRules') then p.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(p.mixin, 'prometheusAlerts') then p.mixin.prometheusAlerts.groups else [], + groups: a + r, + }, + }, + + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + labels: p._config.commonLabels, + }, + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + labels: { prometheus: p._config.name } + p._config.commonLabels, + }, + spec: { + ports: [ + { name: 'web', targetPort: 'web', port: 9090 }, + ] + + ( + if p._config.thanos != {} then + [{ name: 'grpc', port: 10901, targetPort: 10901 }] + else [] + ), + selector: { app: 'prometheus' } + p._config.selectorLabels, + sessionAffinity: 'ClientIP', + }, + }, + + roleBindingSpecificNamespaces: + local newSpecificRoleBinding(namespace) = { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'prometheus-' + p._config.name, + namespace: namespace, + labels: p._config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'prometheus-' + p._config.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + }], + }; + { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBindingList', + items: [newSpecificRoleBinding(x) for x in p._config.namespaces], + }, + + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'prometheus-' + p._config.name, + labels: p._config.commonLabels, + }, + rules: [ + { + apiGroups: [''], + resources: ['nodes/metrics'], + verbs: ['get'], + }, + { + nonResourceURLs: ['/metrics'], + verbs: ['get'], + }, + ], + }, + + roleConfig: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'prometheus-' + p._config.name + '-config', + namespace: p._config.namespace, + labels: p._config.commonLabels, + }, + rules: [{ + apiGroups: [''], + resources: ['configmaps'], + verbs: ['get'], + }], + }, + + roleBindingConfig: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'prometheus-' + p._config.name + '-config', + namespace: p._config.namespace, + labels: p._config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'prometheus-' + p._config.name + '-config', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + }], + }, + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'prometheus-' + p._config.name, + labels: p._config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'prometheus-' + p._config.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + }], + }, + + roleSpecificNamespaces: + local newSpecificRole(namespace) = { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'prometheus-' + p._config.name, + namespace: namespace, + labels: p._config.commonLabels, + }, + rules: [ + { + apiGroups: [''], + resources: ['services', 'endpoints', 'pods'], + verbs: ['get', 'list', 'watch'], + }, + { + apiGroups: ['extensions'], + resources: ['ingresses'], + verbs: ['get', 'list', 'watch'], + }, + { + apiGroups: ['networking.k8s.io'], + resources: ['ingresses'], + verbs: ['get', 'list', 'watch'], + }, + ], + }; + { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleList', + items: [newSpecificRole(x) for x in p._config.namespaces], + }, + + [if (defaults + params).replicas > 1 then 'podDisruptionBudget']: { + apiVersion: 'policy/v1beta1', + kind: 'PodDisruptionBudget', + metadata: { + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + labels: p._config.commonLabels, + }, + spec: { + minAvailable: 1, + selector: { + matchLabels: { + prometheus: p._config.name, + } + p._config.selectorLabels, + }, + }, + }, + + prometheus: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'Prometheus', + metadata: { + name: p._config.name, + namespace: p._config.namespace, + labels: { prometheus: p._config.name } + p._config.commonLabels, + }, + spec: { + replicas: p._config.replicas, + version: p._config.version, + image: p._config.image, + podMetadata: { + labels: p._config.commonLabels, + }, + externalLabels: p._config.externalLabels, + serviceAccountName: 'prometheus-' + p._config.name, + serviceMonitorSelector: {}, + podMonitorSelector: {}, + probeSelector: {}, + serviceMonitorNamespaceSelector: {}, + podMonitorNamespaceSelector: {}, + probeNamespaceSelector: {}, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + ruleSelector: p._config.ruleSelector, + resources: p._config.resources, + alerting: { + alertmanagers: [{ + namespace: p._config.namespace, + name: 'alertmanager-' + p._config.alertmanagerName, + port: 'web', + apiVersion: 'v2', + }], + }, + securityContext: { + runAsUser: 1000, + runAsNonRoot: true, + fsGroup: 2000, + }, + [if std.objectHas(params, 'thanos') then 'thanos']: p._config.thanos, + }, + }, + + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + labels: p._config.commonLabels, + }, + spec: { + selector: { + matchLabels: p._config.selectorLabels, + }, + endpoints: [{ + port: 'web', + interval: '30s', + }], + }, + }, + + // Include thanos sidecar Service only if thanos config was passed by user + [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'serviceThanosSidecar']: { + apiVersion: 'v1', + kind: 'Service', + metadata+: { + name: 'prometheus-' + p._config.name + '-thanos-sidecar', + namespace: p._config.namespace, + labels+: p._config.commonLabels { + prometheus: p._config.name, + 'app.kubernetes.io/component': 'thanos-sidecar', + }, + }, + spec+: { + ports: [ + { name: 'grpc', port: 10901, targetPort: 10901 }, + { name: 'http', port: 10902, targetPort: 10902 }, + ], + selector: p._config.selectorLabels { + prometheus: p._config.name, + 'app.kubernetes.io/component': 'prometheus', + }, + clusterIP: 'None', + }, + }, + + // Include thanos sidecar ServiceMonitor only if thanos config was passed by user + [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'serviceMonitorThanosSidecar']: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata+: { + name: 'thanos-sidecar', + namespace: p._config.namespace, + labels: p._config.commonLabels { + prometheus: p._config.name, + 'app.kubernetes.io/component': 'thanos-sidecar', + }, + }, + spec+: { + jobLabel: 'app.kubernetes.io/component', + selector: { + matchLabels: { + prometheus: p._config.name, + 'app.kubernetes.io/component': 'thanos-sidecar', + }, + }, + endpoints: [{ + port: 'http', + interval: '30s', + }], + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/jsonnetfile.json b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/jsonnetfile.json index 20d65bd..3678bf2 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/jsonnetfile.json +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/jsonnetfile.json @@ -8,16 +8,16 @@ "subdir": "grafana" } }, - "version": "master" + "version": "8ea4e7bc04b1bf5e9bd99918ca28c6271b42be0e" }, { "source": { "git": { "remote": "https://github.com/etcd-io/etcd", - "subdir": "Documentation/etcd-mixin" + "subdir": "contrib/mixin" } }, - "version": "master" + "version": "562d645ac923388ff5b8d270b0536764d34b0e0f" }, { "source": { @@ -26,7 +26,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "release-0.44" + "version": "release-0.47" }, { "source": { @@ -35,7 +35,8 @@ "subdir": "jsonnet/mixin" } }, - "version": "master" + "version": "release-0.47", + "name": "prometheus-operator-mixin" }, { "source": { @@ -44,7 +45,7 @@ "subdir": "" } }, - "version": "master" + "version": "release-0.8" }, { "source": { @@ -53,7 +54,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "release-1.9" + "version": "release-2.0" }, { "source": { @@ -62,7 +63,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "master" + "version": "release-2.0" }, { "source": { @@ -71,7 +72,7 @@ "subdir": "docs/node-mixin" } }, - "version": "master" + "version": "release-1.1" }, { "source": { @@ -80,7 +81,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "release-2.23", + "version": "release-2.26", "name": "prometheus" }, { @@ -90,7 +91,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "master", + "version": "99f64e944b1043c790784cf5373c8fb349816fc4", "name": "alertmanager" }, { @@ -100,7 +101,8 @@ "subdir": "mixin" } }, - "version": "release-0.17" + "version": "release-0.19", + "name": "thanos-mixin" } ], "legacyImports": true diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet deleted file mode 100644 index 9005402..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet +++ /dev/null @@ -1,40 +0,0 @@ -{ - local antiaffinity(key, values, namespace) = { - affinity: { - podAntiAffinity: { - preferredDuringSchedulingIgnoredDuringExecution: [ - { - weight: 100, - podAffinityTerm: { - namespaces: [namespace], - topologyKey: 'kubernetes.io/hostname', - labelSelector: { - matchExpressions: [{ - key: key, - operator: 'In', - values: values, - }], - }, - }, - }, - ], - }, - }, - }, - - alertmanager+:: { - alertmanager+: { - spec+: - antiaffinity('alertmanager', [$._config.alertmanager.name], $._config.namespace), - }, - }, - - prometheus+:: { - local p = self, - - prometheus+: { - spec+: - antiaffinity('prometheus', [$._config.prometheus.name], $._config.namespace), - }, - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet deleted file mode 100644 index d4dd965..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet +++ /dev/null @@ -1,89 +0,0 @@ -{ - _config+:: { - eks: { - minimumAvailableIPs: 10, - minimumAvailableIPsTime: '10m', - }, - }, - prometheus+: { - serviceMonitorCoreDNS+: { - spec+: { - endpoints: [ - { - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - interval: '15s', - targetPort: 9153, - }, - ], - }, - }, - AwsEksCniMetricService: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'aws-node', - namespace: 'kube-system', - labels: { 'k8s-app': 'aws-node' }, - }, - spec: { - ports: [ - { name: 'cni-metrics-port', port: 61678, targetPort: 61678 }, - ], - selector: { 'k8s-app': 'aws-node' }, - clusterIP: 'None', - }, - }, - - serviceMonitorAwsEksCNI: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'awsekscni', - namespace: $._config.namespace, - labels: { - 'k8s-app': 'eks-cni', - }, - }, - spec: { - jobLabel: 'k8s-app', - selector: { - matchLabels: { - 'k8s-app': 'aws-node', - }, - }, - namespaceSelector: { - matchNames: [ - 'kube-system', - ], - }, - endpoints: [ - { - port: 'cni-metrics-port', - interval: '30s', - path: '/metrics', - }, - ], - }, - }, - }, - prometheusRules+: { - groups+: [ - { - name: 'kube-prometheus-eks.rules', - rules: [ - { - expr: 'sum by(instance) (awscni_ip_max) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $._config.eks.minimumAvailableIPs, - labels: { - severity: 'critical', - }, - annotations: { - message: 'Instance {{ $labels.instance }} has less than 10 IPs available.', - }, - 'for': $._config.eks.minimumAvailableIPsTime, - alert: 'EksAvailableIPs', - }, - ], - }, - ], - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-ksonnet.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-ksonnet.libsonnet deleted file mode 100644 index ad13373..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-ksonnet.libsonnet +++ /dev/null @@ -1,8 +0,0 @@ -local kp = (import './kube-prometheus/kube-prometheus.libsonnet'); - -{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + -{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + -{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + -{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + -{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-managed-cluster.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-managed-cluster.libsonnet deleted file mode 100644 index 9b4e1a8..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-managed-cluster.libsonnet +++ /dev/null @@ -1,35 +0,0 @@ -// On managed Kubernetes clusters some of the control plane components are not exposed to customers. -// Disable scrape jobs, service monitors, and alert groups for these components by overwriting 'kube-prometheus.libsonnet' defaults - -{ - _config+:: { - // This snippet walks the original object (super.jobs, set as temp var j) and creates a replacement jobs object - // excluding any members of the set specified (eg: controller and scheduler). - local j = super.jobs, - jobs: { - [k]: j[k] - for k in std.objectFields(j) - if !std.setMember(k, ['KubeControllerManager', 'KubeScheduler']) - }, - - // Skip alerting rules too - prometheus+:: { - rules+:: { - local g = super.groups, - groups: [ - h - for h in g - if !std.setMember(h.name, ['kubernetes-system-controller-manager', 'kubernetes-system-scheduler']) - ], - }, - }, - }, - - // Same as above but for ServiceMonitor's - local p = super.prometheus, - prometheus: { - [q]: p[q] - for q in std.objectFields(p) - if !std.setMember(q, ['serviceMonitorKubeControllerManager', 'serviceMonitorKubeScheduler']) - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet deleted file mode 100644 index fbd4020..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet +++ /dev/null @@ -1,35 +0,0 @@ -// Strips spec.containers[].limits for certain containers -// https://github.com/prometheus-operator/kube-prometheus/issues/72 -{ - _config+:: { - resources+:: { - 'addon-resizer'+: { - limits: {}, - }, - 'kube-rbac-proxy'+: { - limits: {}, - }, - 'kube-state-metrics'+: { - limits: {}, - }, - 'node-exporter'+: { - limits: {}, - }, - }, - }, - prometheusOperator+: { - deployment+: { - spec+: { - template+: { - spec+: { - local addArgs(c) = - if c.name == 'prometheus-operator' - then c { args+: ['--config-reloader-cpu=0'] } - else c, - containers: std.map(addArgs, super.containers), - }, - }, - }, - }, - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet deleted file mode 100644 index 0f762eb..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet +++ /dev/null @@ -1,80 +0,0 @@ -(import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + -{ - _config+:: { - versions+:: { thanos: 'v0.14.0' }, - imageRepos+:: { thanos: 'quay.io/thanos/thanos' }, - thanos+:: { - objectStorageConfig: { - key: 'thanos.yaml', // How the file inside the secret is called - name: 'thanos-objectstorage', // This is the name of your Kubernetes secret with the config - }, - }, - }, - prometheus+:: { - local p = self, - - // Add the grpc port to the Prometheus service to be able to query it with the Thanos Querier - service+: { - spec+: { - ports+: [ - { name: 'grpc', port: 10901, targetPort: 10901 }, - ], - }, - }, - // Create a new service that exposes both sidecar's HTTP metrics port and gRPC StoreAPI - serviceThanosSidecar: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'prometheus-' + p.name + '-thanos-sidecar', - namespace: p.namespace, - labels: { prometheus: p.name, app: 'thanos-sidecar' }, - }, - spec: { - ports: [ - { name: 'grpc', port: 10901, targetPort: 10901 }, - { name: 'http', port: 10902, targetPort: 10902 }, - ], - selector: { app: 'prometheus', prometheus: p.name }, - clusterIP: 'None', - }, - }, - prometheus+: { - spec+: { - thanos+: { - version: $._config.versions.thanos, - image: $._config.imageRepos.thanos + ':' + $._config.versions.thanos, - objectStorageConfig: $._config.thanos.objectStorageConfig, - }, - }, - }, - serviceMonitorThanosSidecar: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'thanos-sidecar', - namespace: p.namespace, - labels: { - 'k8s-app': 'prometheus', - }, - }, - spec: { - // Use the service's app label (thanos-sidecar) as the value for the job label. - jobLabel: 'app', - selector: { - matchLabels: { - prometheus: p.name, - app: 'thanos-sidecar', - }, - }, - endpoints: [ - { - port: 'http', - interval: '30s', - }, - ], - }, - }, - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-weave-net.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-weave-net.libsonnet deleted file mode 100644 index 19e7b93..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-weave-net.libsonnet +++ /dev/null @@ -1,196 +0,0 @@ -{ - prometheus+: { - serviceWeaveNet: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'weave-net', - namespace: 'kube-system', - labels: { 'k8s-app': 'weave-net' }, - }, - spec: { - ports: [ - { name: 'weave-net-metrics', targetPort: 6782, port: 6782 }, - ], - selector: { name: 'weave-net' }, - clusterIP: 'None', - }, - }, - serviceMonitorWeaveNet: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'weave-net', - labels: { - 'k8s-app': 'weave-net', - }, - namespace: 'monitoring', - }, - spec: { - jobLabel: 'k8s-app', - endpoints: [ - { - port: 'weave-net-metrics', - path: '/metrics', - interval: '15s', - }, - ], - namespaceSelector: { - matchNames: [ - 'kube-system', - ], - }, - selector: { - matchLabels: { - 'k8s-app': 'weave-net', - }, - }, - }, - }, - }, - prometheusRules+: { - groups+: [ - { - name: 'weave-net', - rules: [ - { - alert: 'WeaveNetIPAMSplitBrain', - expr: 'max(weave_ipam_unreachable_percentage) - min(weave_ipam_unreachable_percentage) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Percentage of all IP addresses owned by unreachable peers is not same for every node.', - description: 'actionable: Weave Net network has a split brain problem. Please find the problem and fix it.', - }, - }, - { - alert: 'WeaveNetIPAMUnreachable', - expr: 'weave_ipam_unreachable_percentage > 25', - 'for': '10m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Percentage of all IP addresses owned by unreachable peers is above threshold.', - description: 'actionable: Please find the problem and fix it.', - }, - }, - { - alert: 'WeaveNetIPAMPendingAllocates', - expr: 'sum(weave_ipam_pending_allocates) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Number of pending allocates is above the threshold.', - description: 'actionable: Please find the problem and fix it.', - }, - }, - { - alert: 'WeaveNetIPAMPendingClaims', - expr: 'sum(weave_ipam_pending_claims) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Number of pending claims is above the threshold.', - description: 'actionable: Please find the problem and fix it.', - }, - }, - { - alert: 'WeaveNetFastDPFlowsLow', - expr: 'sum(weave_flows) < 15000', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Number of FastDP flows is below the threshold.', - description: 'actionable: Please find the reason for FastDP flows to go below the threshold and fix it.', - }, - }, - { - alert: 'WeaveNetFastDPFlowsOff', - expr: 'sum(weave_flows == bool 0) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'FastDP flows is zero.', - description: 'actionable: Please find the reason for FastDP flows to be off and fix it.', - }, - }, - { - alert: 'WeaveNetHighConnectionTerminationRate', - expr: 'rate(weave_connection_terminations_total[5m]) > 0.1', - 'for': '5m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are getting terminated.', - description: 'actionable: Please find the reason for the high connection termination rate and fix it.', - }, - }, - { - alert: 'WeaveNetConnectionsConnecting', - expr: 'sum(weave_connections{state="connecting"}) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are in connecting state.', - description: 'actionable: Please find the reason for this and fix it.', - }, - }, - { - alert: 'WeaveNetConnectionsRetying', - expr: 'sum(weave_connections{state="retrying"}) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are in retrying state.', - description: 'actionable: Please find the reason for this and fix it.', - }, - }, - { - alert: 'WeaveNetConnectionsPending', - expr: 'sum(weave_connections{state="pending"}) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are in pending state.', - description: 'actionable: Please find the reason for this and fix it.', - }, - }, - { - alert: 'WeaveNetConnectionsFailed', - expr: 'sum(weave_connections{state="failed"}) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are in failed state.', - description: 'actionable: Please find the reason and fix it.', - }, - }, - ], - }, - ], - }, - grafanaDashboards+:: { - 'weave-net.json': (import './grafana-weave-net.json'), - 'weave-net-cluster.json': (import './grafana-weave-net-cluster.json'), - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus.libsonnet deleted file mode 100644 index 3bfd476..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ /dev/null @@ -1,205 +0,0 @@ -local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; - -(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + -(import './kube-state-metrics/kube-state-metrics.libsonnet') + -(import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + -(import './node-exporter/node-exporter.libsonnet') + -(import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + -(import './alertmanager/alertmanager.libsonnet') + -(import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + -(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + -(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + -(import './prometheus/prometheus.libsonnet') + -(import './prometheus-adapter/prometheus-adapter.libsonnet') + -(import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') + -(import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + -(import './alerts/alerts.libsonnet') + -(import './rules/rules.libsonnet') + -{ - kubePrometheus+:: { - namespace: { - apiVersion: 'v1', - kind: 'Namespace', - metadata: { - name: $._config.namespace, - }, - }, - }, - prometheusOperator+:: - { - service+: { - spec+: { - ports: [ - { - name: 'https', - port: 8443, - targetPort: 'https', - }, - ], - }, - }, - serviceMonitor+: { - spec+: { - endpoints: [ - { - port: 'https', - scheme: 'https', - honorLabels: true, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, - }, - ], - }, - }, - clusterRole+: { - rules+: [ - { - apiGroups: ['authentication.k8s.io'], - resources: ['tokenreviews'], - verbs: ['create'], - }, - { - apiGroups: ['authorization.k8s.io'], - resources: ['subjectaccessreviews'], - verbs: ['create'], - }, - ], - }, - } + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - local cfg = self, - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy', - securePortName: 'https', - securePort: 8443, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:8080/', - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin, - - - grafana+:: { - local dashboardDefinitions = super.dashboardDefinitions, - dashboardDefinitions: { - apiVersion: 'v1', - kind: 'ConfigMapList', - items: dashboardDefinitions, - }, - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'grafana', - namespace: $._config.namespace, - }, - spec: { - selector: { - matchLabels: { - app: 'grafana', - }, - }, - endpoints: [{ - port: 'http', - interval: '15s', - }], - }, - }, - }, -} + { - _config+:: { - namespace: 'default', - - versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' }, - imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' }, - - tlsCipherSuites: [ - 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 - 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 - - // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 - // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 - // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 - // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 - // 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 - // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2 - // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2 - // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 - // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 - // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 - // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 - // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 - - // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go - - 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', - 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', - 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305', - 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', - ], - - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', - - cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', - kubeletSelector: 'job="kubelet", metrics_path="/metrics"', - kubeStateMetricsSelector: 'job="kube-state-metrics"', - nodeExporterSelector: 'job="node-exporter"', - fsSpaceFillingUpCriticalThreshold: 15, - notKubeDnsSelector: 'job!="kube-dns"', - kubeSchedulerSelector: 'job="kube-scheduler"', - kubeControllerManagerSelector: 'job="kube-controller-manager"', - kubeApiserverSelector: 'job="apiserver"', - coreDNSSelector: 'job="kube-dns"', - podLabel: 'pod', - - alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', - alertmanagerClusterLabels: 'namespace,service', - alertmanagerSelector: 'job="alertmanager-' + $._config.alertmanager.name + '",namespace="' + $._config.namespace + '"', - prometheusSelector: 'job="prometheus-' + $._config.prometheus.name + '",namespace="' + $._config.namespace + '"', - prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', - prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + $._config.namespace + '"', - - jobs: { - Kubelet: $._config.kubeletSelector, - KubeScheduler: $._config.kubeSchedulerSelector, - KubeControllerManager: $._config.kubeControllerManagerSelector, - KubeAPI: $._config.kubeApiserverSelector, - KubeStateMetrics: $._config.kubeStateMetricsSelector, - NodeExporter: $._config.nodeExporterSelector, - Alertmanager: $._config.alertmanagerSelector, - Prometheus: $._config.prometheusSelector, - PrometheusOperator: $._config.prometheusOperatorSelector, - CoreDNS: $._config.coreDNSSelector, - }, - - resources+:: { - 'addon-resizer': { - requests: { cpu: '10m', memory: '30Mi' }, - limits: { cpu: '50m', memory: '30Mi' }, - }, - 'kube-rbac-proxy': { - requests: { cpu: '10m', memory: '20Mi' }, - limits: { cpu: '20m', memory: '40Mi' }, - }, - 'kube-state-metrics': { - requests: { cpu: '100m', memory: '150Mi' }, - limits: { cpu: '100m', memory: '150Mi' }, - }, - 'node-exporter': { - requests: { cpu: '102m', memory: '180Mi' }, - limits: { cpu: '250m', memory: '180Mi' }, - }, - }, - prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts }, - grafana+:: { dashboards: $.grafanaDashboards }, - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet deleted file mode 100644 index 724087d..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet +++ /dev/null @@ -1,93 +0,0 @@ -{ - local krp = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - - specMixin:: { - local sm = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - spec+: { - template+: { - spec+: { - containers+: [{ - name: krp.config.kubeRbacProxy.name, - image: krp.config.kubeRbacProxy.image, - args: [ - '--logtostderr', - '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress, - '--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites), - '--upstream=' + krp.config.kubeRbacProxy.upstream, - ], - ports: [ - { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort }, - ], - securityContext: { - runAsUser: 65532, - runAsGroup: 65532, - runAsNonRoot: true, - }, - }], - }, - }, - }, - }, - - deploymentMixin:: { - local dm = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - deployment+: krp.specMixin { - config+:: { - kubeRbacProxy+: dm.config.kubeRbacProxy, - }, - }, - }, - - statefulSetMixin:: { - local sm = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - statefulSet+: krp.specMixin { - config+:: { - kubeRbacProxy+: sm.config.kubeRbacProxy, - }, - }, - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet deleted file mode 100644 index f3a0e0d..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ /dev/null @@ -1,132 +0,0 @@ -local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; -local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet'; - -{ - _config+:: { - versions+:: { - kubeStateMetrics: '1.9.7', - }, - imageRepos+:: { - kubeStateMetrics: 'quay.io/coreos/kube-state-metrics', - }, - kubeStateMetrics+:: { - scrapeInterval: '30s', - scrapeTimeout: '30s', - }, - }, - kubeStateMetrics+:: - ksm { - local version = self.version, - name:: 'kube-state-metrics', - namespace:: $._config.namespace, - version:: $._config.versions.kubeStateMetrics, - image:: $._config.imageRepos.kubeStateMetrics + ':v' + $._config.versions.kubeStateMetrics, - service+: { - spec+: { - ports: [ - { - name: 'https-main', - port: 8443, - targetPort: 'https-main', - }, - { - name: 'https-self', - port: 9443, - targetPort: 'https-self', - }, - ], - }, - }, - deployment+: { - spec+: { - template+: { - spec+: { - containers: std.map(function(c) c { - ports:: null, - livenessProbe:: null, - readinessProbe:: null, - args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'], - }, super.containers), - }, - }, - }, - }, - serviceMonitor: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-state-metrics', - namespace: $._config.namespace, - labels: { - 'app.kubernetes.io/name': 'kube-state-metrics', - 'app.kubernetes.io/version': version, - }, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - selector: { - matchLabels: { - 'app.kubernetes.io/name': 'kube-state-metrics', - }, - }, - endpoints: [ - { - port: 'https-main', - scheme: 'https', - interval: $._config.kubeStateMetrics.scrapeInterval, - scrapeTimeout: $._config.kubeStateMetrics.scrapeTimeout, - honorLabels: true, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [ - { - regex: '(pod|service|endpoint|namespace)', - action: 'labeldrop', - }, - ], - tlsConfig: { - insecureSkipVerify: true, - }, - }, - { - port: 'https-self', - scheme: 'https', - interval: $._config.kubeStateMetrics.scrapeInterval, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, - }, - ], - }, - }, - } + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - local cfg = self, - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy-main', - securePortName: 'https-main', - securePort: 8443, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:8081/', - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - local cfg = self, - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy-self', - securePortName: 'https-self', - securePort: 9443, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:8082/', - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/lib/image.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/lib/image.libsonnet deleted file mode 100644 index 723d1b3..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/lib/image.libsonnet +++ /dev/null @@ -1,21 +0,0 @@ -// imageName extracts the image name from a fully qualified image string. eg. -// quay.io/coreos/addon-resizer -> addon-resizer -// grafana/grafana -> grafana -local imageName(image) = - local parts = std.split(image, '/'); - local len = std.length(parts); - if len == 3 then - // registry.com/org/image - parts[2] - else if len == 2 then - // org/image - parts[1] - else if len == 1 then - // image, ie. busybox - parts[0] - else - error 'unknown image format: ' + image; - -{ - imageName:: imageName, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/lib/lib.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/lib/lib.libsonnet deleted file mode 100644 index c30f976..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/lib/lib.libsonnet +++ /dev/null @@ -1 +0,0 @@ -(import 'image.libsonnet') diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/lib/mixin.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/lib/mixin.libsonnet new file mode 100644 index 0000000..ae39425 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/lib/mixin.libsonnet @@ -0,0 +1,38 @@ +local defaults = { + name: error 'provide name', + namespace: 'monitoring', + labels: { + prometheus: 'k8s', + }, + mixin: error 'provide a mixin', +}; + +function(params) { + config:: defaults + params, + + local m = self, + + local prometheusRules = if std.objectHasAll(m.config.mixin, 'prometheusRules') || std.objectHasAll(m.config.mixin, 'prometheusAlerts') then { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: m.config.labels, + name: m.config.name, + namespace: m.config.namespace, + }, + spec: { + local r = if std.objectHasAll(m.config.mixin, 'prometheusRules') then m.config.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(m.config.mixin, 'prometheusAlerts') then m.config.mixin.prometheusAlerts.groups else [], + groups: a + r, + }, + }, + + local grafanaDashboards = if std.objectHasAll(m.config.mixin, 'grafanaDashboards') then ( + if std.objectHas(m.config, 'dashboardFolder') then { + [m.config.dashboardFolder]+: m.config.mixin.grafanaDashboards, + } else (m.config.mixin.grafanaDashboards) + ), + + prometheusRules: prometheusRules, + grafanaDashboards: grafanaDashboards, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/main.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/main.libsonnet new file mode 100644 index 0000000..1c13b7b --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/main.libsonnet @@ -0,0 +1,131 @@ +local alertmanager = import './components/alertmanager.libsonnet'; +local blackboxExporter = import './components/blackbox-exporter.libsonnet'; +local grafana = import './components/grafana.libsonnet'; +local kubernetesControlPlane = import './components/k8s-control-plane.libsonnet'; +local kubeStateMetrics = import './components/kube-state-metrics.libsonnet'; +local customMixin = import './components/mixin/custom.libsonnet'; +local nodeExporter = import './components/node-exporter.libsonnet'; +local prometheusAdapter = import './components/prometheus-adapter.libsonnet'; +local prometheusOperator = import './components/prometheus-operator.libsonnet'; +local prometheus = import './components/prometheus.libsonnet'; + +local platformPatch = import './platforms/platforms.libsonnet'; + +{ + // using `values` as this is similar to helm + values:: { + common: { + namespace: 'default', + ruleLabels: { + role: 'alert-rules', + prometheus: $.values.prometheus.name, + }, + // to allow automatic upgrades of components, we store versions in autogenerated `versions.json` file and import it here + versions: { + alertmanager: error 'must provide version', + blackboxExporter: error 'must provide version', + grafana: error 'must provide version', + kubeStateMetrics: error 'must provide version', + nodeExporter: error 'must provide version', + prometheus: error 'must provide version', + prometheusAdapter: error 'must provide version', + prometheusOperator: error 'must provide version', + } + (import 'versions.json'), + images: { + alertmanager: 'quay.io/prometheus/alertmanager:v' + $.values.common.versions.alertmanager, + blackboxExporter: 'quay.io/prometheus/blackbox-exporter:v' + $.values.common.versions.blackboxExporter, + grafana: 'grafana/grafana:v' + $.values.common.versions.grafana, + kubeStateMetrics: 'k8s.gcr.io/kube-state-metrics/kube-state-metrics:v' + $.values.common.versions.kubeStateMetrics, + nodeExporter: 'quay.io/prometheus/node-exporter:v' + $.values.common.versions.nodeExporter, + prometheus: 'quay.io/prometheus/prometheus:v' + $.values.common.versions.prometheus, + prometheusAdapter: 'directxman12/k8s-prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, + prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator:v' + $.values.common.versions.prometheusOperator, + prometheusOperatorReloader: 'quay.io/prometheus-operator/prometheus-config-reloader:v' + $.values.common.versions.prometheusOperator, + }, + }, + alertmanager: { + name: 'main', + namespace: $.values.common.namespace, + version: $.values.common.versions.alertmanager, + image: $.values.common.images.alertmanager, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + }, + blackboxExporter: { + namespace: $.values.common.namespace, + version: $.values.common.versions.blackboxExporter, + image: $.values.common.images.blackboxExporter, + }, + grafana: { + namespace: $.values.common.namespace, + version: $.values.common.versions.grafana, + image: $.values.common.images.grafana, + prometheusName: $.values.prometheus.name, + // TODO(paulfantom) This should be done by iterating over all objects and looking for object.mixin.grafanaDashboards + dashboards: $.nodeExporter.mixin.grafanaDashboards + $.prometheus.mixin.grafanaDashboards + $.kubernetesControlPlane.mixin.grafanaDashboards, + }, + kubeStateMetrics: { + namespace: $.values.common.namespace, + version: $.values.common.versions.kubeStateMetrics, + image: $.values.common.images.kubeStateMetrics, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + }, + nodeExporter: { + namespace: $.values.common.namespace, + version: $.values.common.versions.nodeExporter, + image: $.values.common.images.nodeExporter, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + }, + prometheus: { + namespace: $.values.common.namespace, + version: $.values.common.versions.prometheus, + image: $.values.common.images.prometheus, + name: 'k8s', + alertmanagerName: $.values.alertmanager.name, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + }, + prometheusAdapter: { + namespace: $.values.common.namespace, + version: $.values.common.versions.prometheusAdapter, + image: $.values.common.images.prometheusAdapter, + prometheusURL: 'http://prometheus-' + $.values.prometheus.name + '.' + $.values.common.namespace + '.svc.cluster.local:9090/', + }, + prometheusOperator: { + namespace: $.values.common.namespace, + version: $.values.common.versions.prometheusOperator, + image: $.values.common.images.prometheusOperator, + configReloaderImage: $.values.common.images.prometheusOperatorReloader, + commonLabels+: { + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + }, + kubernetesControlPlane: { + namespace: $.values.common.namespace, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + }, + kubePrometheus: { + namespace: $.values.common.namespace, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + platform: null, + }, + }, + + alertmanager: alertmanager($.values.alertmanager), + blackboxExporter: blackboxExporter($.values.blackboxExporter), + grafana: grafana($.values.grafana), + kubeStateMetrics: kubeStateMetrics($.values.kubeStateMetrics), + nodeExporter: nodeExporter($.values.nodeExporter), + prometheus: prometheus($.values.prometheus), + prometheusAdapter: prometheusAdapter($.values.prometheusAdapter), + prometheusOperator: prometheusOperator($.values.prometheusOperator), + kubernetesControlPlane: kubernetesControlPlane($.values.kubernetesControlPlane), + kubePrometheus: customMixin($.values.kubePrometheus) + { + namespace: { + apiVersion: 'v1', + kind: 'Namespace', + metadata: { + name: $.values.kubePrometheus.namespace, + }, + }, + }, +} + platformPatch diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet deleted file mode 100644 index c2288ce..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ /dev/null @@ -1,212 +0,0 @@ -{ - _config+:: { - namespace: 'default', - versions+:: { nodeExporter: 'v1.0.1' }, - imageRepos+:: { nodeExporter: 'quay.io/prometheus/node-exporter' }, - - nodeExporter+:: { - listenAddress: '127.0.0.1', - port: 9100, - labels: { - 'app.kubernetes.io/name': 'node-exporter', - 'app.kubernetes.io/version': $._config.versions.nodeExporter, - }, - selectorLabels: { - [labelName]: $._config.nodeExporter.labels[labelName] - for labelName in std.objectFields($._config.nodeExporter.labels) - if !std.setMember(labelName, ['app.kubernetes.io/version']) - }, - }, - }, - - nodeExporter+:: { - clusterRoleBinding: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { - name: 'node-exporter', - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'node-exporter', - }, - subjects: [{ - kind: 'ServiceAccount', - name: 'node-exporter', - namespace: $._config.namespace, - }], - }, - - clusterRole: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { - name: 'node-exporter', - }, - rules: [ - { - apiGroups: ['authentication.k8s.io'], - resources: ['tokenreviews'], - verbs: ['create'], - }, - { - apiGroups: ['authorization.k8s.io'], - resources: ['subjectaccessreviews'], - verbs: ['create'], - }, - ], - }, - - daemonset: - local nodeExporter = { - name: 'node-exporter', - image: $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter, - args: [ - '--web.listen-address=' + std.join(':', [$._config.nodeExporter.listenAddress, std.toString($._config.nodeExporter.port)]), - '--path.procfs=/host/proc', - '--path.sysfs=/host/sys', - '--path.rootfs=/host/root', - '--no-collector.wifi', - '--no-collector.hwmon', - '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)', - ], - volumeMounts: [ - { name: 'proc', mountPath: '/host/proc', mountPropagation: 'HostToContainer', readOnly: true }, - { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, - { name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true }, - ], - resources: $._config.resources['node-exporter'], - }; - - local proxy = { - name: 'kube-rbac-proxy', - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - args: [ - '--logtostderr', - '--secure-listen-address=[$(IP)]:' + $._config.nodeExporter.port, - '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites), - '--upstream=http://127.0.0.1:' + $._config.nodeExporter.port + '/', - ], - env: [ - { name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } }, - ], - // Keep `hostPort` here, rather than in the node-exporter container - // because Kubernetes mandates that if you define a `hostPort` then - // `containerPort` must match. In our case, we are splitting the - // host port and container port between the two containers. - // We'll keep the port specification here so that the named port - // used by the service is tied to the proxy container. We *could* - // forgo declaring the host port, however it is important to declare - // it so that the scheduler can decide if the pod is schedulable. - ports: [ - { name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port }, - ], - resources: $._config.resources['kube-rbac-proxy'], - securityContext: { - runAsUser: 65532, - runAsGroup: 65532, - runAsNonRoot: true, - }, - }; - - { - apiVersion: 'apps/v1', - kind: 'DaemonSet', - metadata: { - name: 'node-exporter', - namespace: $._config.namespace, - labels: $._config.nodeExporter.labels, - }, - spec: { - selector: { matchLabels: $._config.nodeExporter.selectorLabels }, - updateStrategy: { - type: 'RollingUpdate', - rollingUpdate: { maxUnavailable: '10%' }, - }, - template: { - metadata: { labels: $._config.nodeExporter.labels }, - spec: { - nodeSelector: { 'kubernetes.io/os': 'linux' }, - tolerations: [{ - operator: 'Exists', - }], - containers: [nodeExporter, proxy], - volumes: [ - { name: 'proc', hostPath: { path: '/proc' } }, - { name: 'sys', hostPath: { path: '/sys' } }, - { name: 'root', hostPath: { path: '/' } }, - ], - serviceAccountName: 'node-exporter', - securityContext: { - runAsUser: 65534, - runAsNonRoot: true, - }, - hostPID: true, - hostNetwork: true, - }, - }, - }, - }, - - serviceAccount: { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - name: 'node-exporter', - namespace: $._config.namespace, - }, - }, - - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'node-exporter', - namespace: $._config.namespace, - labels: $._config.nodeExporter.labels, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - selector: { - matchLabels: $._config.nodeExporter.selectorLabels, - }, - endpoints: [{ - port: 'https', - scheme: 'https', - interval: '15s', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [ - { - action: 'replace', - regex: '(.*)', - replacement: '$1', - sourceLabels: ['__meta_kubernetes_pod_node_name'], - targetLabel: 'instance', - }, - ], - tlsConfig: { - insecureSkipVerify: true, - }, - }], - }, - }, - - service: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'node-exporter', - namespace: $._config.namespace, - labels: $._config.nodeExporter.labels, - }, - spec: { - ports: [ - { name: 'https', targetPort: 'https', port: $._config.nodeExporter.port }, - ], - selector: $._config.nodeExporter.selectorLabels, - clusterIP: 'None', - }, - }, - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/README.md b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/README.md new file mode 100644 index 0000000..45eb76d --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/README.md @@ -0,0 +1,3 @@ +# Adding a new platform specific configuration + +Adding a new platform specific configuration requires to update the [README](../../../README.md#cluster-creation-tools) and the [platforms.jsonnet](./platform.jsonnet) file by adding the platform to the list of existing ones. This allow the new platform to be discoverable and easily configurable by the users. diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/aws.libsonnet similarity index 72% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/aws.libsonnet index ae8d364..27a61c2 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/aws.libsonnet @@ -14,19 +14,19 @@ local service(name, namespace, labels, selector, ports) = { }; { - prometheus+: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }], ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], ), }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/bootkube.libsonnet similarity index 70% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/bootkube.libsonnet index 284544c..e4651ae 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/bootkube.libsonnet @@ -14,28 +14,28 @@ local service(name, namespace, labels, selector, ports) = { }; { - prometheus+:: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }] ), kubeDnsPrometheusDiscoveryService: service( 'kube-dns-prometheus-discovery', - 'kube-syste', - { 'k8s-app': 'kube-dns' }, - { 'k8s-app': 'kube-dns' }, + 'kube-system', + { 'app.kubernetes.io/name': 'kube-dns' }, + { 'app.kubernetes.io/name': 'kube-dns' }, [{ name: 'http-metrics-skydns', port: 10055, targetPort: 10055 }, { name: 'http-metrics-dnsmasq', port: 10054, targetPort: 10054 }] ), }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/eks.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/eks.libsonnet new file mode 100644 index 0000000..9fa5575 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -0,0 +1,98 @@ +{ + values+:: { + eks: { + minimumAvailableIPs: 10, + minimumAvailableIPsTime: '10m', + }, + }, + kubernetesControlPlane+: { + serviceMonitorCoreDNS+: { + spec+: { + endpoints: [ + { + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + interval: '15s', + targetPort: 9153, + }, + ], + }, + }, + AwsEksCniMetricService: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'aws-node', + namespace: 'kube-system', + labels: { 'app.kubernetes.io/name': 'aws-node' }, + }, + spec: { + ports: [ + { name: 'cni-metrics-port', port: 61678, targetPort: 61678 }, + ], + selector: { 'app.kubernetes.io/name': 'aws-node' }, + clusterIP: 'None', + }, + }, + + serviceMonitorAwsEksCNI: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'awsekscni', + namespace: $.values.common.namespace, + labels: { + 'app.kubernetes.io/name': 'eks-cni', + }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { + matchLabels: { + 'app.kubernetes.io/name': 'aws-node', + }, + }, + namespaceSelector: { + matchNames: [ + 'kube-system', + ], + }, + endpoints: [ + { + port: 'cni-metrics-port', + interval: '30s', + path: '/metrics', + }, + ], + }, + }, + prometheusRuleEksCNI: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels, + name: 'eks-rules', + namespace: $.prometheus._config.namespace, + }, + spec: { + groups: [ + { + name: 'kube-prometheus-eks.rules', + rules: [ + { + expr: 'sum by(instance) (awscni_ip_max) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.eks.minimumAvailableIPs, + labels: { + severity: 'critical', + }, + annotations: { + message: 'Instance {{ $labels.instance }} has less than 10 IPs available.', + }, + 'for': $.values.eks.minimumAvailableIPsTime, + alert: 'EksAvailableIPs', + }, + ], + }, + ], + }, + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/gke.libsonnet similarity index 55% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/gke.libsonnet index 3d64c01..973eeff 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/gke.libsonnet @@ -1,6 +1,6 @@ -(import './kube-prometheus-managed-cluster.libsonnet') + { - _config+:: { - prometheusAdapter+:: { +(import '../addons/managed-cluster.libsonnet') + { + values+:: { + prometheusAdapter+: { config+: { resourceRules:: null, }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet similarity index 70% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet index a003fc7..b968817 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet @@ -1,18 +1,18 @@ { - prometheus+:: { + kubernetesControlPlane+: { kubeDnsPrometheusDiscoveryService: { apiVersion: 'v1', kind: 'Service', metadata: { name: 'kube-dns-prometheus-discovery', namespace: 'kube-system', - labels: { 'k8s-app': 'kube-dns' }, + labels: { 'app.kubernetes.io/name': 'kube-dns' }, }, spec: { ports: [ { name: 'metrics', port: 9153, targetPort: 9153 }, ], - selector: { 'k8s-app': 'kube-dns' }, + selector: { 'app.kubernetes.io/name': 'kube-dns' }, clusterIP: 'None', }, }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kops.libsonnet similarity index 65% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kops.libsonnet index 8db8c29..914ffb0 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kops.libsonnet @@ -14,26 +14,26 @@ local service(name, namespace, labels, selector, ports) = { }; { - prometheus+:: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( - 'kube-controller-manager-prometheus-discovery', + 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }] ), kubeDnsPrometheusDiscoveryService: service( - 'kube-controller-manager-prometheus-discovery', + 'kube-dns-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-dns' }, - { 'k8s-app': 'kube-dns' }, + { 'app.kubernetes.io/name': 'kube-dns' }, + { 'app.kubernetes.io/name': 'kube-dns' }, [{ name: 'metrics', port: 10055, targetPort: 10055 }, { name: 'http-metrics-dnsmasq', port: 10054, targetPort: 10054 }] ), }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kubeadm.libsonnet similarity index 83% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kubeadm.libsonnet index 543e0ce..dec785d 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kubeadm.libsonnet @@ -14,18 +14,18 @@ local service(name, namespace, labels, selector, ports) = { }; { - prometheus+: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, { component: 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, { component: 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], ), diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kubespray.libsonnet similarity index 71% rename from monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet rename to monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kubespray.libsonnet index c1e7682..3b35e8e 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/kubespray.libsonnet @@ -15,20 +15,20 @@ local service(name, namespace, labels, selector, ports) = { { - prometheus+: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], ), @@ -36,7 +36,7 @@ local service(name, namespace, labels, selector, ports) = { spec+: { selector+: { matchLabels: { - 'k8s-app': 'kube-scheduler', + 'app.kubernetes.io/name': 'kube-scheduler', }, }, }, @@ -46,7 +46,7 @@ local service(name, namespace, labels, selector, ports) = { spec+: { selector+: { matchLabels: { - 'k8s-app': 'kube-controller-manager', + 'app.kubernetes.io/name': 'kube-controller-manager', }, }, }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/platforms.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/platforms.libsonnet new file mode 100644 index 0000000..979190f --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/platforms/platforms.libsonnet @@ -0,0 +1,41 @@ +local platforms = { + aws: import './aws.libsonnet', + bootkube: import './bootkube.libsonnet', + gke: import './gke.libsonnet', + eks: import './eks.libsonnet', + kops: import './kops.libsonnet', + kops_coredns: (import './kops.libsonnet') + (import './kops-coredns.libsonnet'), + kubeadm: import './kubeadm.libsonnet', + kubespray: import './kubespray.libsonnet', +}; + +// platformPatch returns the platform specific patch associated to the given +// platform. +local platformPatch(p) = if p != null && std.objectHas(platforms, p) then platforms[p] else {}; + +{ + // initialize the object to prevent "Indexed object has no field" lint errors + local p = { + alertmanager: {}, + blackboxExporter: {}, + grafana: {}, + kubeStateMetrics: {}, + nodeExporter: {}, + prometheus: {}, + prometheusAdapter: {}, + prometheusOperator: {}, + kubernetesControlPlane: {}, + kubePrometheus: {}, + } + platformPatch($.values.kubePrometheus.platform), + + alertmanager+: p.alertmanager, + blackboxExporter+: p.blackboxExporter, + grafana+: p.grafana, + kubeStateMetrics+: p.kubeStateMetrics, + nodeExporter+: p.nodeExporter, + prometheus+: p.prometheus, + prometheusAdapter+: p.prometheusAdapter, + prometheusOperator+: p.prometheusOperator, + kubernetesControlPlane+: p.kubernetesControlPlane, + kubePrometheus+: p.kubePrometheus, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet deleted file mode 100644 index 5863367..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet +++ /dev/null @@ -1,277 +0,0 @@ -{ - _config+:: { - namespace: 'default', - - versions+:: { prometheusAdapter: 'v0.8.2' }, - imageRepos+:: { prometheusAdapter: 'directxman12/k8s-prometheus-adapter' }, - - prometheusAdapter+:: { - name: 'prometheus-adapter', - namespace: $._config.namespace, - labels: { name: $._config.prometheusAdapter.name }, - prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', - config: { - resourceRules: { - cpu: { - containerQuery: 'sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}[5m])) by (<<.GroupBy>>)', - nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)', - resources: { - overrides: { - node: { resource: 'node' }, - namespace: { resource: 'namespace' }, - pod: { resource: 'pod' }, - }, - }, - containerLabel: 'container', - }, - memory: { - containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}) by (<<.GroupBy>>)', - nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', - resources: { - overrides: { - instance: { resource: 'node' }, - namespace: { resource: 'namespace' }, - pod: { resource: 'pod' }, - }, - }, - containerLabel: 'container', - }, - window: '5m', - }, - }, - }, - }, - - prometheusAdapter+:: { - apiService: { - apiVersion: 'apiregistration.k8s.io/v1', - kind: 'APIService', - metadata: { - name: 'v1beta1.metrics.k8s.io', - }, - spec: { - service: { - name: $.prometheusAdapter.service.metadata.name, - namespace: $._config.prometheusAdapter.namespace, - }, - group: 'metrics.k8s.io', - version: 'v1beta1', - insecureSkipTLSVerify: true, - groupPriorityMinimum: 100, - versionPriority: 100, - }, - }, - - configMap: { - apiVersion: 'v1', - kind: 'ConfigMap', - metadata: { - name: 'adapter-config', - namespace: $._config.prometheusAdapter.namespace, - }, - data: { 'config.yaml': std.manifestYamlDoc($._config.prometheusAdapter.config) }, - }, - - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: $._config.prometheusAdapter.name, - namespace: $._config.prometheusAdapter.namespace, - labels: $._config.prometheusAdapter.labels, - }, - spec: { - selector: { - matchLabels: $._config.prometheusAdapter.labels, - }, - endpoints: [ - { - port: 'https', - interval: '30s', - scheme: 'https', - tlsConfig: { - insecureSkipVerify: true, - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - }, - ], - }, - }, - - service: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: $._config.prometheusAdapter.name, - namespace: $._config.prometheusAdapter.namespace, - labels: $._config.prometheusAdapter.labels, - }, - spec: { - ports: [ - { name: 'https', targetPort: 6443, port: 443 }, - ], - selector: $._config.prometheusAdapter.labels, - }, - }, - - deployment: - local c = { - name: $._config.prometheusAdapter.name, - image: $._config.imageRepos.prometheusAdapter + ':' + $._config.versions.prometheusAdapter, - args: [ - '--cert-dir=/var/run/serving-cert', - '--config=/etc/adapter/config.yaml', - '--logtostderr=true', - '--metrics-relist-interval=1m', - '--prometheus-url=' + $._config.prometheusAdapter.prometheusURL, - '--secure-port=6443', - ], - ports: [{ containerPort: 6443 }], - volumeMounts: [ - { name: 'tmpfs', mountPath: '/tmp', readOnly: false }, - { name: 'volume-serving-cert', mountPath: '/var/run/serving-cert', readOnly: false }, - { name: 'config', mountPath: '/etc/adapter', readOnly: false }, - ], - }; - - { - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: $._config.prometheusAdapter.name, - namespace: $._config.prometheusAdapter.namespace, - }, - spec: { - replicas: 1, - selector: { matchLabels: $._config.prometheusAdapter.labels }, - strategy: { - rollingUpdate: { - maxSurge: 1, - maxUnavailable: 0, - }, - }, - template: { - metadata: { labels: $._config.prometheusAdapter.labels }, - spec: { - containers: [c], - serviceAccountName: $.prometheusAdapter.serviceAccount.metadata.name, - nodeSelector: { 'kubernetes.io/os': 'linux' }, - volumes: [ - { name: 'tmpfs', emptyDir: {} }, - { name: 'volume-serving-cert', emptyDir: {} }, - { name: 'config', configMap: { name: 'adapter-config' } }, - ], - }, - }, - }, - }, - - serviceAccount: { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - name: $._config.prometheusAdapter.name, - namespace: $._config.prometheusAdapter.namespace, - }, - }, - - clusterRole: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { - name: $._config.prometheusAdapter.name, - }, - rules: [{ - apiGroups: [''], - resources: ['nodes', 'namespaces', 'pods', 'services'], - verbs: ['get', 'list', 'watch'], - }], - }, - - clusterRoleBinding: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { - name: $._config.prometheusAdapter.name, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: $.prometheusAdapter.clusterRole.metadata.name, - }, - subjects: [{ - kind: 'ServiceAccount', - name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, - }], - }, - - clusterRoleBindingDelegator: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { - name: 'resource-metrics:system:auth-delegator', - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'system:auth-delegator', - }, - subjects: [{ - kind: 'ServiceAccount', - name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, - }], - }, - - clusterRoleServerResources: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { - name: 'resource-metrics-server-resources', - }, - rules: [{ - apiGroups: ['metrics.k8s.io'], - resources: ['*'], - verbs: ['*'], - }], - }, - - clusterRoleAggregatedMetricsReader: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { - name: 'system:aggregated-metrics-reader', - labels: { - 'rbac.authorization.k8s.io/aggregate-to-admin': 'true', - 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', - 'rbac.authorization.k8s.io/aggregate-to-view': 'true', - }, - }, - rules: [{ - apiGroups: ['metrics.k8s.io'], - resources: ['pods', 'nodes'], - verbs: ['get', 'list', 'watch'], - }], - }, - - roleBindingAuthReader: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: 'resource-metrics-auth-reader', - namespace: 'kube-system', - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: 'extension-apiserver-authentication-reader', - }, - subjects: [{ - kind: 'ServiceAccount', - name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, - }], - }, - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet deleted file mode 100644 index 1545b69..0000000 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ /dev/null @@ -1,463 +0,0 @@ -local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet'; - -{ - _config+:: { - namespace: 'default', - - versions+:: { prometheus: 'v2.22.1' }, - imageRepos+:: { prometheus: 'quay.io/prometheus/prometheus' }, - alertmanager+:: { name: 'main' }, - - prometheus+:: { - name: 'k8s', - replicas: 2, - rules: {}, - namespaces: ['default', 'kube-system', $._config.namespace], - }, - }, - - prometheus+:: { - local p = self, - - name:: $._config.prometheus.name, - namespace:: $._config.namespace, - roleBindingNamespaces:: $._config.prometheus.namespaces, - replicas:: $._config.prometheus.replicas, - prometheusRules:: $._config.prometheus.rules, - alertmanagerName:: $.alertmanager.service.metadata.name, - - serviceAccount: { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - name: 'prometheus-' + p.name, - namespace: p.namespace, - }, - }, - - service: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'prometheus-' + p.name, - namespace: p.namespace, - labels: { prometheus: p.name }, - }, - spec: { - ports: [ - { name: 'web', targetPort: 'web', port: 9090 }, - ], - selector: { app: 'prometheus', prometheus: p.name }, - sessionAffinity: 'ClientIP', - }, - }, - - rules: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PrometheusRule', - metadata: { - labels: { - prometheus: p.name, - role: 'alert-rules', - }, - name: 'prometheus-' + p.name + '-rules', - namespace: p.namespace, - }, - spec: { - groups: p.prometheusRules.groups, - }, - }, - - roleBindingSpecificNamespaces: - local newSpecificRoleBinding(namespace) = { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: 'prometheus-' + p.name, - namespace: namespace, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: 'prometheus-' + p.name, - }, - subjects: [{ - kind: 'ServiceAccount', - name: 'prometheus-' + p.name, - namespace: p.namespace, - }], - }; - { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBindingList', - items: [newSpecificRoleBinding(x) for x in p.roleBindingNamespaces], - }, - - clusterRole: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { name: 'prometheus-' + p.name }, - rules: [ - { - apiGroups: [''], - resources: ['nodes/metrics'], - verbs: ['get'], - }, - { - nonResourceURLs: ['/metrics'], - verbs: ['get'], - }, - ], - }, - - roleConfig: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role', - metadata: { - name: 'prometheus-' + p.name + '-config', - namespace: p.namespace, - }, - rules: [{ - apiGroups: [''], - resources: ['configmaps'], - verbs: ['get'], - }], - }, - - roleBindingConfig: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: 'prometheus-' + p.name + '-config', - namespace: p.namespace, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: 'prometheus-' + p.name + '-config', - }, - subjects: [{ - kind: 'ServiceAccount', - name: 'prometheus-' + p.name, - namespace: p.namespace, - }], - }, - - clusterRoleBinding: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { name: 'prometheus-' + p.name }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'prometheus-' + p.name, - }, - subjects: [{ - kind: 'ServiceAccount', - name: 'prometheus-' + p.name, - namespace: p.namespace, - }], - }, - - roleSpecificNamespaces: - local newSpecificRole(namespace) = { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role', - metadata: { - name: 'prometheus-' + p.name, - namespace: namespace, - }, - rules: [ - { - apiGroups: [''], - resources: ['services', 'endpoints', 'pods'], - verbs: ['get', 'list', 'watch'], - }, - { - apiGroups: ['extensions'], - resources: ['ingresses'], - verbs: ['get', 'list', 'watch'], - }, - ], - }; - { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleList', - items: [newSpecificRole(x) for x in p.roleBindingNamespaces], - }, - - prometheus: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'Prometheus', - metadata: { - name: p.name, - namespace: p.namespace, - labels: { prometheus: p.name }, - }, - spec: { - replicas: p.replicas, - version: $._config.versions.prometheus, - image: $._config.imageRepos.prometheus + ':' + $._config.versions.prometheus, - serviceAccountName: 'prometheus-' + p.name, - serviceMonitorSelector: {}, - podMonitorSelector: {}, - probeSelector: {}, - serviceMonitorNamespaceSelector: {}, - podMonitorNamespaceSelector: {}, - probeNamespaceSelector: {}, - nodeSelector: { 'kubernetes.io/os': 'linux' }, - ruleSelector: { - matchLabels: { - role: 'alert-rules', - prometheus: p.name, - }, - }, - resources: { - requests: { memory: '400Mi' }, - }, - alerting: { - alertmanagers: [{ - namespace: p.namespace, - name: p.alertmanagerName, - port: 'web', - }], - }, - securityContext: { - runAsUser: 1000, - runAsNonRoot: true, - fsGroup: 2000, - }, - }, - }, - - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'prometheus', - namespace: p.namespace, - labels: { 'k8s-app': 'prometheus' }, - }, - spec: { - selector: { - matchLabels: { prometheus: p.name }, - }, - endpoints: [{ - port: 'web', - interval: '30s', - }], - }, - }, - - serviceMonitorKubeScheduler: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-scheduler', - namespace: p.namespace, - labels: { 'k8s-app': 'kube-scheduler' }, - }, - spec: { - jobLabel: 'k8s-app', - endpoints: [{ - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { insecureSkipVerify: true }, - }], - selector: { - matchLabels: { 'k8s-app': 'kube-scheduler' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - }, - }, - - serviceMonitorKubelet: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kubelet', - namespace: p.namespace, - labels: { 'k8s-app': 'kubelet' }, - }, - spec: { - jobLabel: 'k8s-app', - endpoints: [ - { - port: 'https-metrics', - scheme: 'https', - interval: '30s', - honorLabels: true, - tlsConfig: { insecureSkipVerify: true }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: relabelings, - relabelings: [{ - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }], - }, - { - port: 'https-metrics', - scheme: 'https', - path: '/metrics/cadvisor', - interval: '30s', - honorLabels: true, - honorTimestamps: false, - tlsConfig: { - insecureSkipVerify: true, - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [{ - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }], - metricRelabelings: [ - // Drop a bunch of metrics which are disabled but still sent, see - // https://github.com/google/cadvisor/issues/1925. - { - sourceLabels: ['__name__'], - regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', - action: 'drop', - }, - ], - }, - { - port: 'https-metrics', - scheme: 'https', - path: '/metrics/probes', - interval: '30s', - honorLabels: true, - tlsConfig: { insecureSkipVerify: true }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [{ - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }], - }, - ], - selector: { - matchLabels: { 'k8s-app': 'kubelet' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - }, - }, - - serviceMonitorKubeControllerManager: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-controller-manager', - namespace: p.namespace, - labels: { 'k8s-app': 'kube-controller-manager' }, - }, - spec: { - jobLabel: 'k8s-app', - endpoints: [{ - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, - metricRelabelings: relabelings + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|request|server).*', - action: 'drop', - }, - ], - }], - selector: { - matchLabels: { 'k8s-app': 'kube-controller-manager' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - }, - }, - - serviceMonitorApiserver: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-apiserver', - namespace: p.namespace, - labels: { 'k8s-app': 'apiserver' }, - }, - spec: { - jobLabel: 'component', - selector: { - matchLabels: { - component: 'apiserver', - provider: 'kubernetes', - }, - }, - namespaceSelector: { - matchNames: ['default'], - }, - endpoints: [{ - port: 'https', - interval: '30s', - scheme: 'https', - tlsConfig: { - caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', - serverName: 'kubernetes', - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: relabelings + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|server).*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_step_admission_latencies_seconds_.*', - action: 'drop', - }, - { - sourceLabels: ['__name__', 'le'], - regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', - action: 'drop', - }, - ], - }], - }, - }, - - serviceMonitorCoreDNS: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'coredns', - namespace: p.namespace, - labels: { 'k8s-app': 'coredns' }, - }, - spec: { - jobLabel: 'k8s-app', - selector: { - matchLabels: { 'k8s-app': 'kube-dns' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - endpoints: [{ - port: 'metrics', - interval: '15s', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - }], - }, - }, - }, -} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/versions.json b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/versions.json new file mode 100644 index 0000000..72f9162 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/versions.json @@ -0,0 +1,10 @@ +{ + "alertmanager": "0.21.0", + "blackboxExporter": "0.18.0", + "grafana": "7.5.4", + "kubeStateMetrics": "2.0.0", + "nodeExporter": "1.1.2", + "prometheus": "2.26.0", + "prometheusAdapter": "0.8.4", + "prometheusOperator": "0.47.0" +} diff --git a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/alertmanager-crd.libsonnet b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/alertmanager-crd.libsonnet index 109b209..6cb33e8 100644 --- a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/alertmanager-crd.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/alertmanager-crd.libsonnet @@ -1 +1 @@ -{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"alertmanagers.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"kind":"Alertmanager","listKind":"AlertmanagerList","plural":"alertmanagers","singular":"alertmanager"},"scope":"Namespaced","versions":[{"additionalPrinterColumns":[{"description":"The version of Alertmanager","jsonPath":".spec.version","name":"Version","type":"string"},{"description":"The desired replicas number of Alertmanagers","jsonPath":".spec.replicas","name":"Replicas","type":"integer"},{"jsonPath":".metadata.creationTimestamp","name":"Age","type":"date"}],"name":"v1","schema":{"openAPIV3Schema":{"description":"Alertmanager describes an Alertmanager cluster.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"additionalPeers":{"description":"AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.","items":{"type":"string"},"type":"array"},"affinity":{"description":"If specified, the pod's scheduling constraints.","properties":{"nodeAffinity":{"description":"Describes node affinity scheduling rules for the pod.","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.","items":{"description":"An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).","properties":{"preference":{"description":"A node selector term, associated with the corresponding weight.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"weight":{"description":"Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["preference","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.","properties":{"nodeSelectorTerms":{"description":"Required. A list of node selector terms. The terms are ORed.","items":{"description":"A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"type":"array"}},"required":["nodeSelectorTerms"],"type":"object"}},"type":"object"},"podAffinity":{"description":"Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"},"podAntiAffinity":{"description":"Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"}},"type":"object"},"alertmanagerConfigNamespaceSelector":{"description":"Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"alertmanagerConfigSelector":{"description":"AlertmanagerConfigs to be selected for to merge and configure Alertmanager with.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"baseImage":{"description":"Base image that is used to deploy pods, without tag. Deprecated: use 'image' instead","type":"string"},"clusterAdvertiseAddress":{"description":"ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918","type":"string"},"clusterGossipInterval":{"description":"Interval between gossip attempts.","type":"string"},"clusterPeerTimeout":{"description":"Timeout for cluster peering.","type":"string"},"clusterPushpullInterval":{"description":"Interval between pushpull attempts.","type":"string"},"configMaps":{"description":"ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/\u003cconfigmap-name\u003e.","items":{"type":"string"},"type":"array"},"configSecret":{"description":"ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager instance. Defaults to 'alertmanager-\u003calertmanager-name\u003e' The secret is mounted into /etc/alertmanager/config.","type":"string"},"containers":{"description":"Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"externalUrl":{"description":"The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name.","type":"string"},"forceEnableClusterMode":{"description":"ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.","type":"boolean"},"image":{"description":"Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured.","type":"string"},"imagePullSecrets":{"description":"An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod","items":{"description":"LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"type":"array"},"initContainers":{"description":"InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"listenLocal":{"description":"ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication.","type":"boolean"},"logFormat":{"description":"Log format for Alertmanager to be configured with.","type":"string"},"logLevel":{"description":"Log level for Alertmanager to be configured with.","type":"string"},"nodeSelector":{"additionalProperties":{"type":"string"},"description":"Define which Nodes the Pods are scheduled on.","type":"object"},"paused":{"description":"If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions.","type":"boolean"},"podMetadata":{"description":"PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"portName":{"description":"Port name used for the pods and governing service. This defaults to web","type":"string"},"priorityClassName":{"description":"Priority class assigned to the Pods","type":"string"},"replicas":{"description":"Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size.","format":"int32","type":"integer"},"resources":{"description":"Define resources requests and limits for single Pods.","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"retention":{"description":"Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).","type":"string"},"routePrefix":{"description":"The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.","type":"string"},"secrets":{"description":"Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/\u003csecret-name\u003e.","items":{"type":"string"},"type":"array"},"securityContext":{"description":"SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.","properties":{"fsGroup":{"description":"A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume.","format":"int64","type":"integer"},"fsGroupChangePolicy":{"description":"fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified defaults to \"Always\".","type":"string"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"supplementalGroups":{"description":"A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.","items":{"format":"int64","type":"integer"},"type":"array"},"sysctls":{"description":"Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.","items":{"description":"Sysctl defines a kernel parameter to be set","properties":{"name":{"description":"Name of a property to set","type":"string"},"value":{"description":"Value of a property to set","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"serviceAccountName":{"description":"ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.","type":"string"},"sha":{"description":"SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.","type":"string"},"storage":{"description":"Storage is the definition of how storage will be used by the Alertmanager instances.","properties":{"disableMountSubPath":{"description":"Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.","type":"boolean"},"emptyDir":{"description":"EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"volumeClaimTemplate":{"description":"A PVC spec to be used by the Prometheus StatefulSets.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"description":"EmbeddedMetadata contains metadata relevant to an EmbeddedResource.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"spec":{"description":"Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"dataSource":{"description":"This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.","properties":{"apiGroup":{"description":"APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.","type":"string"},"kind":{"description":"Kind is the type of resource being referenced","type":"string"},"name":{"description":"Name is the name of resource being referenced","type":"string"}},"required":["kind","name"],"type":"object"},"resources":{"description":"Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"selector":{"description":"A label query over volumes to consider for binding.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"storageClassName":{"description":"Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1","type":"string"},"volumeMode":{"description":"volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.","type":"string"},"volumeName":{"description":"VolumeName is the binding reference to the PersistentVolume backing this claim.","type":"string"}},"type":"object"},"status":{"description":"Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"capacity":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Represents the actual resources of the underlying volume.","type":"object"},"conditions":{"description":"Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.","items":{"description":"PersistentVolumeClaimCondition contails details about state of pvc","properties":{"lastProbeTime":{"description":"Last time we probed the condition.","format":"date-time","type":"string"},"lastTransitionTime":{"description":"Last time the condition transitioned from one status to another.","format":"date-time","type":"string"},"message":{"description":"Human-readable message indicating details about last transition.","type":"string"},"reason":{"description":"Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized.","type":"string"},"status":{"type":"string"},"type":{"description":"PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type","type":"string"}},"required":["status","type"],"type":"object"},"type":"array"},"phase":{"description":"Phase represents the current phase of PersistentVolumeClaim.","type":"string"}},"type":"object"}},"type":"object"}},"type":"object"},"tag":{"description":"Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.","type":"string"},"tolerations":{"description":"If specified, the pod's tolerations.","items":{"description":"The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.","properties":{"effect":{"description":"Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.","type":"string"},"key":{"description":"Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.","type":"string"},"operator":{"description":"Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.","type":"string"},"tolerationSeconds":{"description":"TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.","format":"int64","type":"integer"},"value":{"description":"Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.","type":"string"}},"type":"object"},"type":"array"},"topologySpreadConstraints":{"description":"If specified, the pod's topology spread constraints.","items":{"description":"TopologySpreadConstraint specifies how to spread matching pods among the given topology.","properties":{"labelSelector":{"description":"LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"maxSkew":{"description":"MaxSkew describes the degree to which pods may be unevenly distributed. It's the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It's a required field. Default value is 1 and 0 is not allowed.","format":"int32","type":"integer"},"topologyKey":{"description":"TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.","type":"string"},"whenUnsatisfiable":{"description":"WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It's considered as \"Unsatisfiable\" if and only if placing incoming pod on any topology violates \"MaxSkew\". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.","type":"string"}},"required":["maxSkew","topologyKey","whenUnsatisfiable"],"type":"object"},"type":"array"},"version":{"description":"Version the cluster should be on.","type":"string"},"volumeMounts":{"description":"VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"volumes":{"description":"Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.","items":{"description":"Volume represents a named volume in a pod that may be accessed by any container in the pod.","properties":{"awsElasticBlockStore":{"description":"AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).","format":"int32","type":"integer"},"readOnly":{"description":"Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"boolean"},"volumeID":{"description":"Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"string"}},"required":["volumeID"],"type":"object"},"azureDisk":{"description":"AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.","properties":{"cachingMode":{"description":"Host Caching mode: None, Read Only, Read Write.","type":"string"},"diskName":{"description":"The Name of the data disk in the blob storage","type":"string"},"diskURI":{"description":"The URI the data disk in the blob storage","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"kind":{"description":"Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"}},"required":["diskName","diskURI"],"type":"object"},"azureFile":{"description":"AzureFile represents an Azure File Service mount on the host and bind mount to the pod.","properties":{"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretName":{"description":"the name of secret that contains Azure Storage Account Name and Key","type":"string"},"shareName":{"description":"Share Name","type":"string"}},"required":["secretName","shareName"],"type":"object"},"cephfs":{"description":"CephFS represents a Ceph FS mount on the host that shares a pod's lifetime","properties":{"monitors":{"description":"Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"path":{"description":"Optional: Used as the mounted root, rather than the full Ceph tree, default is /","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"boolean"},"secretFile":{"description":"Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"},"secretRef":{"description":"Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"}},"required":["monitors"],"type":"object"},"cinder":{"description":"Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"boolean"},"secretRef":{"description":"Optional: points to a secret object containing parameters used to connect to OpenStack.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeID":{"description":"volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"}},"required":["volumeID"],"type":"object"},"configMap":{"description":"ConfigMap represents a configMap that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"csi":{"description":"CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).","properties":{"driver":{"description":"Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.","type":"string"},"fsType":{"description":"Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.","type":"string"},"nodePublishSecretRef":{"description":"NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"readOnly":{"description":"Specifies a read-only configuration for the volume. Defaults to false (read/write).","type":"boolean"},"volumeAttributes":{"additionalProperties":{"type":"string"},"description":"VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.","type":"object"}},"required":["driver"],"type":"object"},"downwardAPI":{"description":"DownwardAPI represents downward API about the pod that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"Items is a list of downward API volume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"emptyDir":{"description":"EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"fc":{"description":"FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"lun":{"description":"Optional: FC target lun number","format":"int32","type":"integer"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"targetWWNs":{"description":"Optional: FC target worldwide names (WWNs)","items":{"type":"string"},"type":"array"},"wwids":{"description":"Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.","items":{"type":"string"},"type":"array"}},"type":"object"},"flexVolume":{"description":"FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.","properties":{"driver":{"description":"Driver is the name of the driver to use for this volume.","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.","type":"string"},"options":{"additionalProperties":{"type":"string"},"description":"Optional: Extra command options if any.","type":"object"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"}},"required":["driver"],"type":"object"},"flocker":{"description":"Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running","properties":{"datasetName":{"description":"Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated","type":"string"},"datasetUUID":{"description":"UUID of the dataset. This is unique identifier of a Flocker dataset","type":"string"}},"type":"object"},"gcePersistentDisk":{"description":"GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","format":"int32","type":"integer"},"pdName":{"description":"Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"boolean"}},"required":["pdName"],"type":"object"},"gitRepo":{"description":"GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.","properties":{"directory":{"description":"Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.","type":"string"},"repository":{"description":"Repository URL","type":"string"},"revision":{"description":"Commit hash for the specified revision.","type":"string"}},"required":["repository"],"type":"object"},"glusterfs":{"description":"Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md","properties":{"endpoints":{"description":"EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"path":{"description":"Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"readOnly":{"description":"ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"boolean"}},"required":["endpoints","path"],"type":"object"},"hostPath":{"description":"HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.","properties":{"path":{"description":"Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"},"type":{"description":"Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"}},"required":["path"],"type":"object"},"iscsi":{"description":"ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md","properties":{"chapAuthDiscovery":{"description":"whether support iSCSI Discovery CHAP authentication","type":"boolean"},"chapAuthSession":{"description":"whether support iSCSI Session CHAP authentication","type":"boolean"},"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"initiatorName":{"description":"Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.","type":"string"},"iqn":{"description":"Target iSCSI Qualified Name.","type":"string"},"iscsiInterface":{"description":"iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).","type":"string"},"lun":{"description":"iSCSI Target Lun number.","format":"int32","type":"integer"},"portals":{"description":"iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","items":{"type":"string"},"type":"array"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.","type":"boolean"},"secretRef":{"description":"CHAP Secret for iSCSI target and initiator authentication","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"targetPortal":{"description":"iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","type":"string"}},"required":["iqn","lun","targetPortal"],"type":"object"},"name":{"description":"Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"nfs":{"description":"NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","properties":{"path":{"description":"Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"},"readOnly":{"description":"ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"boolean"},"server":{"description":"Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"}},"required":["path","server"],"type":"object"},"persistentVolumeClaim":{"description":"PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"claimName":{"description":"ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","type":"string"},"readOnly":{"description":"Will force the ReadOnly setting in VolumeMounts. Default false.","type":"boolean"}},"required":["claimName"],"type":"object"},"photonPersistentDisk":{"description":"PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"pdID":{"description":"ID that identifies Photon Controller persistent disk","type":"string"}},"required":["pdID"],"type":"object"},"portworxVolume":{"description":"PortworxVolume represents a portworx volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"volumeID":{"description":"VolumeID uniquely identifies a Portworx volume","type":"string"}},"required":["volumeID"],"type":"object"},"projected":{"description":"Items for all in one resources secrets, configmaps, and downward API","properties":{"defaultMode":{"description":"Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"sources":{"description":"list of volume projections","items":{"description":"Projection that may be projected along with other supported volume types","properties":{"configMap":{"description":"information about the configMap data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"downwardAPI":{"description":"information about the downwardAPI data to project","properties":{"items":{"description":"Items is a list of DownwardAPIVolume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"secret":{"description":"information about the secret data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"type":"object"},"serviceAccountToken":{"description":"information about the serviceAccountToken data to project","properties":{"audience":{"description":"Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.","type":"string"},"expirationSeconds":{"description":"ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.","format":"int64","type":"integer"},"path":{"description":"Path is the path relative to the mount point of the file to project the token into.","type":"string"}},"required":["path"],"type":"object"}},"type":"object"},"type":"array"}},"required":["sources"],"type":"object"},"quobyte":{"description":"Quobyte represents a Quobyte mount on the host that shares a pod's lifetime","properties":{"group":{"description":"Group to map volume access to Default is no group","type":"string"},"readOnly":{"description":"ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.","type":"boolean"},"registry":{"description":"Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes","type":"string"},"tenant":{"description":"Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin","type":"string"},"user":{"description":"User to map volume access to Defaults to serivceaccount user","type":"string"},"volume":{"description":"Volume is a string that references an already created Quobyte volume by name.","type":"string"}},"required":["registry","volume"],"type":"object"},"rbd":{"description":"RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"image":{"description":"The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"keyring":{"description":"Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"monitors":{"description":"A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"pool":{"description":"The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"boolean"},"secretRef":{"description":"SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"}},"required":["image","monitors"],"type":"object"},"scaleIO":{"description":"ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".","type":"string"},"gateway":{"description":"The host address of the ScaleIO API Gateway.","type":"string"},"protectionDomain":{"description":"The name of the ScaleIO Protection Domain for the configured storage.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"sslEnabled":{"description":"Flag to enable/disable SSL communication with Gateway, default false","type":"boolean"},"storageMode":{"description":"Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.","type":"string"},"storagePool":{"description":"The ScaleIO Storage Pool associated with the protection domain.","type":"string"},"system":{"description":"The name of the storage system as configured in ScaleIO.","type":"string"},"volumeName":{"description":"The name of a volume already created in the ScaleIO system that is associated with this volume source.","type":"string"}},"required":["gateway","secretRef","system"],"type":"object"},"secret":{"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"optional":{"description":"Specify whether the Secret or its keys must be defined","type":"boolean"},"secretName":{"description":"Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","type":"string"}},"type":"object"},"storageos":{"description":"StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeName":{"description":"VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.","type":"string"},"volumeNamespace":{"description":"VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.","type":"string"}},"type":"object"},"vsphereVolume":{"description":"VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"storagePolicyID":{"description":"Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.","type":"string"},"storagePolicyName":{"description":"Storage Policy Based Management (SPBM) profile name.","type":"string"},"volumePath":{"description":"Path that identifies vSphere volume vmdk","type":"string"}},"required":["volumePath"],"type":"object"}},"required":["name"],"type":"object"},"type":"array"}},"type":"object"},"status":{"description":"Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"availableReplicas":{"description":"Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster.","format":"int32","type":"integer"},"paused":{"description":"Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.","type":"boolean"},"replicas":{"description":"Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector).","format":"int32","type":"integer"},"unavailableReplicas":{"description":"Total number of unavailable pods targeted by this Alertmanager cluster.","format":"int32","type":"integer"},"updatedReplicas":{"description":"Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec.","format":"int32","type":"integer"}},"required":["availableReplicas","paused","replicas","unavailableReplicas","updatedReplicas"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true,"subresources":{}}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file +{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"alertmanagers.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"categories":["prometheus-operator"],"kind":"Alertmanager","listKind":"AlertmanagerList","plural":"alertmanagers","singular":"alertmanager"},"scope":"Namespaced","versions":[{"additionalPrinterColumns":[{"description":"The version of Alertmanager","jsonPath":".spec.version","name":"Version","type":"string"},{"description":"The desired replicas number of Alertmanagers","jsonPath":".spec.replicas","name":"Replicas","type":"integer"},{"jsonPath":".metadata.creationTimestamp","name":"Age","type":"date"}],"name":"v1","schema":{"openAPIV3Schema":{"description":"Alertmanager describes an Alertmanager cluster.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"additionalPeers":{"description":"AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.","items":{"type":"string"},"type":"array"},"affinity":{"description":"If specified, the pod's scheduling constraints.","properties":{"nodeAffinity":{"description":"Describes node affinity scheduling rules for the pod.","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.","items":{"description":"An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).","properties":{"preference":{"description":"A node selector term, associated with the corresponding weight.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"weight":{"description":"Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["preference","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.","properties":{"nodeSelectorTerms":{"description":"Required. A list of node selector terms. The terms are ORed.","items":{"description":"A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"type":"array"}},"required":["nodeSelectorTerms"],"type":"object"}},"type":"object"},"podAffinity":{"description":"Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"},"podAntiAffinity":{"description":"Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"}},"type":"object"},"alertmanagerConfigNamespaceSelector":{"description":"Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"alertmanagerConfigSelector":{"description":"AlertmanagerConfigs to be selected for to merge and configure Alertmanager with.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"baseImage":{"description":"Base image that is used to deploy pods, without tag. Deprecated: use 'image' instead","type":"string"},"clusterAdvertiseAddress":{"description":"ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918","type":"string"},"clusterGossipInterval":{"description":"Interval between gossip attempts.","type":"string"},"clusterPeerTimeout":{"description":"Timeout for cluster peering.","type":"string"},"clusterPushpullInterval":{"description":"Interval between pushpull attempts.","type":"string"},"configMaps":{"description":"ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/\u003cconfigmap-name\u003e.","items":{"type":"string"},"type":"array"},"configSecret":{"description":"ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager instance. Defaults to 'alertmanager-\u003calertmanager-name\u003e' The secret is mounted into /etc/alertmanager/config.","type":"string"},"containers":{"description":"Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"externalUrl":{"description":"The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name.","type":"string"},"forceEnableClusterMode":{"description":"ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.","type":"boolean"},"image":{"description":"Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured.","type":"string"},"imagePullSecrets":{"description":"An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod","items":{"description":"LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"type":"array"},"initContainers":{"description":"InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"listenLocal":{"description":"ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication.","type":"boolean"},"logFormat":{"description":"Log format for Alertmanager to be configured with.","type":"string"},"logLevel":{"description":"Log level for Alertmanager to be configured with.","type":"string"},"nodeSelector":{"additionalProperties":{"type":"string"},"description":"Define which Nodes the Pods are scheduled on.","type":"object"},"paused":{"description":"If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions.","type":"boolean"},"podMetadata":{"description":"PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"portName":{"description":"Port name used for the pods and governing service. This defaults to web","type":"string"},"priorityClassName":{"description":"Priority class assigned to the Pods","type":"string"},"replicas":{"description":"Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size.","format":"int32","type":"integer"},"resources":{"description":"Define resources requests and limits for single Pods.","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"retention":{"description":"Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).","type":"string"},"routePrefix":{"description":"The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.","type":"string"},"secrets":{"description":"Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/\u003csecret-name\u003e.","items":{"type":"string"},"type":"array"},"securityContext":{"description":"SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.","properties":{"fsGroup":{"description":"A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume.","format":"int64","type":"integer"},"fsGroupChangePolicy":{"description":"fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified defaults to \"Always\".","type":"string"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"supplementalGroups":{"description":"A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.","items":{"format":"int64","type":"integer"},"type":"array"},"sysctls":{"description":"Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.","items":{"description":"Sysctl defines a kernel parameter to be set","properties":{"name":{"description":"Name of a property to set","type":"string"},"value":{"description":"Value of a property to set","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"serviceAccountName":{"description":"ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.","type":"string"},"sha":{"description":"SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.","type":"string"},"storage":{"description":"Storage is the definition of how storage will be used by the Alertmanager instances.","properties":{"disableMountSubPath":{"description":"Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.","type":"boolean"},"emptyDir":{"description":"EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"volumeClaimTemplate":{"description":"A PVC spec to be used by the Prometheus StatefulSets.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"description":"EmbeddedMetadata contains metadata relevant to an EmbeddedResource.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"spec":{"description":"Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"dataSource":{"description":"This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.","properties":{"apiGroup":{"description":"APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.","type":"string"},"kind":{"description":"Kind is the type of resource being referenced","type":"string"},"name":{"description":"Name is the name of resource being referenced","type":"string"}},"required":["kind","name"],"type":"object"},"resources":{"description":"Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"selector":{"description":"A label query over volumes to consider for binding.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"storageClassName":{"description":"Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1","type":"string"},"volumeMode":{"description":"volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.","type":"string"},"volumeName":{"description":"VolumeName is the binding reference to the PersistentVolume backing this claim.","type":"string"}},"type":"object"},"status":{"description":"Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"capacity":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Represents the actual resources of the underlying volume.","type":"object"},"conditions":{"description":"Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.","items":{"description":"PersistentVolumeClaimCondition contails details about state of pvc","properties":{"lastProbeTime":{"description":"Last time we probed the condition.","format":"date-time","type":"string"},"lastTransitionTime":{"description":"Last time the condition transitioned from one status to another.","format":"date-time","type":"string"},"message":{"description":"Human-readable message indicating details about last transition.","type":"string"},"reason":{"description":"Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized.","type":"string"},"status":{"type":"string"},"type":{"description":"PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type","type":"string"}},"required":["status","type"],"type":"object"},"type":"array"},"phase":{"description":"Phase represents the current phase of PersistentVolumeClaim.","type":"string"}},"type":"object"}},"type":"object"}},"type":"object"},"tag":{"description":"Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.","type":"string"},"tolerations":{"description":"If specified, the pod's tolerations.","items":{"description":"The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.","properties":{"effect":{"description":"Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.","type":"string"},"key":{"description":"Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.","type":"string"},"operator":{"description":"Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.","type":"string"},"tolerationSeconds":{"description":"TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.","format":"int64","type":"integer"},"value":{"description":"Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.","type":"string"}},"type":"object"},"type":"array"},"topologySpreadConstraints":{"description":"If specified, the pod's topology spread constraints.","items":{"description":"TopologySpreadConstraint specifies how to spread matching pods among the given topology.","properties":{"labelSelector":{"description":"LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"maxSkew":{"description":"MaxSkew describes the degree to which pods may be unevenly distributed. It's the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It's a required field. Default value is 1 and 0 is not allowed.","format":"int32","type":"integer"},"topologyKey":{"description":"TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.","type":"string"},"whenUnsatisfiable":{"description":"WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It's considered as \"Unsatisfiable\" if and only if placing incoming pod on any topology violates \"MaxSkew\". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.","type":"string"}},"required":["maxSkew","topologyKey","whenUnsatisfiable"],"type":"object"},"type":"array"},"version":{"description":"Version the cluster should be on.","type":"string"},"volumeMounts":{"description":"VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"volumes":{"description":"Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.","items":{"description":"Volume represents a named volume in a pod that may be accessed by any container in the pod.","properties":{"awsElasticBlockStore":{"description":"AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).","format":"int32","type":"integer"},"readOnly":{"description":"Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"boolean"},"volumeID":{"description":"Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"string"}},"required":["volumeID"],"type":"object"},"azureDisk":{"description":"AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.","properties":{"cachingMode":{"description":"Host Caching mode: None, Read Only, Read Write.","type":"string"},"diskName":{"description":"The Name of the data disk in the blob storage","type":"string"},"diskURI":{"description":"The URI the data disk in the blob storage","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"kind":{"description":"Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"}},"required":["diskName","diskURI"],"type":"object"},"azureFile":{"description":"AzureFile represents an Azure File Service mount on the host and bind mount to the pod.","properties":{"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretName":{"description":"the name of secret that contains Azure Storage Account Name and Key","type":"string"},"shareName":{"description":"Share Name","type":"string"}},"required":["secretName","shareName"],"type":"object"},"cephfs":{"description":"CephFS represents a Ceph FS mount on the host that shares a pod's lifetime","properties":{"monitors":{"description":"Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"path":{"description":"Optional: Used as the mounted root, rather than the full Ceph tree, default is /","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"boolean"},"secretFile":{"description":"Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"},"secretRef":{"description":"Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"}},"required":["monitors"],"type":"object"},"cinder":{"description":"Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"boolean"},"secretRef":{"description":"Optional: points to a secret object containing parameters used to connect to OpenStack.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeID":{"description":"volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"}},"required":["volumeID"],"type":"object"},"configMap":{"description":"ConfigMap represents a configMap that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"csi":{"description":"CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).","properties":{"driver":{"description":"Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.","type":"string"},"fsType":{"description":"Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.","type":"string"},"nodePublishSecretRef":{"description":"NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"readOnly":{"description":"Specifies a read-only configuration for the volume. Defaults to false (read/write).","type":"boolean"},"volumeAttributes":{"additionalProperties":{"type":"string"},"description":"VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.","type":"object"}},"required":["driver"],"type":"object"},"downwardAPI":{"description":"DownwardAPI represents downward API about the pod that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"Items is a list of downward API volume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"emptyDir":{"description":"EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"fc":{"description":"FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"lun":{"description":"Optional: FC target lun number","format":"int32","type":"integer"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"targetWWNs":{"description":"Optional: FC target worldwide names (WWNs)","items":{"type":"string"},"type":"array"},"wwids":{"description":"Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.","items":{"type":"string"},"type":"array"}},"type":"object"},"flexVolume":{"description":"FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.","properties":{"driver":{"description":"Driver is the name of the driver to use for this volume.","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.","type":"string"},"options":{"additionalProperties":{"type":"string"},"description":"Optional: Extra command options if any.","type":"object"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"}},"required":["driver"],"type":"object"},"flocker":{"description":"Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running","properties":{"datasetName":{"description":"Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated","type":"string"},"datasetUUID":{"description":"UUID of the dataset. This is unique identifier of a Flocker dataset","type":"string"}},"type":"object"},"gcePersistentDisk":{"description":"GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","format":"int32","type":"integer"},"pdName":{"description":"Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"boolean"}},"required":["pdName"],"type":"object"},"gitRepo":{"description":"GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.","properties":{"directory":{"description":"Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.","type":"string"},"repository":{"description":"Repository URL","type":"string"},"revision":{"description":"Commit hash for the specified revision.","type":"string"}},"required":["repository"],"type":"object"},"glusterfs":{"description":"Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md","properties":{"endpoints":{"description":"EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"path":{"description":"Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"readOnly":{"description":"ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"boolean"}},"required":["endpoints","path"],"type":"object"},"hostPath":{"description":"HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.","properties":{"path":{"description":"Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"},"type":{"description":"Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"}},"required":["path"],"type":"object"},"iscsi":{"description":"ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md","properties":{"chapAuthDiscovery":{"description":"whether support iSCSI Discovery CHAP authentication","type":"boolean"},"chapAuthSession":{"description":"whether support iSCSI Session CHAP authentication","type":"boolean"},"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"initiatorName":{"description":"Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.","type":"string"},"iqn":{"description":"Target iSCSI Qualified Name.","type":"string"},"iscsiInterface":{"description":"iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).","type":"string"},"lun":{"description":"iSCSI Target Lun number.","format":"int32","type":"integer"},"portals":{"description":"iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","items":{"type":"string"},"type":"array"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.","type":"boolean"},"secretRef":{"description":"CHAP Secret for iSCSI target and initiator authentication","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"targetPortal":{"description":"iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","type":"string"}},"required":["iqn","lun","targetPortal"],"type":"object"},"name":{"description":"Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"nfs":{"description":"NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","properties":{"path":{"description":"Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"},"readOnly":{"description":"ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"boolean"},"server":{"description":"Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"}},"required":["path","server"],"type":"object"},"persistentVolumeClaim":{"description":"PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"claimName":{"description":"ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","type":"string"},"readOnly":{"description":"Will force the ReadOnly setting in VolumeMounts. Default false.","type":"boolean"}},"required":["claimName"],"type":"object"},"photonPersistentDisk":{"description":"PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"pdID":{"description":"ID that identifies Photon Controller persistent disk","type":"string"}},"required":["pdID"],"type":"object"},"portworxVolume":{"description":"PortworxVolume represents a portworx volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"volumeID":{"description":"VolumeID uniquely identifies a Portworx volume","type":"string"}},"required":["volumeID"],"type":"object"},"projected":{"description":"Items for all in one resources secrets, configmaps, and downward API","properties":{"defaultMode":{"description":"Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"sources":{"description":"list of volume projections","items":{"description":"Projection that may be projected along with other supported volume types","properties":{"configMap":{"description":"information about the configMap data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"downwardAPI":{"description":"information about the downwardAPI data to project","properties":{"items":{"description":"Items is a list of DownwardAPIVolume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"secret":{"description":"information about the secret data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"type":"object"},"serviceAccountToken":{"description":"information about the serviceAccountToken data to project","properties":{"audience":{"description":"Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.","type":"string"},"expirationSeconds":{"description":"ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.","format":"int64","type":"integer"},"path":{"description":"Path is the path relative to the mount point of the file to project the token into.","type":"string"}},"required":["path"],"type":"object"}},"type":"object"},"type":"array"}},"required":["sources"],"type":"object"},"quobyte":{"description":"Quobyte represents a Quobyte mount on the host that shares a pod's lifetime","properties":{"group":{"description":"Group to map volume access to Default is no group","type":"string"},"readOnly":{"description":"ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.","type":"boolean"},"registry":{"description":"Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes","type":"string"},"tenant":{"description":"Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin","type":"string"},"user":{"description":"User to map volume access to Defaults to serivceaccount user","type":"string"},"volume":{"description":"Volume is a string that references an already created Quobyte volume by name.","type":"string"}},"required":["registry","volume"],"type":"object"},"rbd":{"description":"RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"image":{"description":"The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"keyring":{"description":"Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"monitors":{"description":"A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"pool":{"description":"The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"boolean"},"secretRef":{"description":"SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"}},"required":["image","monitors"],"type":"object"},"scaleIO":{"description":"ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".","type":"string"},"gateway":{"description":"The host address of the ScaleIO API Gateway.","type":"string"},"protectionDomain":{"description":"The name of the ScaleIO Protection Domain for the configured storage.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"sslEnabled":{"description":"Flag to enable/disable SSL communication with Gateway, default false","type":"boolean"},"storageMode":{"description":"Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.","type":"string"},"storagePool":{"description":"The ScaleIO Storage Pool associated with the protection domain.","type":"string"},"system":{"description":"The name of the storage system as configured in ScaleIO.","type":"string"},"volumeName":{"description":"The name of a volume already created in the ScaleIO system that is associated with this volume source.","type":"string"}},"required":["gateway","secretRef","system"],"type":"object"},"secret":{"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"optional":{"description":"Specify whether the Secret or its keys must be defined","type":"boolean"},"secretName":{"description":"Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","type":"string"}},"type":"object"},"storageos":{"description":"StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeName":{"description":"VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.","type":"string"},"volumeNamespace":{"description":"VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.","type":"string"}},"type":"object"},"vsphereVolume":{"description":"VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"storagePolicyID":{"description":"Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.","type":"string"},"storagePolicyName":{"description":"Storage Policy Based Management (SPBM) profile name.","type":"string"},"volumePath":{"description":"Path that identifies vSphere volume vmdk","type":"string"}},"required":["volumePath"],"type":"object"}},"required":["name"],"type":"object"},"type":"array"}},"type":"object"},"status":{"description":"Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"availableReplicas":{"description":"Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster.","format":"int32","type":"integer"},"paused":{"description":"Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.","type":"boolean"},"replicas":{"description":"Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector).","format":"int32","type":"integer"},"unavailableReplicas":{"description":"Total number of unavailable pods targeted by this Alertmanager cluster.","format":"int32","type":"integer"},"updatedReplicas":{"description":"Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec.","format":"int32","type":"integer"}},"required":["availableReplicas","paused","replicas","unavailableReplicas","updatedReplicas"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true,"subresources":{}}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file diff --git a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/alertmanagerconfig-crd.libsonnet b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/alertmanagerconfig-crd.libsonnet index f413f59..b6c167c 100644 --- a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/alertmanagerconfig-crd.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/alertmanagerconfig-crd.libsonnet @@ -1 +1 @@ -{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"alertmanagerconfigs.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"kind":"AlertmanagerConfig","listKind":"AlertmanagerConfigList","plural":"alertmanagerconfigs","singular":"alertmanagerconfig"},"scope":"Namespaced","versions":[{"name":"v1alpha1","schema":{"openAPIV3Schema":{"description":"AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource.","properties":{"inhibitRules":{"description":"List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace.","items":{"description":"InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule","properties":{"equal":{"description":"Labels that must have an equal value in the source and target alert for the inhibition to take effect.","items":{"type":"string"},"type":"array"},"sourceMatch":{"description":"Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace.","items":{"description":"Matcher defines how to match on alert's labels.","properties":{"name":{"description":"Label to match.","type":"string"},"regex":{"description":"Whether to match on equality (false) or regular-expression (true).","type":"boolean"},"value":{"description":"Label value to match.","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"targetMatch":{"description":"Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace.","items":{"description":"Matcher defines how to match on alert's labels.","properties":{"name":{"description":"Label to match.","type":"string"},"regex":{"description":"Whether to match on equality (false) or regular-expression (true).","type":"boolean"},"value":{"description":"Label value to match.","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"}},"type":"object"},"type":"array"},"receivers":{"description":"List of receivers.","items":{"description":"Receiver defines one or more notification integrations.","properties":{"emailConfigs":{"description":"List of Email configurations.","items":{"description":"EmailConfig configures notifications via Email.","properties":{"authIdentity":{"type":"string"},"authPassword":{"description":"SecretKeySelector selects a key of a Secret.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"authSecret":{"description":"SecretKeySelector selects a key of a Secret.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"authUsername":{"description":"SMTP authentication information.","type":"string"},"from":{"description":"The sender address.","type":"string"},"headers":{"description":"Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.","items":{"description":"KeyValue defines a (key, value) tuple.","properties":{"key":{"description":"Key of the tuple.","type":"string"},"value":{"description":"Value of the tuple.","type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"hello":{"description":"The hostname to identify to the SMTP server.","type":"string"},"html":{"description":"The HTML body of the email notification.","type":"string"},"requireTLS":{"description":"The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.","type":"boolean"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"smarthost":{"description":"The SMTP host through which emails are sent.","type":"string"},"text":{"description":"The text body of the email notification.","type":"string"},"tlsConfig":{"description":"TLS configuration","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"to":{"description":"The email address to send notifications to.","type":"string"}},"type":"object"},"type":"array"},"name":{"description":"Name of the receiver. Must be unique across all items from the list.","type":"string"},"opsgenieConfigs":{"description":"List of OpsGenie configurations.","items":{"description":"OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config","properties":{"apiKey":{"description":"The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"apiURL":{"description":"The URL to send OpsGenie API requests to.","type":"string"},"description":{"description":"Description of the incident.","type":"string"},"details":{"description":"A set of arbitrary key/value pairs that provide further detail about the incident.","items":{"description":"KeyValue defines a (key, value) tuple.","properties":{"key":{"description":"Key of the tuple.","type":"string"},"value":{"description":"Value of the tuple.","type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"message":{"description":"Alert text limited to 130 characters.","type":"string"},"note":{"description":"Additional alert note.","type":"string"},"priority":{"description":"Priority level of alert. Possible values are P1, P2, P3, P4, and P5.","type":"string"},"responders":{"description":"List of responders responsible for notifications.","items":{"description":"OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined.","properties":{"id":{"description":"ID of the responder.","type":"string"},"name":{"description":"Name of the responder.","type":"string"},"type":{"description":"Type of responder.","type":"string"},"username":{"description":"Username of the responder.","type":"string"}},"type":"object"},"type":"array"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"source":{"description":"Backlink to the sender of the notification.","type":"string"},"tags":{"description":"Comma separated list of tags attached to the notifications.","type":"string"}},"type":"object"},"type":"array"},"pagerdutyConfigs":{"description":"List of PagerDuty configurations.","items":{"description":"PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config","properties":{"class":{"description":"The class/type of the event.","type":"string"},"client":{"description":"Client identification.","type":"string"},"clientURL":{"description":"Backlink to the sender of notification.","type":"string"},"component":{"description":"The part or component of the affected system that is broken.","type":"string"},"description":{"description":"Description of the incident.","type":"string"},"details":{"description":"Arbitrary key/value pairs that provide further detail about the incident.","items":{"description":"KeyValue defines a (key, value) tuple.","properties":{"key":{"description":"Key of the tuple.","type":"string"},"value":{"description":"Value of the tuple.","type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"group":{"description":"A cluster or grouping of sources.","type":"string"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"routingKey":{"description":"The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"serviceKey":{"description":"The secret's key that contains the PagerDuty service key (when using integration type \"Prometheus\"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"severity":{"description":"Severity of the incident.","type":"string"},"url":{"description":"The URL to send requests to.","type":"string"}},"type":"object"},"type":"array"},"pushoverConfigs":{"description":"List of Pushover configurations.","items":{"description":"PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config","properties":{"expire":{"description":"How long your notification will continue to be retried for, unless the user acknowledges the notification.","type":"string"},"html":{"description":"Whether notification message is HTML or plain text.","type":"boolean"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"message":{"description":"Notification message.","type":"string"},"priority":{"description":"Priority, see https://pushover.net/api#priority","type":"string"},"retry":{"description":"How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.","type":"string"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"sound":{"description":"The name of one of the sounds supported by device clients to override the user's default sound choice","type":"string"},"title":{"description":"Notification title.","type":"string"},"token":{"description":"Your registered application’s API token, see https://pushover.net/apps","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"url":{"description":"A supplementary URL shown alongside the message.","type":"string"},"urlTitle":{"description":"A title for supplementary URL, otherwise just the URL is shown","type":"string"},"userKey":{"description":"The recipient user’s user key.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"type":"array"},"slackConfigs":{"description":"List of Slack configurations.","items":{"description":"SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config","properties":{"actions":{"description":"A list of Slack actions that are sent with each notification.","items":{"description":"SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.","properties":{"confirm":{"description":"SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.","properties":{"dismissText":{"type":"string"},"okText":{"type":"string"},"text":{"type":"string"},"title":{"type":"string"}},"required":["text"],"type":"object"},"name":{"type":"string"},"style":{"type":"string"},"text":{"type":"string"},"type":{"type":"string"},"url":{"type":"string"},"value":{"type":"string"}},"required":["text","type"],"type":"object"},"type":"array"},"apiURL":{"description":"The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"callbackId":{"type":"string"},"channel":{"description":"The channel or user to send notifications to.","type":"string"},"color":{"type":"string"},"fallback":{"type":"string"},"fields":{"description":"A list of Slack fields that are sent with each notification.","items":{"description":"SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.","properties":{"short":{"type":"boolean"},"title":{"type":"string"},"value":{"type":"string"}},"required":["title","value"],"type":"object"},"type":"array"},"footer":{"type":"string"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"iconEmoji":{"type":"string"},"iconURL":{"type":"string"},"imageURL":{"type":"string"},"linkNames":{"type":"boolean"},"mrkdwnIn":{"items":{"type":"string"},"type":"array"},"pretext":{"type":"string"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"shortFields":{"type":"boolean"},"text":{"type":"string"},"thumbURL":{"type":"string"},"title":{"type":"string"},"titleLink":{"type":"string"},"username":{"type":"string"}},"type":"object"},"type":"array"},"victoropsConfigs":{"description":"List of VictorOps configurations.","items":{"description":"VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config","properties":{"apiKey":{"description":"The API key to use when talking to the VictorOps API.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"apiUrl":{"description":"The VictorOps API URL.","type":"string"},"customFields":{"description":"Additional custom fields for notification.","items":{"description":"KeyValue defines a (key, value) tuple.","properties":{"key":{"description":"Key of the tuple.","type":"string"},"value":{"description":"Value of the tuple.","type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"entityDisplayName":{"description":"Contains summary of the alerted problem.","type":"string"},"httpConfig":{"description":"The HTTP client's configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"messageType":{"description":"Describes the behavior of the alert (CRITICAL, WARNING, INFO).","type":"string"},"monitoringTool":{"description":"The monitoring tool the state message is from.","type":"string"},"routingKey":{"description":"A key used to map the alert to a team.","type":"string"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"stateMessage":{"description":"Contains long explanation of the alerted problem.","type":"string"}},"required":["routingKey"],"type":"object"},"type":"array"},"webhookConfigs":{"description":"List of webhook configurations.","items":{"description":"WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config","properties":{"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"maxAlerts":{"description":"Maximum number of alerts to be sent per webhook message.","format":"int32","type":"integer"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"url":{"description":"The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined.","type":"string"},"urlSecret":{"description":"The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"type":"array"},"wechatConfigs":{"description":"List of WeChat configurations.","items":{"description":"WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config","properties":{"agentID":{"type":"string"},"apiSecret":{"description":"The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"apiURL":{"description":"The WeChat API URL.","type":"string"},"corpID":{"description":"The corp id for authentication.","type":"string"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"message":{"description":"API request data as defined by the WeChat API.","type":"string"},"messageType":{"type":"string"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"toParty":{"type":"string"},"toTag":{"type":"string"},"toUser":{"type":"string"}},"type":"object"},"type":"array"}},"required":["name"],"type":"object"},"type":"array"},"route":{"description":"The Alertmanager route definition for alerts matching the resource’s namespace. It will be added to the generated Alertmanager configuration as a first-level route.","properties":{"continue":{"description":"Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.","type":"boolean"},"groupBy":{"description":"List of labels to group by.","items":{"type":"string"},"type":"array"},"groupInterval":{"description":"How long to wait before sending an updated notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).","type":"string"},"groupWait":{"description":"How long to wait before sending the initial notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).","type":"string"},"matchers":{"description":"List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: \u003cobject namespace\u003e` matcher.","items":{"description":"Matcher defines how to match on alert's labels.","properties":{"name":{"description":"Label to match.","type":"string"},"regex":{"description":"Whether to match on equality (false) or regular-expression (true).","type":"boolean"},"value":{"description":"Label value to match.","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"receiver":{"description":"Name of the receiver for this route. If present, it should be listed in the `receivers` field. The field can be omitted only for nested routes otherwise it is mandatory.","type":"string"},"repeatInterval":{"description":"How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).","type":"string"},"routes":{"description":"Child routes.","items":{"x-kubernetes-preserve-unknown-fields":true},"type":"array"}},"type":"object"}},"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file +{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"alertmanagerconfigs.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"categories":["prometheus-operator"],"kind":"AlertmanagerConfig","listKind":"AlertmanagerConfigList","plural":"alertmanagerconfigs","singular":"alertmanagerconfig"},"scope":"Namespaced","versions":[{"name":"v1alpha1","schema":{"openAPIV3Schema":{"description":"AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource.","properties":{"inhibitRules":{"description":"List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace.","items":{"description":"InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule","properties":{"equal":{"description":"Labels that must have an equal value in the source and target alert for the inhibition to take effect.","items":{"type":"string"},"type":"array"},"sourceMatch":{"description":"Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace.","items":{"description":"Matcher defines how to match on alert's labels.","properties":{"name":{"description":"Label to match.","minLength":1,"type":"string"},"regex":{"description":"Whether to match on equality (false) or regular-expression (true).","type":"boolean"},"value":{"description":"Label value to match.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"targetMatch":{"description":"Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace.","items":{"description":"Matcher defines how to match on alert's labels.","properties":{"name":{"description":"Label to match.","minLength":1,"type":"string"},"regex":{"description":"Whether to match on equality (false) or regular-expression (true).","type":"boolean"},"value":{"description":"Label value to match.","type":"string"}},"required":["name"],"type":"object"},"type":"array"}},"type":"object"},"type":"array"},"receivers":{"description":"List of receivers.","items":{"description":"Receiver defines one or more notification integrations.","properties":{"emailConfigs":{"description":"List of Email configurations.","items":{"description":"EmailConfig configures notifications via Email.","properties":{"authIdentity":{"description":"The identity to use for authentication.","type":"string"},"authPassword":{"description":"The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"authSecret":{"description":"The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"authUsername":{"description":"The username to use for authentication.","type":"string"},"from":{"description":"The sender address.","type":"string"},"headers":{"description":"Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.","items":{"description":"KeyValue defines a (key, value) tuple.","properties":{"key":{"description":"Key of the tuple.","minLength":1,"type":"string"},"value":{"description":"Value of the tuple.","type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"hello":{"description":"The hostname to identify to the SMTP server.","type":"string"},"html":{"description":"The HTML body of the email notification.","type":"string"},"requireTLS":{"description":"The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.","type":"boolean"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"smarthost":{"description":"The SMTP host through which emails are sent.","type":"string"},"text":{"description":"The text body of the email notification.","type":"string"},"tlsConfig":{"description":"TLS configuration","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"to":{"description":"The email address to send notifications to.","type":"string"}},"type":"object"},"type":"array"},"name":{"description":"Name of the receiver. Must be unique across all items from the list.","minLength":1,"type":"string"},"opsgenieConfigs":{"description":"List of OpsGenie configurations.","items":{"description":"OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config","properties":{"apiKey":{"description":"The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"apiURL":{"description":"The URL to send OpsGenie API requests to.","type":"string"},"description":{"description":"Description of the incident.","type":"string"},"details":{"description":"A set of arbitrary key/value pairs that provide further detail about the incident.","items":{"description":"KeyValue defines a (key, value) tuple.","properties":{"key":{"description":"Key of the tuple.","minLength":1,"type":"string"},"value":{"description":"Value of the tuple.","type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"message":{"description":"Alert text limited to 130 characters.","type":"string"},"note":{"description":"Additional alert note.","type":"string"},"priority":{"description":"Priority level of alert. Possible values are P1, P2, P3, P4, and P5.","type":"string"},"responders":{"description":"List of responders responsible for notifications.","items":{"description":"OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.","properties":{"id":{"description":"ID of the responder.","type":"string"},"name":{"description":"Name of the responder.","type":"string"},"type":{"description":"Type of responder.","minLength":1,"type":"string"},"username":{"description":"Username of the responder.","type":"string"}},"required":["type"],"type":"object"},"type":"array"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"source":{"description":"Backlink to the sender of the notification.","type":"string"},"tags":{"description":"Comma separated list of tags attached to the notifications.","type":"string"}},"type":"object"},"type":"array"},"pagerdutyConfigs":{"description":"List of PagerDuty configurations.","items":{"description":"PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config","properties":{"class":{"description":"The class/type of the event.","type":"string"},"client":{"description":"Client identification.","type":"string"},"clientURL":{"description":"Backlink to the sender of notification.","type":"string"},"component":{"description":"The part or component of the affected system that is broken.","type":"string"},"description":{"description":"Description of the incident.","type":"string"},"details":{"description":"Arbitrary key/value pairs that provide further detail about the incident.","items":{"description":"KeyValue defines a (key, value) tuple.","properties":{"key":{"description":"Key of the tuple.","minLength":1,"type":"string"},"value":{"description":"Value of the tuple.","type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"group":{"description":"A cluster or grouping of sources.","type":"string"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"routingKey":{"description":"The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"serviceKey":{"description":"The secret's key that contains the PagerDuty service key (when using integration type \"Prometheus\"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"severity":{"description":"Severity of the incident.","type":"string"},"url":{"description":"The URL to send requests to.","type":"string"}},"type":"object"},"type":"array"},"pushoverConfigs":{"description":"List of Pushover configurations.","items":{"description":"PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config","properties":{"expire":{"description":"How long your notification will continue to be retried for, unless the user acknowledges the notification.","type":"string"},"html":{"description":"Whether notification message is HTML or plain text.","type":"boolean"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"message":{"description":"Notification message.","type":"string"},"priority":{"description":"Priority, see https://pushover.net/api#priority","type":"string"},"retry":{"description":"How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.","type":"string"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"sound":{"description":"The name of one of the sounds supported by device clients to override the user's default sound choice","type":"string"},"title":{"description":"Notification title.","type":"string"},"token":{"description":"The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"url":{"description":"A supplementary URL shown alongside the message.","type":"string"},"urlTitle":{"description":"A title for supplementary URL, otherwise just the URL is shown","type":"string"},"userKey":{"description":"The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"type":"array"},"slackConfigs":{"description":"List of Slack configurations.","items":{"description":"SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config","properties":{"actions":{"description":"A list of Slack actions that are sent with each notification.","items":{"description":"SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.","properties":{"confirm":{"description":"SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.","properties":{"dismissText":{"type":"string"},"okText":{"type":"string"},"text":{"minLength":1,"type":"string"},"title":{"type":"string"}},"required":["text"],"type":"object"},"name":{"type":"string"},"style":{"type":"string"},"text":{"minLength":1,"type":"string"},"type":{"minLength":1,"type":"string"},"url":{"type":"string"},"value":{"type":"string"}},"required":["text","type"],"type":"object"},"type":"array"},"apiURL":{"description":"The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"callbackId":{"type":"string"},"channel":{"description":"The channel or user to send notifications to.","type":"string"},"color":{"type":"string"},"fallback":{"type":"string"},"fields":{"description":"A list of Slack fields that are sent with each notification.","items":{"description":"SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.","properties":{"short":{"type":"boolean"},"title":{"minLength":1,"type":"string"},"value":{"minLength":1,"type":"string"}},"required":["title","value"],"type":"object"},"type":"array"},"footer":{"type":"string"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"iconEmoji":{"type":"string"},"iconURL":{"type":"string"},"imageURL":{"type":"string"},"linkNames":{"type":"boolean"},"mrkdwnIn":{"items":{"type":"string"},"type":"array"},"pretext":{"type":"string"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"shortFields":{"type":"boolean"},"text":{"type":"string"},"thumbURL":{"type":"string"},"title":{"type":"string"},"titleLink":{"type":"string"},"username":{"type":"string"}},"type":"object"},"type":"array"},"victoropsConfigs":{"description":"List of VictorOps configurations.","items":{"description":"VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config","properties":{"apiKey":{"description":"The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"apiUrl":{"description":"The VictorOps API URL.","type":"string"},"customFields":{"description":"Additional custom fields for notification.","items":{"description":"KeyValue defines a (key, value) tuple.","properties":{"key":{"description":"Key of the tuple.","minLength":1,"type":"string"},"value":{"description":"Value of the tuple.","type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"entityDisplayName":{"description":"Contains summary of the alerted problem.","type":"string"},"httpConfig":{"description":"The HTTP client's configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"messageType":{"description":"Describes the behavior of the alert (CRITICAL, WARNING, INFO).","type":"string"},"monitoringTool":{"description":"The monitoring tool the state message is from.","type":"string"},"routingKey":{"description":"A key used to map the alert to a team.","type":"string"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"stateMessage":{"description":"Contains long explanation of the alerted problem.","type":"string"}},"type":"object"},"type":"array"},"webhookConfigs":{"description":"List of webhook configurations.","items":{"description":"WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config","properties":{"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"maxAlerts":{"description":"Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.","format":"int32","minimum":0,"type":"integer"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"url":{"description":"The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined.","type":"string"},"urlSecret":{"description":"The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"type":"array"},"wechatConfigs":{"description":"List of WeChat configurations.","items":{"description":"WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config","properties":{"agentID":{"type":"string"},"apiSecret":{"description":"The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"apiURL":{"description":"The WeChat API URL.","type":"string"},"corpID":{"description":"The corp id for authentication.","type":"string"},"httpConfig":{"description":"HTTP client configuration.","properties":{"basicAuth":{"description":"BasicAuth for the client.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"proxyURL":{"description":"Optional proxy URL.","type":"string"},"tlsConfig":{"description":"TLS configuration for the client.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"message":{"description":"API request data as defined by the WeChat API.","type":"string"},"messageType":{"type":"string"},"sendResolved":{"description":"Whether or not to notify about resolved alerts.","type":"boolean"},"toParty":{"type":"string"},"toTag":{"type":"string"},"toUser":{"type":"string"}},"type":"object"},"type":"array"}},"required":["name"],"type":"object"},"type":"array"},"route":{"description":"The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route.","properties":{"continue":{"description":"Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.","type":"boolean"},"groupBy":{"description":"List of labels to group by.","items":{"type":"string"},"type":"array"},"groupInterval":{"description":"How long to wait before sending an updated notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).","type":"string"},"groupWait":{"description":"How long to wait before sending the initial notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).","type":"string"},"matchers":{"description":"List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: \u003cobject namespace\u003e` matcher.","items":{"description":"Matcher defines how to match on alert's labels.","properties":{"name":{"description":"Label to match.","minLength":1,"type":"string"},"regex":{"description":"Whether to match on equality (false) or regular-expression (true).","type":"boolean"},"value":{"description":"Label value to match.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"receiver":{"description":"Name of the receiver for this route. If not empty, it should be listed in the `receivers` field.","type":"string"},"repeatInterval":{"description":"How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).","type":"string"},"routes":{"description":"Child routes.","items":{"x-kubernetes-preserve-unknown-fields":true},"type":"array"}},"type":"object"}},"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file diff --git a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/podmonitor-crd.libsonnet b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/podmonitor-crd.libsonnet index 9f8f920..1b5414c 100644 --- a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/podmonitor-crd.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/podmonitor-crd.libsonnet @@ -1 +1 @@ -{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"podmonitors.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"kind":"PodMonitor","listKind":"PodMonitorList","plural":"podmonitors","singular":"podmonitor"},"scope":"Namespaced","versions":[{"name":"v1","schema":{"openAPIV3Schema":{"description":"PodMonitor defines monitoring for a set of pods.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of desired Pod selection for target discovery by Prometheus.","properties":{"jobLabel":{"description":"The label to use to retrieve the job name from.","type":"string"},"namespaceSelector":{"description":"Selector to select which namespaces the Endpoints objects are discovered from.","properties":{"any":{"description":"Boolean describing whether all namespaces are selected in contrast to a list restricting them.","type":"boolean"},"matchNames":{"description":"List of namespace names.","items":{"type":"string"},"type":"array"}},"type":"object"},"podMetricsEndpoints":{"description":"A list of endpoints allowed as part of this PodMonitor.","items":{"description":"PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.","properties":{"basicAuth":{"description":"BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"honorLabels":{"description":"HonorLabels chooses the metric's labels on collisions with target labels.","type":"boolean"},"honorTimestamps":{"description":"HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.","type":"boolean"},"interval":{"description":"Interval at which metrics should be scraped","type":"string"},"metricRelabelings":{"description":"MetricRelabelConfigs to apply to samples before ingestion.","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"params":{"additionalProperties":{"items":{"type":"string"},"type":"array"},"description":"Optional HTTP URL parameters","type":"object"},"path":{"description":"HTTP path to scrape for metrics.","type":"string"},"port":{"description":"Name of the pod port this endpoint refers to. Mutually exclusive with targetPort.","type":"string"},"proxyUrl":{"description":"ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.","type":"string"},"relabelings":{"description":"RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"scheme":{"description":"HTTP scheme to use for scraping.","type":"string"},"scrapeTimeout":{"description":"Timeout after which the scrape is ended","type":"string"},"targetPort":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Deprecated: Use 'port' instead.","x-kubernetes-int-or-string":true},"tlsConfig":{"description":"TLS configuration to use when scraping the endpoint.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"type":"array"},"podTargetLabels":{"description":"PodTargetLabels transfers labels on the Kubernetes Pod onto the target.","items":{"type":"string"},"type":"array"},"sampleLimit":{"description":"SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.","format":"int64","type":"integer"},"selector":{"description":"Selector to select Pod objects.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"targetLimit":{"description":"TargetLimit defines a limit on the number of scraped targets that will be accepted.","format":"int64","type":"integer"}},"required":["podMetricsEndpoints","selector"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file +{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"podmonitors.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"categories":["prometheus-operator"],"kind":"PodMonitor","listKind":"PodMonitorList","plural":"podmonitors","singular":"podmonitor"},"scope":"Namespaced","versions":[{"name":"v1","schema":{"openAPIV3Schema":{"description":"PodMonitor defines monitoring for a set of pods.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of desired Pod selection for target discovery by Prometheus.","properties":{"jobLabel":{"description":"The label to use to retrieve the job name from.","type":"string"},"namespaceSelector":{"description":"Selector to select which namespaces the Endpoints objects are discovered from.","properties":{"any":{"description":"Boolean describing whether all namespaces are selected in contrast to a list restricting them.","type":"boolean"},"matchNames":{"description":"List of namespace names.","items":{"type":"string"},"type":"array"}},"type":"object"},"podMetricsEndpoints":{"description":"A list of endpoints allowed as part of this PodMonitor.","items":{"description":"PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.","properties":{"basicAuth":{"description":"BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"honorLabels":{"description":"HonorLabels chooses the metric's labels on collisions with target labels.","type":"boolean"},"honorTimestamps":{"description":"HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.","type":"boolean"},"interval":{"description":"Interval at which metrics should be scraped","type":"string"},"metricRelabelings":{"description":"MetricRelabelConfigs to apply to samples before ingestion.","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"params":{"additionalProperties":{"items":{"type":"string"},"type":"array"},"description":"Optional HTTP URL parameters","type":"object"},"path":{"description":"HTTP path to scrape for metrics.","type":"string"},"port":{"description":"Name of the pod port this endpoint refers to. Mutually exclusive with targetPort.","type":"string"},"proxyUrl":{"description":"ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.","type":"string"},"relabelings":{"description":"RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields and replaces original scrape job name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"scheme":{"description":"HTTP scheme to use for scraping.","type":"string"},"scrapeTimeout":{"description":"Timeout after which the scrape is ended","type":"string"},"targetPort":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Deprecated: Use 'port' instead.","x-kubernetes-int-or-string":true},"tlsConfig":{"description":"TLS configuration to use when scraping the endpoint.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"type":"array"},"podTargetLabels":{"description":"PodTargetLabels transfers labels on the Kubernetes Pod onto the target.","items":{"type":"string"},"type":"array"},"sampleLimit":{"description":"SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.","format":"int64","type":"integer"},"selector":{"description":"Selector to select Pod objects.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"targetLimit":{"description":"TargetLimit defines a limit on the number of scraped targets that will be accepted.","format":"int64","type":"integer"}},"required":["podMetricsEndpoints","selector"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file diff --git a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/probe-crd.libsonnet b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/probe-crd.libsonnet index e4d3b8e..3aae9dd 100644 --- a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/probe-crd.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/probe-crd.libsonnet @@ -1 +1 @@ -{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"probes.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"kind":"Probe","listKind":"ProbeList","plural":"probes","singular":"probe"},"scope":"Namespaced","versions":[{"name":"v1","schema":{"openAPIV3Schema":{"description":"Probe defines monitoring for a set of static targets or ingresses.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of desired Ingress selection for target discovery by Prometheus.","properties":{"interval":{"description":"Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used.","type":"string"},"jobName":{"description":"The job name assigned to scraped metrics by default.","type":"string"},"module":{"description":"The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml","type":"string"},"prober":{"description":"Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty.","properties":{"path":{"description":"Path to collect metrics from. Defaults to `/probe`.","type":"string"},"scheme":{"description":"HTTP scheme to use for scraping. Defaults to `http`.","type":"string"},"url":{"description":"Mandatory URL of the prober.","type":"string"}},"required":["url"],"type":"object"},"scrapeTimeout":{"description":"Timeout for scraping metrics from the Prometheus exporter.","type":"string"},"targets":{"description":"Targets defines a set of static and/or dynamically discovered targets to be probed using the prober.","properties":{"ingress":{"description":"Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing.","properties":{"namespaceSelector":{"description":"Select Ingress objects by namespace.","properties":{"any":{"description":"Boolean describing whether all namespaces are selected in contrast to a list restricting them.","type":"boolean"},"matchNames":{"description":"List of namespace names.","items":{"type":"string"},"type":"array"}},"type":"object"},"relabelingConfigs":{"description":"RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"selector":{"description":"Select Ingress objects by labels.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"}},"type":"object"},"staticConfig":{"description":"StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.","properties":{"labels":{"additionalProperties":{"type":"string"},"description":"Labels assigned to all metrics scraped from the targets.","type":"object"},"static":{"description":"Targets is a list of URLs to probe using the configured prober.","items":{"type":"string"},"type":"array"}},"type":"object"}},"type":"object"}},"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file +{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"probes.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"categories":["prometheus-operator"],"kind":"Probe","listKind":"ProbeList","plural":"probes","singular":"probe"},"scope":"Namespaced","versions":[{"name":"v1","schema":{"openAPIV3Schema":{"description":"Probe defines monitoring for a set of static targets or ingresses.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of desired Ingress selection for target discovery by Prometheus.","properties":{"basicAuth":{"description":"BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenSecret":{"description":"Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"interval":{"description":"Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used.","type":"string"},"jobName":{"description":"The job name assigned to scraped metrics by default.","type":"string"},"module":{"description":"The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml","type":"string"},"prober":{"description":"Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty.","properties":{"path":{"description":"Path to collect metrics from. Defaults to `/probe`.","type":"string"},"scheme":{"description":"HTTP scheme to use for scraping. Defaults to `http`.","type":"string"},"url":{"description":"Mandatory URL of the prober.","type":"string"}},"required":["url"],"type":"object"},"scrapeTimeout":{"description":"Timeout for scraping metrics from the Prometheus exporter.","type":"string"},"targets":{"description":"Targets defines a set of static and/or dynamically discovered targets to be probed using the prober.","properties":{"ingress":{"description":"Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing.","properties":{"namespaceSelector":{"description":"Select Ingress objects by namespace.","properties":{"any":{"description":"Boolean describing whether all namespaces are selected in contrast to a list restricting them.","type":"boolean"},"matchNames":{"description":"List of namespace names.","items":{"type":"string"},"type":"array"}},"type":"object"},"relabelingConfigs":{"description":"RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"selector":{"description":"Select Ingress objects by labels.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"}},"type":"object"},"staticConfig":{"description":"StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.","properties":{"labels":{"additionalProperties":{"type":"string"},"description":"Labels assigned to all metrics scraped from the targets.","type":"object"},"relabelingConfigs":{"description":"RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"static":{"description":"Targets is a list of URLs to probe using the configured prober.","items":{"type":"string"},"type":"array"}},"type":"object"}},"type":"object"},"tlsConfig":{"description":"TLS configuration to use when scraping the endpoint.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file diff --git a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-crd.libsonnet b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-crd.libsonnet index fb340b5..7c1f2c7 100644 --- a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-crd.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-crd.libsonnet @@ -1 +1 @@ -{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"prometheuses.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"kind":"Prometheus","listKind":"PrometheusList","plural":"prometheuses","singular":"prometheus"},"scope":"Namespaced","versions":[{"additionalPrinterColumns":[{"description":"The version of Prometheus","jsonPath":".spec.version","name":"Version","type":"string"},{"description":"The desired replicas number of Prometheuses","jsonPath":".spec.replicas","name":"Replicas","type":"integer"},{"jsonPath":".metadata.creationTimestamp","name":"Age","type":"date"}],"name":"v1","schema":{"openAPIV3Schema":{"description":"Prometheus defines a Prometheus deployment.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"additionalAlertManagerConfigs":{"description":"AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"additionalAlertRelabelConfigs":{"description":"AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"additionalScrapeConfigs":{"description":"AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"affinity":{"description":"If specified, the pod's scheduling constraints.","properties":{"nodeAffinity":{"description":"Describes node affinity scheduling rules for the pod.","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.","items":{"description":"An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).","properties":{"preference":{"description":"A node selector term, associated with the corresponding weight.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"weight":{"description":"Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["preference","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.","properties":{"nodeSelectorTerms":{"description":"Required. A list of node selector terms. The terms are ORed.","items":{"description":"A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"type":"array"}},"required":["nodeSelectorTerms"],"type":"object"}},"type":"object"},"podAffinity":{"description":"Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"},"podAntiAffinity":{"description":"Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"}},"type":"object"},"alerting":{"description":"Define details regarding alerting.","properties":{"alertmanagers":{"description":"AlertmanagerEndpoints Prometheus should fire alerts against.","items":{"description":"AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against.","properties":{"apiVersion":{"description":"Version of the Alertmanager API that Prometheus uses to send alerts. It can be \"v1\" or \"v2\".","type":"string"},"bearerTokenFile":{"description":"BearerTokenFile to read from filesystem to use when authenticating to Alertmanager.","type":"string"},"name":{"description":"Name of Endpoints object in Namespace.","type":"string"},"namespace":{"description":"Namespace of Endpoints object.","type":"string"},"pathPrefix":{"description":"Prefix for the HTTP path alerts are pushed to.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Port the Alertmanager API is exposed on.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use when firing alerts.","type":"string"},"timeout":{"description":"Timeout is a per-target Alertmanager timeout when pushing alerts.","type":"string"},"tlsConfig":{"description":"TLS Config to use for alertmanager connection.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"required":["name","namespace","port"],"type":"object"},"type":"array"}},"required":["alertmanagers"],"type":"object"},"allowOverlappingBlocks":{"description":"AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release.","type":"boolean"},"apiserverConfig":{"description":"APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.","properties":{"basicAuth":{"description":"BasicAuth allow an endpoint to authenticate over basic authentication","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerToken":{"description":"Bearer token for accessing apiserver.","type":"string"},"bearerTokenFile":{"description":"File to read bearer token for accessing apiserver.","type":"string"},"host":{"description":"Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number","type":"string"},"tlsConfig":{"description":"TLS Config to use for accessing apiserver.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"required":["host"],"type":"object"},"arbitraryFSAccessThroughSMs":{"description":"ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files.","properties":{"deny":{"type":"boolean"}},"type":"object"},"baseImage":{"description":"Base image to use for a Prometheus deployment. Deprecated: use 'image' instead","type":"string"},"configMaps":{"description":"ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/\u003cconfigmap-name\u003e.","items":{"type":"string"},"type":"array"},"containers":{"description":"Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"disableCompaction":{"description":"Disable prometheus compaction.","type":"boolean"},"enableAdminAPI":{"description":"Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis","type":"boolean"},"enforcedNamespaceLabel":{"description":"EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.","type":"string"},"enforcedSampleLimit":{"description":"EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.","format":"int64","type":"integer"},"enforcedTargetLimit":{"description":"EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep overall number of targets under the desired limit. Note that if TargetLimit is higher that value will be taken instead.","format":"int64","type":"integer"},"evaluationInterval":{"description":"Interval between consecutive evaluations.","type":"string"},"externalLabels":{"additionalProperties":{"type":"string"},"description":"The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager).","type":"object"},"externalUrl":{"description":"The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name.","type":"string"},"ignoreNamespaceSelectors":{"description":"IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor configs, and they will only discover endpoints within their current namespace. Defaults to false.","type":"boolean"},"image":{"description":"Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured.","type":"string"},"imagePullSecrets":{"description":"An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod","items":{"description":"LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"type":"array"},"initContainers":{"description":"InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"listenLocal":{"description":"ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.","type":"boolean"},"logFormat":{"description":"Log format for Prometheus to be configured with.","type":"string"},"logLevel":{"description":"Log level for Prometheus to be configured with.","type":"string"},"nodeSelector":{"additionalProperties":{"type":"string"},"description":"Define which Nodes the Pods are scheduled on.","type":"object"},"overrideHonorLabels":{"description":"OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor to true, this overrides honor_labels to false.","type":"boolean"},"overrideHonorTimestamps":{"description":"OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.","type":"boolean"},"paused":{"description":"When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.","type":"boolean"},"podMetadata":{"description":"PodMetadata configures Labels and Annotations which are propagated to the prometheus pods.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"podMonitorNamespaceSelector":{"description":"Namespaces to be selected for PodMonitor discovery. If nil, only check own namespace.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"podMonitorSelector":{"description":"*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"portName":{"description":"Port name used for the pods and governing service. This defaults to web","type":"string"},"priorityClassName":{"description":"Priority class assigned to the Pods","type":"string"},"probeNamespaceSelector":{"description":"*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"probeSelector":{"description":"*Experimental* Probes to be selected for target discovery.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"prometheusExternalLabelName":{"description":"Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`\"\"`).","type":"string"},"prometheusRulesExcludedFromEnforce":{"description":"PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair","items":{"description":"PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics.","properties":{"ruleName":{"description":"RuleNamespace - name of excluded rule","type":"string"},"ruleNamespace":{"description":"RuleNamespace - namespace of excluded rule","type":"string"}},"required":["ruleName","ruleNamespace"],"type":"object"},"type":"array"},"query":{"description":"QuerySpec defines the query command line flags when starting Prometheus.","properties":{"lookbackDelta":{"description":"The delta difference allowed for retrieving metrics during expression evaluations.","type":"string"},"maxConcurrency":{"description":"Number of concurrent queries that can be run at once.","format":"int32","type":"integer"},"maxSamples":{"description":"Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return.","format":"int32","type":"integer"},"timeout":{"description":"Maximum time a query may take before being aborted.","type":"string"}},"type":"object"},"queryLogFile":{"description":"QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log querie information to the default Prometheus log stream. This is only available in versions of Prometheus \u003e= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)","type":"string"},"remoteRead":{"description":"If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way.","items":{"description":"RemoteReadSpec defines the remote_read configuration for prometheus.","properties":{"basicAuth":{"description":"BasicAuth for the URL.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerToken":{"description":"bearer token for remote read.","type":"string"},"bearerTokenFile":{"description":"File to read bearer token for remote read.","type":"string"},"name":{"description":"The name of the remote read queue, must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer.","type":"string"},"proxyUrl":{"description":"Optional ProxyURL","type":"string"},"readRecent":{"description":"Whether reads should be made for queries for time ranges that the local storage should have complete data for.","type":"boolean"},"remoteTimeout":{"description":"Timeout for requests to the remote read endpoint.","type":"string"},"requiredMatchers":{"additionalProperties":{"type":"string"},"description":"An optional list of equality matchers which have to be present in a selector to query the remote read endpoint.","type":"object"},"tlsConfig":{"description":"TLS Config to use for remote read.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"url":{"description":"The URL of the endpoint to send samples to.","type":"string"}},"required":["url"],"type":"object"},"type":"array"},"remoteWrite":{"description":"If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way.","items":{"description":"RemoteWriteSpec defines the remote_write configuration for prometheus.","properties":{"basicAuth":{"description":"BasicAuth for the URL.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerToken":{"description":"File to read bearer token for remote write.","type":"string"},"bearerTokenFile":{"description":"File to read bearer token for remote write.","type":"string"},"name":{"description":"The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer.","type":"string"},"proxyUrl":{"description":"Optional ProxyURL","type":"string"},"queueConfig":{"description":"QueueConfig allows tuning of the remote write queue parameters.","properties":{"batchSendDeadline":{"description":"BatchSendDeadline is the maximum time a sample will wait in buffer.","type":"string"},"capacity":{"description":"Capacity is the number of samples to buffer per shard before we start dropping them.","type":"integer"},"maxBackoff":{"description":"MaxBackoff is the maximum retry delay.","type":"string"},"maxRetries":{"description":"MaxRetries is the maximum number of times to retry a batch on recoverable errors.","type":"integer"},"maxSamplesPerSend":{"description":"MaxSamplesPerSend is the maximum number of samples per send.","type":"integer"},"maxShards":{"description":"MaxShards is the maximum number of shards, i.e. amount of concurrency.","type":"integer"},"minBackoff":{"description":"MinBackoff is the initial retry delay. Gets doubled for every retry.","type":"string"},"minShards":{"description":"MinShards is the minimum number of shards, i.e. amount of concurrency.","type":"integer"}},"type":"object"},"remoteTimeout":{"description":"Timeout for requests to the remote write endpoint.","type":"string"},"tlsConfig":{"description":"TLS Config to use for remote write.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"url":{"description":"The URL of the endpoint to send samples to.","type":"string"},"writeRelabelConfigs":{"description":"The list of remote write relabel configurations.","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"}},"required":["url"],"type":"object"},"type":"array"},"replicaExternalLabelName":{"description":"Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`\"\"`).","type":"string"},"replicas":{"description":"Number of replicas of each shard to deploy for a Prometheus deployment. Number of replicas multiplied by shards is the total number of Pods created.","format":"int32","type":"integer"},"resources":{"description":"Define resources requests and limits for single Pods.","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"retention":{"description":"Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).","type":"string"},"retentionSize":{"description":"Maximum amount of disk space used by blocks.","type":"string"},"routePrefix":{"description":"The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.","type":"string"},"ruleNamespaceSelector":{"description":"Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"ruleSelector":{"description":"A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"rules":{"description":"/--rules.*/ command-line arguments.","properties":{"alert":{"description":"/--rules.alert.*/ command-line arguments","properties":{"forGracePeriod":{"description":"Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period.","type":"string"},"forOutageTolerance":{"description":"Max time to tolerate prometheus outage for restoring 'for' state of alert.","type":"string"},"resendDelay":{"description":"Minimum amount of time to wait before resending an alert to Alertmanager.","type":"string"}},"type":"object"}},"type":"object"},"scrapeInterval":{"description":"Interval between consecutive scrapes.","type":"string"},"scrapeTimeout":{"description":"Number of seconds to wait for target to respond before erroring.","type":"string"},"secrets":{"description":"Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/\u003csecret-name\u003e.","items":{"type":"string"},"type":"array"},"securityContext":{"description":"SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.","properties":{"fsGroup":{"description":"A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume.","format":"int64","type":"integer"},"fsGroupChangePolicy":{"description":"fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified defaults to \"Always\".","type":"string"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"supplementalGroups":{"description":"A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.","items":{"format":"int64","type":"integer"},"type":"array"},"sysctls":{"description":"Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.","items":{"description":"Sysctl defines a kernel parameter to be set","properties":{"name":{"description":"Name of a property to set","type":"string"},"value":{"description":"Value of a property to set","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"serviceAccountName":{"description":"ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.","type":"string"},"serviceMonitorNamespaceSelector":{"description":"Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"serviceMonitorSelector":{"description":"ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"sha":{"description":"SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.","type":"string"},"shards":{"description":"EXPERIMENTAL: Number of shards to distribute targets onto. Number of replicas multiplied by shards is the total number of Pods created. Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. Sharding is done on the content of the `__address__` target meta-label.","format":"int32","type":"integer"},"storage":{"description":"Storage spec to specify how storage shall be used.","properties":{"disableMountSubPath":{"description":"Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.","type":"boolean"},"emptyDir":{"description":"EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"volumeClaimTemplate":{"description":"A PVC spec to be used by the Prometheus StatefulSets.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"description":"EmbeddedMetadata contains metadata relevant to an EmbeddedResource.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"spec":{"description":"Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"dataSource":{"description":"This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.","properties":{"apiGroup":{"description":"APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.","type":"string"},"kind":{"description":"Kind is the type of resource being referenced","type":"string"},"name":{"description":"Name is the name of resource being referenced","type":"string"}},"required":["kind","name"],"type":"object"},"resources":{"description":"Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"selector":{"description":"A label query over volumes to consider for binding.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"storageClassName":{"description":"Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1","type":"string"},"volumeMode":{"description":"volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.","type":"string"},"volumeName":{"description":"VolumeName is the binding reference to the PersistentVolume backing this claim.","type":"string"}},"type":"object"},"status":{"description":"Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"capacity":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Represents the actual resources of the underlying volume.","type":"object"},"conditions":{"description":"Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.","items":{"description":"PersistentVolumeClaimCondition contails details about state of pvc","properties":{"lastProbeTime":{"description":"Last time we probed the condition.","format":"date-time","type":"string"},"lastTransitionTime":{"description":"Last time the condition transitioned from one status to another.","format":"date-time","type":"string"},"message":{"description":"Human-readable message indicating details about last transition.","type":"string"},"reason":{"description":"Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized.","type":"string"},"status":{"type":"string"},"type":{"description":"PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type","type":"string"}},"required":["status","type"],"type":"object"},"type":"array"},"phase":{"description":"Phase represents the current phase of PersistentVolumeClaim.","type":"string"}},"type":"object"}},"type":"object"}},"type":"object"},"tag":{"description":"Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.","type":"string"},"thanos":{"description":"Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. \n This section is experimental, it may change significantly without deprecation notice in any release. \n This is experimental and may change significantly without backward compatibility in any release.","properties":{"baseImage":{"description":"Thanos base image if other than default. Deprecated: use 'image' instead","type":"string"},"grpcServerTlsConfig":{"description":"GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"image":{"description":"Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured.","type":"string"},"listenLocal":{"description":"ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP.","type":"boolean"},"logFormat":{"description":"LogFormat for Thanos sidecar to be configured with.","type":"string"},"logLevel":{"description":"LogLevel for Thanos sidecar to be configured with.","type":"string"},"minTime":{"description":"MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.","type":"string"},"objectStorageConfig":{"description":"ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"objectStorageConfigFile":{"description":"ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence.","type":"string"},"resources":{"description":"Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"sha":{"description":"SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.","type":"string"},"tag":{"description":"Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.","type":"string"},"tracingConfig":{"description":"TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"version":{"description":"Version describes the version of Thanos to use.","type":"string"}},"type":"object"},"tolerations":{"description":"If specified, the pod's tolerations.","items":{"description":"The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.","properties":{"effect":{"description":"Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.","type":"string"},"key":{"description":"Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.","type":"string"},"operator":{"description":"Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.","type":"string"},"tolerationSeconds":{"description":"TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.","format":"int64","type":"integer"},"value":{"description":"Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.","type":"string"}},"type":"object"},"type":"array"},"topologySpreadConstraints":{"description":"If specified, the pod's topology spread constraints.","items":{"description":"TopologySpreadConstraint specifies how to spread matching pods among the given topology.","properties":{"labelSelector":{"description":"LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"maxSkew":{"description":"MaxSkew describes the degree to which pods may be unevenly distributed. It's the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It's a required field. Default value is 1 and 0 is not allowed.","format":"int32","type":"integer"},"topologyKey":{"description":"TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.","type":"string"},"whenUnsatisfiable":{"description":"WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It's considered as \"Unsatisfiable\" if and only if placing incoming pod on any topology violates \"MaxSkew\". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.","type":"string"}},"required":["maxSkew","topologyKey","whenUnsatisfiable"],"type":"object"},"type":"array"},"version":{"description":"Version of Prometheus to be deployed.","type":"string"},"volumeMounts":{"description":"VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"volumes":{"description":"Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.","items":{"description":"Volume represents a named volume in a pod that may be accessed by any container in the pod.","properties":{"awsElasticBlockStore":{"description":"AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).","format":"int32","type":"integer"},"readOnly":{"description":"Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"boolean"},"volumeID":{"description":"Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"string"}},"required":["volumeID"],"type":"object"},"azureDisk":{"description":"AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.","properties":{"cachingMode":{"description":"Host Caching mode: None, Read Only, Read Write.","type":"string"},"diskName":{"description":"The Name of the data disk in the blob storage","type":"string"},"diskURI":{"description":"The URI the data disk in the blob storage","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"kind":{"description":"Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"}},"required":["diskName","diskURI"],"type":"object"},"azureFile":{"description":"AzureFile represents an Azure File Service mount on the host and bind mount to the pod.","properties":{"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretName":{"description":"the name of secret that contains Azure Storage Account Name and Key","type":"string"},"shareName":{"description":"Share Name","type":"string"}},"required":["secretName","shareName"],"type":"object"},"cephfs":{"description":"CephFS represents a Ceph FS mount on the host that shares a pod's lifetime","properties":{"monitors":{"description":"Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"path":{"description":"Optional: Used as the mounted root, rather than the full Ceph tree, default is /","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"boolean"},"secretFile":{"description":"Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"},"secretRef":{"description":"Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"}},"required":["monitors"],"type":"object"},"cinder":{"description":"Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"boolean"},"secretRef":{"description":"Optional: points to a secret object containing parameters used to connect to OpenStack.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeID":{"description":"volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"}},"required":["volumeID"],"type":"object"},"configMap":{"description":"ConfigMap represents a configMap that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"csi":{"description":"CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).","properties":{"driver":{"description":"Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.","type":"string"},"fsType":{"description":"Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.","type":"string"},"nodePublishSecretRef":{"description":"NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"readOnly":{"description":"Specifies a read-only configuration for the volume. Defaults to false (read/write).","type":"boolean"},"volumeAttributes":{"additionalProperties":{"type":"string"},"description":"VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.","type":"object"}},"required":["driver"],"type":"object"},"downwardAPI":{"description":"DownwardAPI represents downward API about the pod that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"Items is a list of downward API volume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"emptyDir":{"description":"EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"fc":{"description":"FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"lun":{"description":"Optional: FC target lun number","format":"int32","type":"integer"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"targetWWNs":{"description":"Optional: FC target worldwide names (WWNs)","items":{"type":"string"},"type":"array"},"wwids":{"description":"Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.","items":{"type":"string"},"type":"array"}},"type":"object"},"flexVolume":{"description":"FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.","properties":{"driver":{"description":"Driver is the name of the driver to use for this volume.","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.","type":"string"},"options":{"additionalProperties":{"type":"string"},"description":"Optional: Extra command options if any.","type":"object"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"}},"required":["driver"],"type":"object"},"flocker":{"description":"Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running","properties":{"datasetName":{"description":"Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated","type":"string"},"datasetUUID":{"description":"UUID of the dataset. This is unique identifier of a Flocker dataset","type":"string"}},"type":"object"},"gcePersistentDisk":{"description":"GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","format":"int32","type":"integer"},"pdName":{"description":"Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"boolean"}},"required":["pdName"],"type":"object"},"gitRepo":{"description":"GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.","properties":{"directory":{"description":"Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.","type":"string"},"repository":{"description":"Repository URL","type":"string"},"revision":{"description":"Commit hash for the specified revision.","type":"string"}},"required":["repository"],"type":"object"},"glusterfs":{"description":"Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md","properties":{"endpoints":{"description":"EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"path":{"description":"Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"readOnly":{"description":"ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"boolean"}},"required":["endpoints","path"],"type":"object"},"hostPath":{"description":"HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.","properties":{"path":{"description":"Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"},"type":{"description":"Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"}},"required":["path"],"type":"object"},"iscsi":{"description":"ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md","properties":{"chapAuthDiscovery":{"description":"whether support iSCSI Discovery CHAP authentication","type":"boolean"},"chapAuthSession":{"description":"whether support iSCSI Session CHAP authentication","type":"boolean"},"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"initiatorName":{"description":"Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.","type":"string"},"iqn":{"description":"Target iSCSI Qualified Name.","type":"string"},"iscsiInterface":{"description":"iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).","type":"string"},"lun":{"description":"iSCSI Target Lun number.","format":"int32","type":"integer"},"portals":{"description":"iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","items":{"type":"string"},"type":"array"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.","type":"boolean"},"secretRef":{"description":"CHAP Secret for iSCSI target and initiator authentication","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"targetPortal":{"description":"iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","type":"string"}},"required":["iqn","lun","targetPortal"],"type":"object"},"name":{"description":"Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"nfs":{"description":"NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","properties":{"path":{"description":"Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"},"readOnly":{"description":"ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"boolean"},"server":{"description":"Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"}},"required":["path","server"],"type":"object"},"persistentVolumeClaim":{"description":"PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"claimName":{"description":"ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","type":"string"},"readOnly":{"description":"Will force the ReadOnly setting in VolumeMounts. Default false.","type":"boolean"}},"required":["claimName"],"type":"object"},"photonPersistentDisk":{"description":"PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"pdID":{"description":"ID that identifies Photon Controller persistent disk","type":"string"}},"required":["pdID"],"type":"object"},"portworxVolume":{"description":"PortworxVolume represents a portworx volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"volumeID":{"description":"VolumeID uniquely identifies a Portworx volume","type":"string"}},"required":["volumeID"],"type":"object"},"projected":{"description":"Items for all in one resources secrets, configmaps, and downward API","properties":{"defaultMode":{"description":"Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"sources":{"description":"list of volume projections","items":{"description":"Projection that may be projected along with other supported volume types","properties":{"configMap":{"description":"information about the configMap data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"downwardAPI":{"description":"information about the downwardAPI data to project","properties":{"items":{"description":"Items is a list of DownwardAPIVolume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"secret":{"description":"information about the secret data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"type":"object"},"serviceAccountToken":{"description":"information about the serviceAccountToken data to project","properties":{"audience":{"description":"Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.","type":"string"},"expirationSeconds":{"description":"ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.","format":"int64","type":"integer"},"path":{"description":"Path is the path relative to the mount point of the file to project the token into.","type":"string"}},"required":["path"],"type":"object"}},"type":"object"},"type":"array"}},"required":["sources"],"type":"object"},"quobyte":{"description":"Quobyte represents a Quobyte mount on the host that shares a pod's lifetime","properties":{"group":{"description":"Group to map volume access to Default is no group","type":"string"},"readOnly":{"description":"ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.","type":"boolean"},"registry":{"description":"Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes","type":"string"},"tenant":{"description":"Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin","type":"string"},"user":{"description":"User to map volume access to Defaults to serivceaccount user","type":"string"},"volume":{"description":"Volume is a string that references an already created Quobyte volume by name.","type":"string"}},"required":["registry","volume"],"type":"object"},"rbd":{"description":"RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"image":{"description":"The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"keyring":{"description":"Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"monitors":{"description":"A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"pool":{"description":"The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"boolean"},"secretRef":{"description":"SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"}},"required":["image","monitors"],"type":"object"},"scaleIO":{"description":"ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".","type":"string"},"gateway":{"description":"The host address of the ScaleIO API Gateway.","type":"string"},"protectionDomain":{"description":"The name of the ScaleIO Protection Domain for the configured storage.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"sslEnabled":{"description":"Flag to enable/disable SSL communication with Gateway, default false","type":"boolean"},"storageMode":{"description":"Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.","type":"string"},"storagePool":{"description":"The ScaleIO Storage Pool associated with the protection domain.","type":"string"},"system":{"description":"The name of the storage system as configured in ScaleIO.","type":"string"},"volumeName":{"description":"The name of a volume already created in the ScaleIO system that is associated with this volume source.","type":"string"}},"required":["gateway","secretRef","system"],"type":"object"},"secret":{"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"optional":{"description":"Specify whether the Secret or its keys must be defined","type":"boolean"},"secretName":{"description":"Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","type":"string"}},"type":"object"},"storageos":{"description":"StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeName":{"description":"VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.","type":"string"},"volumeNamespace":{"description":"VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.","type":"string"}},"type":"object"},"vsphereVolume":{"description":"VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"storagePolicyID":{"description":"Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.","type":"string"},"storagePolicyName":{"description":"Storage Policy Based Management (SPBM) profile name.","type":"string"},"volumePath":{"description":"Path that identifies vSphere volume vmdk","type":"string"}},"required":["volumePath"],"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"walCompression":{"description":"Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus \u003e= 2.11.0.","type":"boolean"},"web":{"description":"WebSpec defines the web command line flags when starting Prometheus.","properties":{"pageTitle":{"description":"The prometheus web page title","type":"string"}},"type":"object"}},"type":"object"},"status":{"description":"Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"availableReplicas":{"description":"Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment.","format":"int32","type":"integer"},"paused":{"description":"Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.","type":"boolean"},"replicas":{"description":"Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector).","format":"int32","type":"integer"},"unavailableReplicas":{"description":"Total number of unavailable pods targeted by this Prometheus deployment.","format":"int32","type":"integer"},"updatedReplicas":{"description":"Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec.","format":"int32","type":"integer"}},"required":["availableReplicas","paused","replicas","unavailableReplicas","updatedReplicas"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true,"subresources":{}}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file +{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"prometheuses.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"categories":["prometheus-operator"],"kind":"Prometheus","listKind":"PrometheusList","plural":"prometheuses","singular":"prometheus"},"scope":"Namespaced","versions":[{"additionalPrinterColumns":[{"description":"The version of Prometheus","jsonPath":".spec.version","name":"Version","type":"string"},{"description":"The desired replicas number of Prometheuses","jsonPath":".spec.replicas","name":"Replicas","type":"integer"},{"jsonPath":".metadata.creationTimestamp","name":"Age","type":"date"}],"name":"v1","schema":{"openAPIV3Schema":{"description":"Prometheus defines a Prometheus deployment.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"additionalAlertManagerConfigs":{"description":"AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"additionalAlertRelabelConfigs":{"description":"AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"additionalScrapeConfigs":{"description":"AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"affinity":{"description":"If specified, the pod's scheduling constraints.","properties":{"nodeAffinity":{"description":"Describes node affinity scheduling rules for the pod.","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.","items":{"description":"An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).","properties":{"preference":{"description":"A node selector term, associated with the corresponding weight.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"weight":{"description":"Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["preference","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.","properties":{"nodeSelectorTerms":{"description":"Required. A list of node selector terms. The terms are ORed.","items":{"description":"A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"type":"array"}},"required":["nodeSelectorTerms"],"type":"object"}},"type":"object"},"podAffinity":{"description":"Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"},"podAntiAffinity":{"description":"Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"}},"type":"object"},"alerting":{"description":"Define details regarding alerting.","properties":{"alertmanagers":{"description":"AlertmanagerEndpoints Prometheus should fire alerts against.","items":{"description":"AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against.","properties":{"apiVersion":{"description":"Version of the Alertmanager API that Prometheus uses to send alerts. It can be \"v1\" or \"v2\".","type":"string"},"bearerTokenFile":{"description":"BearerTokenFile to read from filesystem to use when authenticating to Alertmanager.","type":"string"},"name":{"description":"Name of Endpoints object in Namespace.","type":"string"},"namespace":{"description":"Namespace of Endpoints object.","type":"string"},"pathPrefix":{"description":"Prefix for the HTTP path alerts are pushed to.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Port the Alertmanager API is exposed on.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use when firing alerts.","type":"string"},"timeout":{"description":"Timeout is a per-target Alertmanager timeout when pushing alerts.","type":"string"},"tlsConfig":{"description":"TLS Config to use for alertmanager connection.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"required":["name","namespace","port"],"type":"object"},"type":"array"}},"required":["alertmanagers"],"type":"object"},"allowOverlappingBlocks":{"description":"AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release.","type":"boolean"},"apiserverConfig":{"description":"APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.","properties":{"basicAuth":{"description":"BasicAuth allow an endpoint to authenticate over basic authentication","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerToken":{"description":"Bearer token for accessing apiserver.","type":"string"},"bearerTokenFile":{"description":"File to read bearer token for accessing apiserver.","type":"string"},"host":{"description":"Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number","type":"string"},"tlsConfig":{"description":"TLS Config to use for accessing apiserver.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"required":["host"],"type":"object"},"arbitraryFSAccessThroughSMs":{"description":"ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files.","properties":{"deny":{"type":"boolean"}},"type":"object"},"baseImage":{"description":"Base image to use for a Prometheus deployment. Deprecated: use 'image' instead","type":"string"},"configMaps":{"description":"ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/\u003cconfigmap-name\u003e.","items":{"type":"string"},"type":"array"},"containers":{"description":"Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"disableCompaction":{"description":"Disable prometheus compaction.","type":"boolean"},"enableAdminAPI":{"description":"Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis","type":"boolean"},"enableFeatures":{"description":"Enable access to Prometheus disabled features. By default, no features are enabled. Enabling disabled features is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/","items":{"type":"string"},"type":"array"},"enforcedNamespaceLabel":{"description":"EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.","type":"string"},"enforcedSampleLimit":{"description":"EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.","format":"int64","type":"integer"},"enforcedTargetLimit":{"description":"EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep overall number of targets under the desired limit. Note that if TargetLimit is higher that value will be taken instead.","format":"int64","type":"integer"},"evaluationInterval":{"description":"Interval between consecutive evaluations.","type":"string"},"externalLabels":{"additionalProperties":{"type":"string"},"description":"The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager).","type":"object"},"externalUrl":{"description":"The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name.","type":"string"},"ignoreNamespaceSelectors":{"description":"IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor configs, and they will only discover endpoints within their current namespace. Defaults to false.","type":"boolean"},"image":{"description":"Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured.","type":"string"},"imagePullSecrets":{"description":"An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod","items":{"description":"LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"type":"array"},"initContainers":{"description":"InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"listenLocal":{"description":"ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.","type":"boolean"},"logFormat":{"description":"Log format for Prometheus to be configured with.","type":"string"},"logLevel":{"description":"Log level for Prometheus to be configured with.","type":"string"},"nodeSelector":{"additionalProperties":{"type":"string"},"description":"Define which Nodes the Pods are scheduled on.","type":"object"},"overrideHonorLabels":{"description":"OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor to true, this overrides honor_labels to false.","type":"boolean"},"overrideHonorTimestamps":{"description":"OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.","type":"boolean"},"paused":{"description":"When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.","type":"boolean"},"podMetadata":{"description":"PodMetadata configures Labels and Annotations which are propagated to the prometheus pods.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"podMonitorNamespaceSelector":{"description":"Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"podMonitorSelector":{"description":"*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"portName":{"description":"Port name used for the pods and governing service. This defaults to web","type":"string"},"priorityClassName":{"description":"Priority class assigned to the Pods","type":"string"},"probeNamespaceSelector":{"description":"*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"probeSelector":{"description":"*Experimental* Probes to be selected for target discovery.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"prometheusExternalLabelName":{"description":"Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`\"\"`).","type":"string"},"prometheusRulesExcludedFromEnforce":{"description":"PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair","items":{"description":"PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics.","properties":{"ruleName":{"description":"RuleNamespace - name of excluded rule","type":"string"},"ruleNamespace":{"description":"RuleNamespace - namespace of excluded rule","type":"string"}},"required":["ruleName","ruleNamespace"],"type":"object"},"type":"array"},"query":{"description":"QuerySpec defines the query command line flags when starting Prometheus.","properties":{"lookbackDelta":{"description":"The delta difference allowed for retrieving metrics during expression evaluations.","type":"string"},"maxConcurrency":{"description":"Number of concurrent queries that can be run at once.","format":"int32","type":"integer"},"maxSamples":{"description":"Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return.","format":"int32","type":"integer"},"timeout":{"description":"Maximum time a query may take before being aborted.","type":"string"}},"type":"object"},"queryLogFile":{"description":"QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log querie information to the default Prometheus log stream. This is only available in versions of Prometheus \u003e= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)","type":"string"},"remoteRead":{"description":"If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way.","items":{"description":"RemoteReadSpec defines the remote_read configuration for prometheus.","properties":{"basicAuth":{"description":"BasicAuth for the URL.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerToken":{"description":"Bearer token for remote read.","type":"string"},"bearerTokenFile":{"description":"File to read bearer token for remote read.","type":"string"},"name":{"description":"The name of the remote read queue, must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer.","type":"string"},"proxyUrl":{"description":"Optional ProxyURL","type":"string"},"readRecent":{"description":"Whether reads should be made for queries for time ranges that the local storage should have complete data for.","type":"boolean"},"remoteTimeout":{"description":"Timeout for requests to the remote read endpoint.","type":"string"},"requiredMatchers":{"additionalProperties":{"type":"string"},"description":"An optional list of equality matchers which have to be present in a selector to query the remote read endpoint.","type":"object"},"tlsConfig":{"description":"TLS Config to use for remote read.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"url":{"description":"The URL of the endpoint to send samples to.","type":"string"}},"required":["url"],"type":"object"},"type":"array"},"remoteWrite":{"description":"If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way.","items":{"description":"RemoteWriteSpec defines the remote_write configuration for prometheus.","properties":{"basicAuth":{"description":"BasicAuth for the URL.","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerToken":{"description":"Bearer token for remote write.","type":"string"},"bearerTokenFile":{"description":"File to read bearer token for remote write.","type":"string"},"headers":{"additionalProperties":{"type":"string"},"description":"Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.25.0 and newer.","type":"object"},"metadataConfig":{"description":"MetadataConfig configures the sending of series metadata to remote storage.","properties":{"send":{"description":"Whether metric metadata is sent to remote storage or not.","type":"boolean"},"sendInterval":{"description":"How frequently metric metadata is sent to remote storage.","type":"string"}},"type":"object"},"name":{"description":"The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer.","type":"string"},"proxyUrl":{"description":"Optional ProxyURL","type":"string"},"queueConfig":{"description":"QueueConfig allows tuning of the remote write queue parameters.","properties":{"batchSendDeadline":{"description":"BatchSendDeadline is the maximum time a sample will wait in buffer.","type":"string"},"capacity":{"description":"Capacity is the number of samples to buffer per shard before we start dropping them.","type":"integer"},"maxBackoff":{"description":"MaxBackoff is the maximum retry delay.","type":"string"},"maxRetries":{"description":"MaxRetries is the maximum number of times to retry a batch on recoverable errors.","type":"integer"},"maxSamplesPerSend":{"description":"MaxSamplesPerSend is the maximum number of samples per send.","type":"integer"},"maxShards":{"description":"MaxShards is the maximum number of shards, i.e. amount of concurrency.","type":"integer"},"minBackoff":{"description":"MinBackoff is the initial retry delay. Gets doubled for every retry.","type":"string"},"minShards":{"description":"MinShards is the minimum number of shards, i.e. amount of concurrency.","type":"integer"}},"type":"object"},"remoteTimeout":{"description":"Timeout for requests to the remote write endpoint.","type":"string"},"tlsConfig":{"description":"TLS Config to use for remote write.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"url":{"description":"The URL of the endpoint to send samples to.","type":"string"},"writeRelabelConfigs":{"description":"The list of remote write relabel configurations.","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"}},"required":["url"],"type":"object"},"type":"array"},"replicaExternalLabelName":{"description":"Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`\"\"`).","type":"string"},"replicas":{"description":"Number of replicas of each shard to deploy for a Prometheus deployment. Number of replicas multiplied by shards is the total number of Pods created.","format":"int32","type":"integer"},"resources":{"description":"Define resources requests and limits for single Pods.","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"retention":{"description":"Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).","type":"string"},"retentionSize":{"description":"Maximum amount of disk space used by blocks. Supported units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.","type":"string"},"routePrefix":{"description":"The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.","type":"string"},"ruleNamespaceSelector":{"description":"Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"ruleSelector":{"description":"A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"rules":{"description":"/--rules.*/ command-line arguments.","properties":{"alert":{"description":"/--rules.alert.*/ command-line arguments","properties":{"forGracePeriod":{"description":"Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period.","type":"string"},"forOutageTolerance":{"description":"Max time to tolerate prometheus outage for restoring 'for' state of alert.","type":"string"},"resendDelay":{"description":"Minimum amount of time to wait before resending an alert to Alertmanager.","type":"string"}},"type":"object"}},"type":"object"},"scrapeInterval":{"description":"Interval between consecutive scrapes.","type":"string"},"scrapeTimeout":{"description":"Number of seconds to wait for target to respond before erroring.","type":"string"},"secrets":{"description":"Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/\u003csecret-name\u003e.","items":{"type":"string"},"type":"array"},"securityContext":{"description":"SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.","properties":{"fsGroup":{"description":"A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume.","format":"int64","type":"integer"},"fsGroupChangePolicy":{"description":"fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified defaults to \"Always\".","type":"string"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"supplementalGroups":{"description":"A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.","items":{"format":"int64","type":"integer"},"type":"array"},"sysctls":{"description":"Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.","items":{"description":"Sysctl defines a kernel parameter to be set","properties":{"name":{"description":"Name of a property to set","type":"string"},"value":{"description":"Value of a property to set","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"serviceAccountName":{"description":"ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.","type":"string"},"serviceMonitorNamespaceSelector":{"description":"Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"serviceMonitorSelector":{"description":"ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"sha":{"description":"SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.","type":"string"},"shards":{"description":"EXPERIMENTAL: Number of shards to distribute targets onto. Number of replicas multiplied by shards is the total number of Pods created. Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. Sharding is done on the content of the `__address__` target meta-label.","format":"int32","type":"integer"},"storage":{"description":"Storage spec to specify how storage shall be used.","properties":{"disableMountSubPath":{"description":"Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.","type":"boolean"},"emptyDir":{"description":"EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"volumeClaimTemplate":{"description":"A PVC spec to be used by the Prometheus StatefulSets.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"description":"EmbeddedMetadata contains metadata relevant to an EmbeddedResource.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"spec":{"description":"Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"dataSource":{"description":"This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.","properties":{"apiGroup":{"description":"APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.","type":"string"},"kind":{"description":"Kind is the type of resource being referenced","type":"string"},"name":{"description":"Name is the name of resource being referenced","type":"string"}},"required":["kind","name"],"type":"object"},"resources":{"description":"Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"selector":{"description":"A label query over volumes to consider for binding.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"storageClassName":{"description":"Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1","type":"string"},"volumeMode":{"description":"volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.","type":"string"},"volumeName":{"description":"VolumeName is the binding reference to the PersistentVolume backing this claim.","type":"string"}},"type":"object"},"status":{"description":"Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"capacity":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Represents the actual resources of the underlying volume.","type":"object"},"conditions":{"description":"Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.","items":{"description":"PersistentVolumeClaimCondition contails details about state of pvc","properties":{"lastProbeTime":{"description":"Last time we probed the condition.","format":"date-time","type":"string"},"lastTransitionTime":{"description":"Last time the condition transitioned from one status to another.","format":"date-time","type":"string"},"message":{"description":"Human-readable message indicating details about last transition.","type":"string"},"reason":{"description":"Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized.","type":"string"},"status":{"type":"string"},"type":{"description":"PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type","type":"string"}},"required":["status","type"],"type":"object"},"type":"array"},"phase":{"description":"Phase represents the current phase of PersistentVolumeClaim.","type":"string"}},"type":"object"}},"type":"object"}},"type":"object"},"tag":{"description":"Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.","type":"string"},"thanos":{"description":"Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. \n This section is experimental, it may change significantly without deprecation notice in any release. \n This is experimental and may change significantly without backward compatibility in any release.","properties":{"baseImage":{"description":"Thanos base image if other than default. Deprecated: use 'image' instead","type":"string"},"grpcServerTlsConfig":{"description":"GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"image":{"description":"Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured.","type":"string"},"listenLocal":{"description":"ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP.","type":"boolean"},"logFormat":{"description":"LogFormat for Thanos sidecar to be configured with.","type":"string"},"logLevel":{"description":"LogLevel for Thanos sidecar to be configured with.","type":"string"},"minTime":{"description":"MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.","type":"string"},"objectStorageConfig":{"description":"ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"objectStorageConfigFile":{"description":"ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence.","type":"string"},"resources":{"description":"Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"sha":{"description":"SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.","type":"string"},"tag":{"description":"Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.","type":"string"},"tracingConfig":{"description":"TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"tracingConfigFile":{"description":"TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence.","type":"string"},"version":{"description":"Version describes the version of Thanos to use.","type":"string"}},"type":"object"},"tolerations":{"description":"If specified, the pod's tolerations.","items":{"description":"The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.","properties":{"effect":{"description":"Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.","type":"string"},"key":{"description":"Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.","type":"string"},"operator":{"description":"Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.","type":"string"},"tolerationSeconds":{"description":"TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.","format":"int64","type":"integer"},"value":{"description":"Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.","type":"string"}},"type":"object"},"type":"array"},"topologySpreadConstraints":{"description":"If specified, the pod's topology spread constraints.","items":{"description":"TopologySpreadConstraint specifies how to spread matching pods among the given topology.","properties":{"labelSelector":{"description":"LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"maxSkew":{"description":"MaxSkew describes the degree to which pods may be unevenly distributed. It's the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It's a required field. Default value is 1 and 0 is not allowed.","format":"int32","type":"integer"},"topologyKey":{"description":"TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.","type":"string"},"whenUnsatisfiable":{"description":"WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It's considered as \"Unsatisfiable\" if and only if placing incoming pod on any topology violates \"MaxSkew\". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.","type":"string"}},"required":["maxSkew","topologyKey","whenUnsatisfiable"],"type":"object"},"type":"array"},"version":{"description":"Version of Prometheus to be deployed.","type":"string"},"volumeMounts":{"description":"VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"volumes":{"description":"Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.","items":{"description":"Volume represents a named volume in a pod that may be accessed by any container in the pod.","properties":{"awsElasticBlockStore":{"description":"AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).","format":"int32","type":"integer"},"readOnly":{"description":"Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"boolean"},"volumeID":{"description":"Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"string"}},"required":["volumeID"],"type":"object"},"azureDisk":{"description":"AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.","properties":{"cachingMode":{"description":"Host Caching mode: None, Read Only, Read Write.","type":"string"},"diskName":{"description":"The Name of the data disk in the blob storage","type":"string"},"diskURI":{"description":"The URI the data disk in the blob storage","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"kind":{"description":"Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"}},"required":["diskName","diskURI"],"type":"object"},"azureFile":{"description":"AzureFile represents an Azure File Service mount on the host and bind mount to the pod.","properties":{"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretName":{"description":"the name of secret that contains Azure Storage Account Name and Key","type":"string"},"shareName":{"description":"Share Name","type":"string"}},"required":["secretName","shareName"],"type":"object"},"cephfs":{"description":"CephFS represents a Ceph FS mount on the host that shares a pod's lifetime","properties":{"monitors":{"description":"Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"path":{"description":"Optional: Used as the mounted root, rather than the full Ceph tree, default is /","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"boolean"},"secretFile":{"description":"Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"},"secretRef":{"description":"Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"}},"required":["monitors"],"type":"object"},"cinder":{"description":"Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"boolean"},"secretRef":{"description":"Optional: points to a secret object containing parameters used to connect to OpenStack.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeID":{"description":"volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"}},"required":["volumeID"],"type":"object"},"configMap":{"description":"ConfigMap represents a configMap that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"csi":{"description":"CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).","properties":{"driver":{"description":"Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.","type":"string"},"fsType":{"description":"Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.","type":"string"},"nodePublishSecretRef":{"description":"NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"readOnly":{"description":"Specifies a read-only configuration for the volume. Defaults to false (read/write).","type":"boolean"},"volumeAttributes":{"additionalProperties":{"type":"string"},"description":"VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.","type":"object"}},"required":["driver"],"type":"object"},"downwardAPI":{"description":"DownwardAPI represents downward API about the pod that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"Items is a list of downward API volume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"emptyDir":{"description":"EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"fc":{"description":"FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"lun":{"description":"Optional: FC target lun number","format":"int32","type":"integer"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"targetWWNs":{"description":"Optional: FC target worldwide names (WWNs)","items":{"type":"string"},"type":"array"},"wwids":{"description":"Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.","items":{"type":"string"},"type":"array"}},"type":"object"},"flexVolume":{"description":"FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.","properties":{"driver":{"description":"Driver is the name of the driver to use for this volume.","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.","type":"string"},"options":{"additionalProperties":{"type":"string"},"description":"Optional: Extra command options if any.","type":"object"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"}},"required":["driver"],"type":"object"},"flocker":{"description":"Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running","properties":{"datasetName":{"description":"Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated","type":"string"},"datasetUUID":{"description":"UUID of the dataset. This is unique identifier of a Flocker dataset","type":"string"}},"type":"object"},"gcePersistentDisk":{"description":"GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","format":"int32","type":"integer"},"pdName":{"description":"Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"boolean"}},"required":["pdName"],"type":"object"},"gitRepo":{"description":"GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.","properties":{"directory":{"description":"Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.","type":"string"},"repository":{"description":"Repository URL","type":"string"},"revision":{"description":"Commit hash for the specified revision.","type":"string"}},"required":["repository"],"type":"object"},"glusterfs":{"description":"Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md","properties":{"endpoints":{"description":"EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"path":{"description":"Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"readOnly":{"description":"ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"boolean"}},"required":["endpoints","path"],"type":"object"},"hostPath":{"description":"HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.","properties":{"path":{"description":"Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"},"type":{"description":"Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"}},"required":["path"],"type":"object"},"iscsi":{"description":"ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md","properties":{"chapAuthDiscovery":{"description":"whether support iSCSI Discovery CHAP authentication","type":"boolean"},"chapAuthSession":{"description":"whether support iSCSI Session CHAP authentication","type":"boolean"},"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"initiatorName":{"description":"Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.","type":"string"},"iqn":{"description":"Target iSCSI Qualified Name.","type":"string"},"iscsiInterface":{"description":"iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).","type":"string"},"lun":{"description":"iSCSI Target Lun number.","format":"int32","type":"integer"},"portals":{"description":"iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","items":{"type":"string"},"type":"array"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.","type":"boolean"},"secretRef":{"description":"CHAP Secret for iSCSI target and initiator authentication","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"targetPortal":{"description":"iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","type":"string"}},"required":["iqn","lun","targetPortal"],"type":"object"},"name":{"description":"Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"nfs":{"description":"NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","properties":{"path":{"description":"Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"},"readOnly":{"description":"ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"boolean"},"server":{"description":"Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"}},"required":["path","server"],"type":"object"},"persistentVolumeClaim":{"description":"PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"claimName":{"description":"ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","type":"string"},"readOnly":{"description":"Will force the ReadOnly setting in VolumeMounts. Default false.","type":"boolean"}},"required":["claimName"],"type":"object"},"photonPersistentDisk":{"description":"PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"pdID":{"description":"ID that identifies Photon Controller persistent disk","type":"string"}},"required":["pdID"],"type":"object"},"portworxVolume":{"description":"PortworxVolume represents a portworx volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"volumeID":{"description":"VolumeID uniquely identifies a Portworx volume","type":"string"}},"required":["volumeID"],"type":"object"},"projected":{"description":"Items for all in one resources secrets, configmaps, and downward API","properties":{"defaultMode":{"description":"Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"sources":{"description":"list of volume projections","items":{"description":"Projection that may be projected along with other supported volume types","properties":{"configMap":{"description":"information about the configMap data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"downwardAPI":{"description":"information about the downwardAPI data to project","properties":{"items":{"description":"Items is a list of DownwardAPIVolume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"secret":{"description":"information about the secret data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"type":"object"},"serviceAccountToken":{"description":"information about the serviceAccountToken data to project","properties":{"audience":{"description":"Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.","type":"string"},"expirationSeconds":{"description":"ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.","format":"int64","type":"integer"},"path":{"description":"Path is the path relative to the mount point of the file to project the token into.","type":"string"}},"required":["path"],"type":"object"}},"type":"object"},"type":"array"}},"required":["sources"],"type":"object"},"quobyte":{"description":"Quobyte represents a Quobyte mount on the host that shares a pod's lifetime","properties":{"group":{"description":"Group to map volume access to Default is no group","type":"string"},"readOnly":{"description":"ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.","type":"boolean"},"registry":{"description":"Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes","type":"string"},"tenant":{"description":"Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin","type":"string"},"user":{"description":"User to map volume access to Defaults to serivceaccount user","type":"string"},"volume":{"description":"Volume is a string that references an already created Quobyte volume by name.","type":"string"}},"required":["registry","volume"],"type":"object"},"rbd":{"description":"RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"image":{"description":"The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"keyring":{"description":"Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"monitors":{"description":"A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"pool":{"description":"The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"boolean"},"secretRef":{"description":"SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"}},"required":["image","monitors"],"type":"object"},"scaleIO":{"description":"ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".","type":"string"},"gateway":{"description":"The host address of the ScaleIO API Gateway.","type":"string"},"protectionDomain":{"description":"The name of the ScaleIO Protection Domain for the configured storage.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"sslEnabled":{"description":"Flag to enable/disable SSL communication with Gateway, default false","type":"boolean"},"storageMode":{"description":"Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.","type":"string"},"storagePool":{"description":"The ScaleIO Storage Pool associated with the protection domain.","type":"string"},"system":{"description":"The name of the storage system as configured in ScaleIO.","type":"string"},"volumeName":{"description":"The name of a volume already created in the ScaleIO system that is associated with this volume source.","type":"string"}},"required":["gateway","secretRef","system"],"type":"object"},"secret":{"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"optional":{"description":"Specify whether the Secret or its keys must be defined","type":"boolean"},"secretName":{"description":"Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","type":"string"}},"type":"object"},"storageos":{"description":"StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeName":{"description":"VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.","type":"string"},"volumeNamespace":{"description":"VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.","type":"string"}},"type":"object"},"vsphereVolume":{"description":"VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"storagePolicyID":{"description":"Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.","type":"string"},"storagePolicyName":{"description":"Storage Policy Based Management (SPBM) profile name.","type":"string"},"volumePath":{"description":"Path that identifies vSphere volume vmdk","type":"string"}},"required":["volumePath"],"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"walCompression":{"description":"Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus \u003e= 2.11.0.","type":"boolean"},"web":{"description":"WebSpec defines the web command line flags when starting Prometheus.","properties":{"pageTitle":{"description":"The prometheus web page title","type":"string"}},"type":"object"}},"type":"object"},"status":{"description":"Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"availableReplicas":{"description":"Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment.","format":"int32","type":"integer"},"paused":{"description":"Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.","type":"boolean"},"replicas":{"description":"Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector).","format":"int32","type":"integer"},"unavailableReplicas":{"description":"Total number of unavailable pods targeted by this Prometheus deployment.","format":"int32","type":"integer"},"updatedReplicas":{"description":"Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec.","format":"int32","type":"integer"}},"required":["availableReplicas","paused","replicas","unavailableReplicas","updatedReplicas"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true,"subresources":{}}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file diff --git a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet index cfbf631..78a68c6 100644 --- a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet @@ -1,208 +1,218 @@ -local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; +local defaults = { + local defaults = self, + name: 'prometheus-operator', + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide image', + configReloaderImage: error 'must provide configReloaderImage', + port: 8080, + resources: { + limits: { cpu: '200m', memory: '200Mi' }, + requests: { cpu: '100m', memory: '100Mi' }, + }, + commonLabels:: { + 'app.kubernetes.io/name': 'prometheus-operator', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'controller', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, +}; -{ - _config+:: { - namespace: 'default', +function(params) { + local po = self, + config:: defaults + params, - prometheusOperator+:: { - deploymentSelectorLabels: { - 'app.kubernetes.io/name': 'prometheus-operator', - 'app.kubernetes.io/component': 'controller', - }, - commonLabels: - $._config.prometheusOperator.deploymentSelectorLabels - { 'app.kubernetes.io/version': $._config.versions.prometheusOperator }, + // Prefixing with 0 to ensure these manifests are listed and therefore created first. + '0alertmanagerCustomResourceDefinition': import 'alertmanager-crd.libsonnet', + '0alertmanagerConfigCustomResourceDefinition': import 'alertmanagerconfig-crd.libsonnet', + '0prometheusCustomResourceDefinition': import 'prometheus-crd.libsonnet', + '0servicemonitorCustomResourceDefinition': import 'servicemonitor-crd.libsonnet', + '0podmonitorCustomResourceDefinition': import 'podmonitor-crd.libsonnet', + '0probeCustomResourceDefinition': import 'probe-crd.libsonnet', + '0prometheusruleCustomResourceDefinition': import 'prometheusrule-crd.libsonnet', + '0thanosrulerCustomResourceDefinition': import 'thanosruler-crd.libsonnet', + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: po.config.name, + labels: po.config.commonLabels, }, - - versions+:: { - prometheusOperator: 'v0.44.1', - prometheusConfigReloader: self.prometheusOperator, - }, - - imageRepos+:: { - prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator', - prometheusConfigReloader: 'quay.io/prometheus-operator/prometheus-config-reloader', + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: po.config.name, }, + subjects: [{ + kind: 'ServiceAccount', + name: po.config.name, + namespace: po.config.namespace, + }], }, - prometheusOperator+:: { - local po = self, - - namespace:: $._config.namespace, - commonLabels:: $._config.prometheusOperator.commonLabels, - deploymentSelectorLabels:: $._config.prometheusOperator.deploymentSelectorLabels, - - image:: $._config.imageRepos.prometheusOperator, - version:: $._config.versions.prometheusOperator, - prometheusConfigReloaderImage:: $._config.imageRepos.prometheusConfigReloader, - prometheusConfigReloaderVersion:: $._config.versions.prometheusConfigReloader, - - // Prefixing with 0 to ensure these manifests are listed and therefore created first. - '0alertmanagerCustomResourceDefinition': import 'alertmanager-crd.libsonnet', - '0alertmanagerConfigCustomResourceDefinition': import 'alertmanagerconfig-crd.libsonnet', - '0prometheusCustomResourceDefinition': import 'prometheus-crd.libsonnet', - '0servicemonitorCustomResourceDefinition': import 'servicemonitor-crd.libsonnet', - '0podmonitorCustomResourceDefinition': import 'podmonitor-crd.libsonnet', - '0probeCustomResourceDefinition': import 'probe-crd.libsonnet', - '0prometheusruleCustomResourceDefinition': import 'prometheusrule-crd.libsonnet', - '0thanosrulerCustomResourceDefinition': import 'thanosruler-crd.libsonnet', - - clusterRoleBinding: - local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; - - clusterRoleBinding.new() + - clusterRoleBinding.mixin.metadata.withLabels(po.commonLabels) + - clusterRoleBinding.mixin.metadata.withName('prometheus-operator') + - clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - clusterRoleBinding.mixin.roleRef.withName('prometheus-operator') + - clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + - clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-operator', namespace: po.namespace }]), - - clusterRole: - local clusterRole = k.rbac.v1.clusterRole; - local policyRule = clusterRole.rulesType; - - local monitoringRule = policyRule.new() + - policyRule.withApiGroups(['monitoring.coreos.com']) + - policyRule.withResources([ - 'alertmanagers', - 'alertmanagers/finalizers', - 'alertmanagerconfigs', - 'prometheuses', - 'prometheuses/finalizers', - 'thanosrulers', - 'thanosrulers/finalizers', - 'servicemonitors', - 'podmonitors', - 'probes', - 'prometheusrules', - ]) + - policyRule.withVerbs(['*']); - - local appsRule = policyRule.new() + - policyRule.withApiGroups(['apps']) + - policyRule.withResources([ - 'statefulsets', - ]) + - policyRule.withVerbs(['*']); - - local coreRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'configmaps', - 'secrets', - ]) + - policyRule.withVerbs(['*']); - - local podRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'pods', - ]) + - policyRule.withVerbs(['list', 'delete']); - - local routingRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'services', - 'services/finalizers', - 'endpoints', - ]) + - policyRule.withVerbs(['get', 'create', 'update', 'delete']); - - local nodeRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'nodes', - ]) + - policyRule.withVerbs(['list', 'watch']); - - local namespaceRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'namespaces', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - - local ingressRule = policyRule.new() + - policyRule.withApiGroups(['networking.k8s.io']) + - policyRule.withResources([ - 'ingresses', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - - - local rules = [monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule, ingressRule]; - - clusterRole.new() + - clusterRole.mixin.metadata.withLabels(po.commonLabels) + - clusterRole.mixin.metadata.withName('prometheus-operator') + - clusterRole.withRules(rules), - - deployment: - local deployment = k.apps.v1.deployment; - local container = k.apps.v1.deployment.mixin.spec.template.spec.containersType; - local containerPort = container.portsType; - - local targetPort = 8080; - - local operatorContainer = - container.new('prometheus-operator', po.image + ':' + po.version) + - container.withPorts(containerPort.newNamed(targetPort, 'http')) + - container.withArgs([ - '--kubelet-service=kube-system/kubelet', - '--prometheus-config-reloader=' + po.prometheusConfigReloaderImage + ':' + po.prometheusConfigReloaderVersion, - ]) + - container.mixin.securityContext.withAllowPrivilegeEscalation(false) + - container.mixin.resources.withRequests({ cpu: '100m', memory: '100Mi' }) + - container.mixin.resources.withLimits({ cpu: '200m', memory: '200Mi' }); - - deployment.new('prometheus-operator', 1, operatorContainer, po.commonLabels) + - deployment.mixin.metadata.withNamespace(po.namespace) + - deployment.mixin.metadata.withLabels(po.commonLabels) + - deployment.mixin.spec.selector.withMatchLabels(po.deploymentSelectorLabels) + - deployment.mixin.spec.template.spec.withNodeSelector({ 'beta.kubernetes.io/os': 'linux' }) + - deployment.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) + - deployment.mixin.spec.template.spec.securityContext.withRunAsUser(65534) + - deployment.mixin.spec.template.spec.withServiceAccountName('prometheus-operator'), - - serviceAccount: - local serviceAccount = k.core.v1.serviceAccount; - - serviceAccount.new('prometheus-operator') + - serviceAccount.mixin.metadata.withLabels(po.commonLabels) + - serviceAccount.mixin.metadata.withNamespace(po.namespace), - - service: - local service = k.core.v1.service; - local servicePort = k.core.v1.service.mixin.spec.portsType; - - local poServicePort = servicePort.newNamed('http', 8080, 'http'); - - service.new('prometheus-operator', po.deployment.spec.selector.matchLabels, [poServicePort]) + - service.mixin.metadata.withLabels(po.commonLabels) + - service.mixin.metadata.withNamespace(po.namespace) + - service.mixin.spec.withClusterIp('None'), - serviceMonitor: + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: po.config.name, + labels: po.config.commonLabels, + }, + rules: [ { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'prometheus-operator', - namespace: po.namespace, - labels: po.commonLabels, - }, - spec: { - endpoints: [ - { - port: 'http', - honorLabels: true, + apiGroups: ['monitoring.coreos.com'], + resources: [ + 'alertmanagers', + 'alertmanagers/finalizers', + 'alertmanagerconfigs', + 'prometheuses', + 'prometheuses/finalizers', + 'thanosrulers', + 'thanosrulers/finalizers', + 'servicemonitors', + 'podmonitors', + 'probes', + 'prometheusrules', + ], + verbs: ['*'], + }, + { + apiGroups: ['apps'], + resources: ['statefulsets'], + verbs: ['*'], + }, + { + apiGroups: [''], + resources: ['configmaps', 'secrets'], + verbs: ['*'], + }, + { + apiGroups: [''], + resources: ['pods'], + verbs: ['list', 'delete'], + }, + { + apiGroups: [''], + resources: [ + 'services', + 'services/finalizers', + 'endpoints', + ], + verbs: ['get', 'create', 'update', 'delete'], + }, + { + apiGroups: [''], + resources: ['nodes'], + verbs: ['list', 'watch'], + }, + { + apiGroups: [''], + resources: ['namespaces'], + verbs: ['get', 'list', 'watch'], + }, + { + apiGroups: ['networking.k8s.io'], + resources: ['ingresses'], + verbs: ['get', 'list', 'watch'], + }, + ], + }, + + deployment: + local container = { + name: po.config.name, + image: po.config.image, + args: [ + '--kubelet-service=kube-system/kubelet', + '--prometheus-config-reloader=' + po.config.configReloaderImage, + ], + ports: [{ + containerPort: po.config.port, + name: 'http', + }], + resources: po.config.resources, + securityContext: { + allowPrivilegeEscalation: false, + }, + }; + { + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: po.config.name, + namespace: po.config.namespace, + labels: po.config.commonLabels, + }, + spec: { + replicas: 1, + selector: { matchLabels: po.config.selectorLabels }, + template: { + metadata: { labels: po.config.commonLabels }, + spec: { + containers: [container], + nodeSelector: { + 'kubernetes.io/os': 'linux', }, - ], - selector: { - matchLabels: po.commonLabels, + + securityContext: { + runAsNonRoot: true, + runAsUser: 65534, + }, + serviceAccountName: po.config.name, }, }, }, + }, + + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: po.config.name, + namespace: po.config.namespace, + labels: po.config.commonLabels, + }, + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: po.config.name, + namespace: po.config.namespace, + labels: po.config.commonLabels, + }, + spec: { + ports: [ + { name: 'http', targetPort: 'http', port: po.config.port }, + ], + selector: po.config.selectorLabels, + clusterIP: 'None', + }, + }, + + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'prometheus-operator', + namespace: po.config.namespace, + labels: po.config.commonLabels, + }, + spec: { + endpoints: [ + { + port: 'http', + honorLabels: true, + }, + ], + selector: { + matchLabels: po.config.commonLabels, + }, + }, }, } diff --git a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/servicemonitor-crd.libsonnet b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/servicemonitor-crd.libsonnet index a0083e8..9aeba46 100644 --- a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/servicemonitor-crd.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/servicemonitor-crd.libsonnet @@ -1 +1 @@ -{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"servicemonitors.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"kind":"ServiceMonitor","listKind":"ServiceMonitorList","plural":"servicemonitors","singular":"servicemonitor"},"scope":"Namespaced","versions":[{"name":"v1","schema":{"openAPIV3Schema":{"description":"ServiceMonitor defines monitoring for a set of services.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of desired Service selection for target discovery by Prometheus.","properties":{"endpoints":{"description":"A list of endpoints allowed as part of this ServiceMonitor.","items":{"description":"Endpoint defines a scrapeable endpoint serving Prometheus metrics.","properties":{"basicAuth":{"description":"BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenFile":{"description":"File to read bearer token for scraping targets.","type":"string"},"bearerTokenSecret":{"description":"Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"honorLabels":{"description":"HonorLabels chooses the metric's labels on collisions with target labels.","type":"boolean"},"honorTimestamps":{"description":"HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.","type":"boolean"},"interval":{"description":"Interval at which metrics should be scraped","type":"string"},"metricRelabelings":{"description":"MetricRelabelConfigs to apply to samples before ingestion.","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"params":{"additionalProperties":{"items":{"type":"string"},"type":"array"},"description":"Optional HTTP URL parameters","type":"object"},"path":{"description":"HTTP path to scrape for metrics.","type":"string"},"port":{"description":"Name of the service port this endpoint refers to. Mutually exclusive with targetPort.","type":"string"},"proxyUrl":{"description":"ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.","type":"string"},"relabelings":{"description":"RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"scheme":{"description":"HTTP scheme to use for scraping.","type":"string"},"scrapeTimeout":{"description":"Timeout after which the scrape is ended","type":"string"},"targetPort":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port.","x-kubernetes-int-or-string":true},"tlsConfig":{"description":"TLS configuration to use when scraping the endpoint","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"type":"array"},"jobLabel":{"description":"The label to use to retrieve the job name from.","type":"string"},"namespaceSelector":{"description":"Selector to select which namespaces the Endpoints objects are discovered from.","properties":{"any":{"description":"Boolean describing whether all namespaces are selected in contrast to a list restricting them.","type":"boolean"},"matchNames":{"description":"List of namespace names.","items":{"type":"string"},"type":"array"}},"type":"object"},"podTargetLabels":{"description":"PodTargetLabels transfers labels on the Kubernetes Pod onto the target.","items":{"type":"string"},"type":"array"},"sampleLimit":{"description":"SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.","format":"int64","type":"integer"},"selector":{"description":"Selector to select Endpoints objects.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"targetLabels":{"description":"TargetLabels transfers labels on the Kubernetes Service onto the target.","items":{"type":"string"},"type":"array"},"targetLimit":{"description":"TargetLimit defines a limit on the number of scraped targets that will be accepted.","format":"int64","type":"integer"}},"required":["endpoints","selector"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file +{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"servicemonitors.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"categories":["prometheus-operator"],"kind":"ServiceMonitor","listKind":"ServiceMonitorList","plural":"servicemonitors","singular":"servicemonitor"},"scope":"Namespaced","versions":[{"name":"v1","schema":{"openAPIV3Schema":{"description":"ServiceMonitor defines monitoring for a set of services.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of desired Service selection for target discovery by Prometheus.","properties":{"endpoints":{"description":"A list of endpoints allowed as part of this ServiceMonitor.","items":{"description":"Endpoint defines a scrapeable endpoint serving Prometheus metrics.","properties":{"basicAuth":{"description":"BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints","properties":{"password":{"description":"The secret in the service monitor namespace that contains the password for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"username":{"description":"The secret in the service monitor namespace that contains the username for authentication.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"bearerTokenFile":{"description":"File to read bearer token for scraping targets.","type":"string"},"bearerTokenSecret":{"description":"Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"honorLabels":{"description":"HonorLabels chooses the metric's labels on collisions with target labels.","type":"boolean"},"honorTimestamps":{"description":"HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.","type":"boolean"},"interval":{"description":"Interval at which metrics should be scraped","type":"string"},"metricRelabelings":{"description":"MetricRelabelConfigs to apply to samples before ingestion.","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"params":{"additionalProperties":{"items":{"type":"string"},"type":"array"},"description":"Optional HTTP URL parameters","type":"object"},"path":{"description":"HTTP path to scrape for metrics.","type":"string"},"port":{"description":"Name of the service port this endpoint refers to. Mutually exclusive with targetPort.","type":"string"},"proxyUrl":{"description":"ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.","type":"string"},"relabelings":{"description":"RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields and replaces original scrape job name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config","items":{"description":"RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs","properties":{"action":{"description":"Action to perform based on regex matching. Default is 'replace'","type":"string"},"modulus":{"description":"Modulus to take of the hash of the source label values.","format":"int64","type":"integer"},"regex":{"description":"Regular expression against which the extracted value is matched. Default is '(.*)'","type":"string"},"replacement":{"description":"Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'","type":"string"},"separator":{"description":"Separator placed between concatenated source label values. default is ';'.","type":"string"},"sourceLabels":{"description":"The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.","items":{"type":"string"},"type":"array"},"targetLabel":{"description":"Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.","type":"string"}},"type":"object"},"type":"array"},"scheme":{"description":"HTTP scheme to use for scraping.","type":"string"},"scrapeTimeout":{"description":"Timeout after which the scrape is ended","type":"string"},"targetPort":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port.","x-kubernetes-int-or-string":true},"tlsConfig":{"description":"TLS configuration to use when scraping the endpoint","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"}},"type":"object"},"type":"array"},"jobLabel":{"description":"The label to use to retrieve the job name from.","type":"string"},"namespaceSelector":{"description":"Selector to select which namespaces the Endpoints objects are discovered from.","properties":{"any":{"description":"Boolean describing whether all namespaces are selected in contrast to a list restricting them.","type":"boolean"},"matchNames":{"description":"List of namespace names.","items":{"type":"string"},"type":"array"}},"type":"object"},"podTargetLabels":{"description":"PodTargetLabels transfers labels on the Kubernetes Pod onto the target.","items":{"type":"string"},"type":"array"},"sampleLimit":{"description":"SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.","format":"int64","type":"integer"},"selector":{"description":"Selector to select Endpoints objects.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"targetLabels":{"description":"TargetLabels transfers labels on the Kubernetes Service onto the target.","items":{"type":"string"},"type":"array"},"targetLimit":{"description":"TargetLimit defines a limit on the number of scraped targets that will be accepted.","format":"int64","type":"integer"}},"required":["endpoints","selector"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file diff --git a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/thanosruler-crd.libsonnet b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/thanosruler-crd.libsonnet index 807614b..4c5e8d4 100644 --- a/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/thanosruler-crd.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/thanosruler-crd.libsonnet @@ -1 +1 @@ -{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"thanosrulers.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"kind":"ThanosRuler","listKind":"ThanosRulerList","plural":"thanosrulers","singular":"thanosruler"},"scope":"Namespaced","versions":[{"name":"v1","schema":{"openAPIV3Schema":{"description":"ThanosRuler defines a ThanosRuler deployment.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"affinity":{"description":"If specified, the pod's scheduling constraints.","properties":{"nodeAffinity":{"description":"Describes node affinity scheduling rules for the pod.","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.","items":{"description":"An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).","properties":{"preference":{"description":"A node selector term, associated with the corresponding weight.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"weight":{"description":"Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["preference","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.","properties":{"nodeSelectorTerms":{"description":"Required. A list of node selector terms. The terms are ORed.","items":{"description":"A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"type":"array"}},"required":["nodeSelectorTerms"],"type":"object"}},"type":"object"},"podAffinity":{"description":"Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"},"podAntiAffinity":{"description":"Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"}},"type":"object"},"alertDropLabels":{"description":"AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default.","items":{"type":"string"},"type":"array"},"alertQueryUrl":{"description":"The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg.","type":"string"},"alertmanagersConfig":{"description":"Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"alertmanagersUrl":{"description":"Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg.","items":{"type":"string"},"type":"array"},"containers":{"description":"Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"enforcedNamespaceLabel":{"description":"EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.","type":"string"},"evaluationInterval":{"description":"Interval between consecutive evaluations.","type":"string"},"externalPrefix":{"description":"The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name.","type":"string"},"grpcServerTlsConfig":{"description":"GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"image":{"description":"Thanos container image URL.","type":"string"},"imagePullSecrets":{"description":"An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod","items":{"description":"LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"type":"array"},"initContainers":{"description":"InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"labels":{"additionalProperties":{"type":"string"},"description":"Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts.","type":"object"},"listenLocal":{"description":"ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP.","type":"boolean"},"logFormat":{"description":"Log format for ThanosRuler to be configured with.","type":"string"},"logLevel":{"description":"Log level for ThanosRuler to be configured with.","type":"string"},"nodeSelector":{"additionalProperties":{"type":"string"},"description":"Define which Nodes the Pods are scheduled on.","type":"object"},"objectStorageConfig":{"description":"ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"objectStorageConfigFile":{"description":"ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence.","type":"string"},"paused":{"description":"When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects.","type":"boolean"},"podMetadata":{"description":"PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"portName":{"description":"Port name used for the pods and governing service. This defaults to web","type":"string"},"priorityClassName":{"description":"Priority class assigned to the Pods","type":"string"},"prometheusRulesExcludedFromEnforce":{"description":"PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair","items":{"description":"PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics.","properties":{"ruleName":{"description":"RuleNamespace - name of excluded rule","type":"string"},"ruleNamespace":{"description":"RuleNamespace - namespace of excluded rule","type":"string"}},"required":["ruleName","ruleNamespace"],"type":"object"},"type":"array"},"queryConfig":{"description":"Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"queryEndpoints":{"description":"QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler.","items":{"type":"string"},"type":"array"},"replicas":{"description":"Number of thanos ruler instances to deploy.","format":"int32","type":"integer"},"resources":{"description":"Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"retention":{"description":"Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).","type":"string"},"routePrefix":{"description":"The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path.","type":"string"},"ruleNamespaceSelector":{"description":"Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"ruleSelector":{"description":"A label selector to select which PrometheusRules to mount for alerting and recording.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"securityContext":{"description":"SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.","properties":{"fsGroup":{"description":"A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume.","format":"int64","type":"integer"},"fsGroupChangePolicy":{"description":"fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified defaults to \"Always\".","type":"string"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"supplementalGroups":{"description":"A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.","items":{"format":"int64","type":"integer"},"type":"array"},"sysctls":{"description":"Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.","items":{"description":"Sysctl defines a kernel parameter to be set","properties":{"name":{"description":"Name of a property to set","type":"string"},"value":{"description":"Value of a property to set","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"serviceAccountName":{"description":"ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods.","type":"string"},"storage":{"description":"Storage spec to specify how storage shall be used.","properties":{"disableMountSubPath":{"description":"Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.","type":"boolean"},"emptyDir":{"description":"EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"volumeClaimTemplate":{"description":"A PVC spec to be used by the Prometheus StatefulSets.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"description":"EmbeddedMetadata contains metadata relevant to an EmbeddedResource.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"spec":{"description":"Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"dataSource":{"description":"This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.","properties":{"apiGroup":{"description":"APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.","type":"string"},"kind":{"description":"Kind is the type of resource being referenced","type":"string"},"name":{"description":"Name is the name of resource being referenced","type":"string"}},"required":["kind","name"],"type":"object"},"resources":{"description":"Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"selector":{"description":"A label query over volumes to consider for binding.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"storageClassName":{"description":"Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1","type":"string"},"volumeMode":{"description":"volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.","type":"string"},"volumeName":{"description":"VolumeName is the binding reference to the PersistentVolume backing this claim.","type":"string"}},"type":"object"},"status":{"description":"Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"capacity":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Represents the actual resources of the underlying volume.","type":"object"},"conditions":{"description":"Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.","items":{"description":"PersistentVolumeClaimCondition contails details about state of pvc","properties":{"lastProbeTime":{"description":"Last time we probed the condition.","format":"date-time","type":"string"},"lastTransitionTime":{"description":"Last time the condition transitioned from one status to another.","format":"date-time","type":"string"},"message":{"description":"Human-readable message indicating details about last transition.","type":"string"},"reason":{"description":"Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized.","type":"string"},"status":{"type":"string"},"type":{"description":"PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type","type":"string"}},"required":["status","type"],"type":"object"},"type":"array"},"phase":{"description":"Phase represents the current phase of PersistentVolumeClaim.","type":"string"}},"type":"object"}},"type":"object"}},"type":"object"},"tolerations":{"description":"If specified, the pod's tolerations.","items":{"description":"The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.","properties":{"effect":{"description":"Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.","type":"string"},"key":{"description":"Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.","type":"string"},"operator":{"description":"Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.","type":"string"},"tolerationSeconds":{"description":"TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.","format":"int64","type":"integer"},"value":{"description":"Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.","type":"string"}},"type":"object"},"type":"array"},"topologySpreadConstraints":{"description":"If specified, the pod's topology spread constraints.","items":{"description":"TopologySpreadConstraint specifies how to spread matching pods among the given topology.","properties":{"labelSelector":{"description":"LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"maxSkew":{"description":"MaxSkew describes the degree to which pods may be unevenly distributed. It's the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It's a required field. Default value is 1 and 0 is not allowed.","format":"int32","type":"integer"},"topologyKey":{"description":"TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.","type":"string"},"whenUnsatisfiable":{"description":"WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It's considered as \"Unsatisfiable\" if and only if placing incoming pod on any topology violates \"MaxSkew\". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.","type":"string"}},"required":["maxSkew","topologyKey","whenUnsatisfiable"],"type":"object"},"type":"array"},"tracingConfig":{"description":"TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"volumes":{"description":"Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.","items":{"description":"Volume represents a named volume in a pod that may be accessed by any container in the pod.","properties":{"awsElasticBlockStore":{"description":"AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).","format":"int32","type":"integer"},"readOnly":{"description":"Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"boolean"},"volumeID":{"description":"Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"string"}},"required":["volumeID"],"type":"object"},"azureDisk":{"description":"AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.","properties":{"cachingMode":{"description":"Host Caching mode: None, Read Only, Read Write.","type":"string"},"diskName":{"description":"The Name of the data disk in the blob storage","type":"string"},"diskURI":{"description":"The URI the data disk in the blob storage","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"kind":{"description":"Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"}},"required":["diskName","diskURI"],"type":"object"},"azureFile":{"description":"AzureFile represents an Azure File Service mount on the host and bind mount to the pod.","properties":{"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretName":{"description":"the name of secret that contains Azure Storage Account Name and Key","type":"string"},"shareName":{"description":"Share Name","type":"string"}},"required":["secretName","shareName"],"type":"object"},"cephfs":{"description":"CephFS represents a Ceph FS mount on the host that shares a pod's lifetime","properties":{"monitors":{"description":"Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"path":{"description":"Optional: Used as the mounted root, rather than the full Ceph tree, default is /","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"boolean"},"secretFile":{"description":"Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"},"secretRef":{"description":"Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"}},"required":["monitors"],"type":"object"},"cinder":{"description":"Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"boolean"},"secretRef":{"description":"Optional: points to a secret object containing parameters used to connect to OpenStack.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeID":{"description":"volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"}},"required":["volumeID"],"type":"object"},"configMap":{"description":"ConfigMap represents a configMap that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"csi":{"description":"CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).","properties":{"driver":{"description":"Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.","type":"string"},"fsType":{"description":"Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.","type":"string"},"nodePublishSecretRef":{"description":"NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"readOnly":{"description":"Specifies a read-only configuration for the volume. Defaults to false (read/write).","type":"boolean"},"volumeAttributes":{"additionalProperties":{"type":"string"},"description":"VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.","type":"object"}},"required":["driver"],"type":"object"},"downwardAPI":{"description":"DownwardAPI represents downward API about the pod that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"Items is a list of downward API volume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"emptyDir":{"description":"EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"fc":{"description":"FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"lun":{"description":"Optional: FC target lun number","format":"int32","type":"integer"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"targetWWNs":{"description":"Optional: FC target worldwide names (WWNs)","items":{"type":"string"},"type":"array"},"wwids":{"description":"Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.","items":{"type":"string"},"type":"array"}},"type":"object"},"flexVolume":{"description":"FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.","properties":{"driver":{"description":"Driver is the name of the driver to use for this volume.","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.","type":"string"},"options":{"additionalProperties":{"type":"string"},"description":"Optional: Extra command options if any.","type":"object"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"}},"required":["driver"],"type":"object"},"flocker":{"description":"Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running","properties":{"datasetName":{"description":"Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated","type":"string"},"datasetUUID":{"description":"UUID of the dataset. This is unique identifier of a Flocker dataset","type":"string"}},"type":"object"},"gcePersistentDisk":{"description":"GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","format":"int32","type":"integer"},"pdName":{"description":"Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"boolean"}},"required":["pdName"],"type":"object"},"gitRepo":{"description":"GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.","properties":{"directory":{"description":"Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.","type":"string"},"repository":{"description":"Repository URL","type":"string"},"revision":{"description":"Commit hash for the specified revision.","type":"string"}},"required":["repository"],"type":"object"},"glusterfs":{"description":"Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md","properties":{"endpoints":{"description":"EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"path":{"description":"Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"readOnly":{"description":"ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"boolean"}},"required":["endpoints","path"],"type":"object"},"hostPath":{"description":"HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.","properties":{"path":{"description":"Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"},"type":{"description":"Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"}},"required":["path"],"type":"object"},"iscsi":{"description":"ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md","properties":{"chapAuthDiscovery":{"description":"whether support iSCSI Discovery CHAP authentication","type":"boolean"},"chapAuthSession":{"description":"whether support iSCSI Session CHAP authentication","type":"boolean"},"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"initiatorName":{"description":"Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.","type":"string"},"iqn":{"description":"Target iSCSI Qualified Name.","type":"string"},"iscsiInterface":{"description":"iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).","type":"string"},"lun":{"description":"iSCSI Target Lun number.","format":"int32","type":"integer"},"portals":{"description":"iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","items":{"type":"string"},"type":"array"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.","type":"boolean"},"secretRef":{"description":"CHAP Secret for iSCSI target and initiator authentication","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"targetPortal":{"description":"iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","type":"string"}},"required":["iqn","lun","targetPortal"],"type":"object"},"name":{"description":"Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"nfs":{"description":"NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","properties":{"path":{"description":"Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"},"readOnly":{"description":"ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"boolean"},"server":{"description":"Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"}},"required":["path","server"],"type":"object"},"persistentVolumeClaim":{"description":"PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"claimName":{"description":"ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","type":"string"},"readOnly":{"description":"Will force the ReadOnly setting in VolumeMounts. Default false.","type":"boolean"}},"required":["claimName"],"type":"object"},"photonPersistentDisk":{"description":"PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"pdID":{"description":"ID that identifies Photon Controller persistent disk","type":"string"}},"required":["pdID"],"type":"object"},"portworxVolume":{"description":"PortworxVolume represents a portworx volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"volumeID":{"description":"VolumeID uniquely identifies a Portworx volume","type":"string"}},"required":["volumeID"],"type":"object"},"projected":{"description":"Items for all in one resources secrets, configmaps, and downward API","properties":{"defaultMode":{"description":"Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"sources":{"description":"list of volume projections","items":{"description":"Projection that may be projected along with other supported volume types","properties":{"configMap":{"description":"information about the configMap data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"downwardAPI":{"description":"information about the downwardAPI data to project","properties":{"items":{"description":"Items is a list of DownwardAPIVolume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"secret":{"description":"information about the secret data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"type":"object"},"serviceAccountToken":{"description":"information about the serviceAccountToken data to project","properties":{"audience":{"description":"Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.","type":"string"},"expirationSeconds":{"description":"ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.","format":"int64","type":"integer"},"path":{"description":"Path is the path relative to the mount point of the file to project the token into.","type":"string"}},"required":["path"],"type":"object"}},"type":"object"},"type":"array"}},"required":["sources"],"type":"object"},"quobyte":{"description":"Quobyte represents a Quobyte mount on the host that shares a pod's lifetime","properties":{"group":{"description":"Group to map volume access to Default is no group","type":"string"},"readOnly":{"description":"ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.","type":"boolean"},"registry":{"description":"Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes","type":"string"},"tenant":{"description":"Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin","type":"string"},"user":{"description":"User to map volume access to Defaults to serivceaccount user","type":"string"},"volume":{"description":"Volume is a string that references an already created Quobyte volume by name.","type":"string"}},"required":["registry","volume"],"type":"object"},"rbd":{"description":"RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"image":{"description":"The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"keyring":{"description":"Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"monitors":{"description":"A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"pool":{"description":"The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"boolean"},"secretRef":{"description":"SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"}},"required":["image","monitors"],"type":"object"},"scaleIO":{"description":"ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".","type":"string"},"gateway":{"description":"The host address of the ScaleIO API Gateway.","type":"string"},"protectionDomain":{"description":"The name of the ScaleIO Protection Domain for the configured storage.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"sslEnabled":{"description":"Flag to enable/disable SSL communication with Gateway, default false","type":"boolean"},"storageMode":{"description":"Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.","type":"string"},"storagePool":{"description":"The ScaleIO Storage Pool associated with the protection domain.","type":"string"},"system":{"description":"The name of the storage system as configured in ScaleIO.","type":"string"},"volumeName":{"description":"The name of a volume already created in the ScaleIO system that is associated with this volume source.","type":"string"}},"required":["gateway","secretRef","system"],"type":"object"},"secret":{"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"optional":{"description":"Specify whether the Secret or its keys must be defined","type":"boolean"},"secretName":{"description":"Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","type":"string"}},"type":"object"},"storageos":{"description":"StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeName":{"description":"VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.","type":"string"},"volumeNamespace":{"description":"VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.","type":"string"}},"type":"object"},"vsphereVolume":{"description":"VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"storagePolicyID":{"description":"Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.","type":"string"},"storagePolicyName":{"description":"Storage Policy Based Management (SPBM) profile name.","type":"string"},"volumePath":{"description":"Path that identifies vSphere volume vmdk","type":"string"}},"required":["volumePath"],"type":"object"}},"required":["name"],"type":"object"},"type":"array"}},"type":"object"},"status":{"description":"Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"availableReplicas":{"description":"Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment.","format":"int32","type":"integer"},"paused":{"description":"Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.","type":"boolean"},"replicas":{"description":"Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector).","format":"int32","type":"integer"},"unavailableReplicas":{"description":"Total number of unavailable pods targeted by this ThanosRuler deployment.","format":"int32","type":"integer"},"updatedReplicas":{"description":"Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec.","format":"int32","type":"integer"}},"required":["availableReplicas","paused","replicas","unavailableReplicas","updatedReplicas"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file +{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.4.1"},"creationTimestamp":null,"name":"thanosrulers.monitoring.coreos.com"},"spec":{"group":"monitoring.coreos.com","names":{"categories":["prometheus-operator"],"kind":"ThanosRuler","listKind":"ThanosRulerList","plural":"thanosrulers","singular":"thanosruler"},"scope":"Namespaced","versions":[{"name":"v1","schema":{"openAPIV3Schema":{"description":"ThanosRuler defines a ThanosRuler deployment.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"affinity":{"description":"If specified, the pod's scheduling constraints.","properties":{"nodeAffinity":{"description":"Describes node affinity scheduling rules for the pod.","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.","items":{"description":"An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).","properties":{"preference":{"description":"A node selector term, associated with the corresponding weight.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"weight":{"description":"Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["preference","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.","properties":{"nodeSelectorTerms":{"description":"Required. A list of node selector terms. The terms are ORed.","items":{"description":"A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.","properties":{"matchExpressions":{"description":"A list of node selector requirements by node's labels.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchFields":{"description":"A list of node selector requirements by node's fields.","items":{"description":"A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"The label key that the selector applies to.","type":"string"},"operator":{"description":"Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.","type":"string"},"values":{"description":"An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"}},"type":"object"},"type":"array"}},"required":["nodeSelectorTerms"],"type":"object"}},"type":"object"},"podAffinity":{"description":"Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"},"podAntiAffinity":{"description":"Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).","properties":{"preferredDuringSchedulingIgnoredDuringExecution":{"description":"The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.","items":{"description":"The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)","properties":{"podAffinityTerm":{"description":"Required. A pod affinity term, associated with the corresponding weight.","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"weight":{"description":"weight associated with matching the corresponding podAffinityTerm, in the range 1-100.","format":"int32","type":"integer"}},"required":["podAffinityTerm","weight"],"type":"object"},"type":"array"},"requiredDuringSchedulingIgnoredDuringExecution":{"description":"If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.","items":{"description":"Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running","properties":{"labelSelector":{"description":"A label query over a set of resources, in this case pods.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"namespaces":{"description":"namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"","items":{"type":"string"},"type":"array"},"topologyKey":{"description":"This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.","type":"string"}},"required":["topologyKey"],"type":"object"},"type":"array"}},"type":"object"}},"type":"object"},"alertDropLabels":{"description":"AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default.","items":{"type":"string"},"type":"array"},"alertQueryUrl":{"description":"The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg.","type":"string"},"alertmanagersConfig":{"description":"Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"alertmanagersUrl":{"description":"Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg.","items":{"type":"string"},"type":"array"},"containers":{"description":"Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"enforcedNamespaceLabel":{"description":"EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.","type":"string"},"evaluationInterval":{"description":"Interval between consecutive evaluations.","type":"string"},"externalPrefix":{"description":"The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name.","type":"string"},"grpcServerTlsConfig":{"description":"GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args.","properties":{"ca":{"description":"Struct containing the CA cert to use for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"caFile":{"description":"Path to the CA cert in the Prometheus container to use for the targets.","type":"string"},"cert":{"description":"Struct containing the client cert file for the targets.","properties":{"configMap":{"description":"ConfigMap containing data to use for the targets.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"secret":{"description":"Secret containing data to use for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"},"certFile":{"description":"Path to the client cert file in the Prometheus container for the targets.","type":"string"},"insecureSkipVerify":{"description":"Disable target certificate validation.","type":"boolean"},"keyFile":{"description":"Path to the client key file in the Prometheus container for the targets.","type":"string"},"keySecret":{"description":"Secret containing the client key file for the targets.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"serverName":{"description":"Used to verify the hostname for the targets.","type":"string"}},"type":"object"},"image":{"description":"Thanos container image URL.","type":"string"},"imagePullSecrets":{"description":"An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod","items":{"description":"LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"type":"array"},"initContainers":{"description":"InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.","items":{"description":"A single application container that you want to run within a pod.","properties":{"args":{"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"command":{"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","items":{"type":"string"},"type":"array"},"env":{"description":"List of environment variables to set in the container. Cannot be updated.","items":{"description":"EnvVar represents an environment variable present in a Container.","properties":{"name":{"description":"Name of the environment variable. Must be a C_IDENTIFIER.","type":"string"},"value":{"description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".","type":"string"},"valueFrom":{"description":"Source for the environment variable's value. Cannot be used if value is not empty.","properties":{"configMapKeyRef":{"description":"Selects a key of a ConfigMap.","properties":{"key":{"description":"The key to select.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"fieldRef":{"description":"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"},"secretKeyRef":{"description":"Selects a key of a secret in the pod's namespace","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"}},"type":"object"}},"required":["name"],"type":"object"},"type":"array"},"envFrom":{"description":"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.","items":{"description":"EnvFromSource represents the source of a set of ConfigMaps","properties":{"configMapRef":{"description":"The ConfigMap to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap must be defined","type":"boolean"}},"type":"object"},"prefix":{"description":"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.","type":"string"},"secretRef":{"description":"The Secret to select from","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret must be defined","type":"boolean"}},"type":"object"}},"type":"object"},"type":"array"},"image":{"description":"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.","type":"string"},"imagePullPolicy":{"description":"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images","type":"string"},"lifecycle":{"description":"Actions that the management system should take in response to container lifecycle events. Cannot be updated.","properties":{"postStart":{"description":"PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"},"preStop":{"description":"PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"}},"type":"object"}},"type":"object"},"livenessProbe":{"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"name":{"description":"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.","type":"string"},"ports":{"description":"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.","items":{"description":"ContainerPort represents a network port in a single container.","properties":{"containerPort":{"description":"Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.","format":"int32","type":"integer"},"hostIP":{"description":"What host IP to bind the external port to.","type":"string"},"hostPort":{"description":"Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.","format":"int32","type":"integer"},"name":{"description":"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.","type":"string"},"protocol":{"default":"TCP","description":"Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".","type":"string"}},"required":["containerPort"],"type":"object"},"type":"array","x-kubernetes-list-map-keys":["containerPort","protocol"],"x-kubernetes-list-type":"map"},"readinessProbe":{"description":"Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"resources":{"description":"Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"securityContext":{"description":"Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","properties":{"allowPrivilegeEscalation":{"description":"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN","type":"boolean"},"capabilities":{"description":"The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.","properties":{"add":{"description":"Added capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"},"drop":{"description":"Removed capabilities","items":{"description":"Capability represent POSIX capabilities type","type":"string"},"type":"array"}},"type":"object"},"privileged":{"description":"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.","type":"boolean"},"procMount":{"description":"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.","type":"string"},"readOnlyRootFilesystem":{"description":"Whether this container has a read-only root filesystem. Default is false.","type":"boolean"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"startupProbe":{"description":"StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","properties":{"exec":{"description":"One and only one of the following should be specified. Exec specifies the action to take.","properties":{"command":{"description":"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.","items":{"type":"string"},"type":"array"}},"type":"object"},"failureThreshold":{"description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","format":"int32","type":"integer"},"httpGet":{"description":"HTTPGet specifies the http request to perform.","properties":{"host":{"description":"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.","type":"string"},"httpHeaders":{"description":"Custom headers to set in the request. HTTP allows repeated headers.","items":{"description":"HTTPHeader describes a custom header to be used in HTTP probes","properties":{"name":{"description":"The header field name","type":"string"},"value":{"description":"The header field value","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"path":{"description":"Path to access on the HTTP server.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true},"scheme":{"description":"Scheme to use for connecting to the host. Defaults to HTTP.","type":"string"}},"required":["port"],"type":"object"},"initialDelaySeconds":{"description":"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"},"periodSeconds":{"description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.","format":"int32","type":"integer"},"successThreshold":{"description":"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.","format":"int32","type":"integer"},"tcpSocket":{"description":"TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook","properties":{"host":{"description":"Optional: Host name to connect to, defaults to the pod IP.","type":"string"},"port":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.","x-kubernetes-int-or-string":true}},"required":["port"],"type":"object"},"timeoutSeconds":{"description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","format":"int32","type":"integer"}},"type":"object"},"stdin":{"description":"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.","type":"boolean"},"stdinOnce":{"description":"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false","type":"boolean"},"terminationMessagePath":{"description":"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.","type":"string"},"terminationMessagePolicy":{"description":"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.","type":"string"},"tty":{"description":"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.","type":"boolean"},"volumeDevices":{"description":"volumeDevices is the list of block devices to be used by the container.","items":{"description":"volumeDevice describes a mapping of a raw block device within a container.","properties":{"devicePath":{"description":"devicePath is the path inside of the container that the device will be mapped to.","type":"string"},"name":{"description":"name must match the name of a persistentVolumeClaim in the pod","type":"string"}},"required":["devicePath","name"],"type":"object"},"type":"array"},"volumeMounts":{"description":"Pod volumes to mount into the container's filesystem. Cannot be updated.","items":{"description":"VolumeMount describes a mounting of a Volume within a container.","properties":{"mountPath":{"description":"Path within the container at which the volume should be mounted. Must not contain ':'.","type":"string"},"mountPropagation":{"description":"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.","type":"string"},"name":{"description":"This must match the Name of a Volume.","type":"string"},"readOnly":{"description":"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.","type":"boolean"},"subPath":{"description":"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).","type":"string"},"subPathExpr":{"description":"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.","type":"string"}},"required":["mountPath","name"],"type":"object"},"type":"array"},"workingDir":{"description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.","type":"string"}},"required":["name"],"type":"object"},"type":"array"},"labels":{"additionalProperties":{"type":"string"},"description":"Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts.","type":"object"},"listenLocal":{"description":"ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP.","type":"boolean"},"logFormat":{"description":"Log format for ThanosRuler to be configured with.","type":"string"},"logLevel":{"description":"Log level for ThanosRuler to be configured with.","type":"string"},"nodeSelector":{"additionalProperties":{"type":"string"},"description":"Define which Nodes the Pods are scheduled on.","type":"object"},"objectStorageConfig":{"description":"ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"objectStorageConfigFile":{"description":"ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence.","type":"string"},"paused":{"description":"When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects.","type":"boolean"},"podMetadata":{"description":"PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"portName":{"description":"Port name used for the pods and governing service. This defaults to web","type":"string"},"priorityClassName":{"description":"Priority class assigned to the Pods","type":"string"},"prometheusRulesExcludedFromEnforce":{"description":"PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair","items":{"description":"PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics.","properties":{"ruleName":{"description":"RuleNamespace - name of excluded rule","type":"string"},"ruleNamespace":{"description":"RuleNamespace - namespace of excluded rule","type":"string"}},"required":["ruleName","ruleNamespace"],"type":"object"},"type":"array"},"queryConfig":{"description":"Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"queryEndpoints":{"description":"QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler.","items":{"type":"string"},"type":"array"},"replicas":{"description":"Number of thanos ruler instances to deploy.","format":"int32","type":"integer"},"resources":{"description":"Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"retention":{"description":"Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).","type":"string"},"routePrefix":{"description":"The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path.","type":"string"},"ruleNamespaceSelector":{"description":"Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"ruleSelector":{"description":"A label selector to select which PrometheusRules to mount for alerting and recording.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"securityContext":{"description":"SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.","properties":{"fsGroup":{"description":"A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume.","format":"int64","type":"integer"},"fsGroupChangePolicy":{"description":"fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified defaults to \"Always\".","type":"string"},"runAsGroup":{"description":"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"runAsNonRoot":{"description":"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"boolean"},"runAsUser":{"description":"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","format":"int64","type":"integer"},"seLinuxOptions":{"description":"The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.","properties":{"level":{"description":"Level is SELinux level label that applies to the container.","type":"string"},"role":{"description":"Role is a SELinux role label that applies to the container.","type":"string"},"type":{"description":"Type is a SELinux type label that applies to the container.","type":"string"},"user":{"description":"User is a SELinux user label that applies to the container.","type":"string"}},"type":"object"},"supplementalGroups":{"description":"A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.","items":{"format":"int64","type":"integer"},"type":"array"},"sysctls":{"description":"Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.","items":{"description":"Sysctl defines a kernel parameter to be set","properties":{"name":{"description":"Name of a property to set","type":"string"},"value":{"description":"Value of a property to set","type":"string"}},"required":["name","value"],"type":"object"},"type":"array"},"windowsOptions":{"description":"The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","properties":{"gmsaCredentialSpec":{"description":"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.","type":"string"},"gmsaCredentialSpecName":{"description":"GMSACredentialSpecName is the name of the GMSA credential spec to use.","type":"string"},"runAsUserName":{"description":"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.","type":"string"}},"type":"object"}},"type":"object"},"serviceAccountName":{"description":"ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods.","type":"string"},"storage":{"description":"Storage spec to specify how storage shall be used.","properties":{"disableMountSubPath":{"description":"Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.","type":"boolean"},"emptyDir":{"description":"EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"volumeClaimTemplate":{"description":"A PVC spec to be used by the Prometheus StatefulSets.","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"description":"EmbeddedMetadata contains metadata relevant to an EmbeddedResource.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations","type":"object"},"labels":{"additionalProperties":{"type":"string"},"description":"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels","type":"object"},"name":{"description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","type":"string"}},"type":"object"},"spec":{"description":"Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"dataSource":{"description":"This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.","properties":{"apiGroup":{"description":"APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.","type":"string"},"kind":{"description":"Kind is the type of resource being referenced","type":"string"},"name":{"description":"Name is the name of resource being referenced","type":"string"}},"required":["kind","name"],"type":"object"},"resources":{"description":"Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","properties":{"limits":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"},"requests":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/","type":"object"}},"type":"object"},"selector":{"description":"A label query over volumes to consider for binding.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"storageClassName":{"description":"Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1","type":"string"},"volumeMode":{"description":"volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.","type":"string"},"volumeName":{"description":"VolumeName is the binding reference to the PersistentVolume backing this claim.","type":"string"}},"type":"object"},"status":{"description":"Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"accessModes":{"description":"AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1","items":{"type":"string"},"type":"array"},"capacity":{"additionalProperties":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"description":"Represents the actual resources of the underlying volume.","type":"object"},"conditions":{"description":"Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.","items":{"description":"PersistentVolumeClaimCondition contails details about state of pvc","properties":{"lastProbeTime":{"description":"Last time we probed the condition.","format":"date-time","type":"string"},"lastTransitionTime":{"description":"Last time the condition transitioned from one status to another.","format":"date-time","type":"string"},"message":{"description":"Human-readable message indicating details about last transition.","type":"string"},"reason":{"description":"Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized.","type":"string"},"status":{"type":"string"},"type":{"description":"PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type","type":"string"}},"required":["status","type"],"type":"object"},"type":"array"},"phase":{"description":"Phase represents the current phase of PersistentVolumeClaim.","type":"string"}},"type":"object"}},"type":"object"}},"type":"object"},"tolerations":{"description":"If specified, the pod's tolerations.","items":{"description":"The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.","properties":{"effect":{"description":"Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.","type":"string"},"key":{"description":"Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.","type":"string"},"operator":{"description":"Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.","type":"string"},"tolerationSeconds":{"description":"TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.","format":"int64","type":"integer"},"value":{"description":"Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.","type":"string"}},"type":"object"},"type":"array"},"topologySpreadConstraints":{"description":"If specified, the pod's topology spread constraints.","items":{"description":"TopologySpreadConstraint specifies how to spread matching pods among the given topology.","properties":{"labelSelector":{"description":"LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.","properties":{"matchExpressions":{"description":"matchExpressions is a list of label selector requirements. The requirements are ANDed.","items":{"description":"A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.","properties":{"key":{"description":"key is the label key that the selector applies to.","type":"string"},"operator":{"description":"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.","type":"string"},"values":{"description":"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.","items":{"type":"string"},"type":"array"}},"required":["key","operator"],"type":"object"},"type":"array"},"matchLabels":{"additionalProperties":{"type":"string"},"description":"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.","type":"object"}},"type":"object"},"maxSkew":{"description":"MaxSkew describes the degree to which pods may be unevenly distributed. It's the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It's a required field. Default value is 1 and 0 is not allowed.","format":"int32","type":"integer"},"topologyKey":{"description":"TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.","type":"string"},"whenUnsatisfiable":{"description":"WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It's considered as \"Unsatisfiable\" if and only if placing incoming pod on any topology violates \"MaxSkew\". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.","type":"string"}},"required":["maxSkew","topologyKey","whenUnsatisfiable"],"type":"object"},"type":"array"},"tracingConfig":{"description":"TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way.","properties":{"key":{"description":"The key of the secret to select from. Must be a valid secret key.","type":"string"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"required":["key"],"type":"object"},"volumes":{"description":"Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.","items":{"description":"Volume represents a named volume in a pod that may be accessed by any container in the pod.","properties":{"awsElasticBlockStore":{"description":"AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).","format":"int32","type":"integer"},"readOnly":{"description":"Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"boolean"},"volumeID":{"description":"Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore","type":"string"}},"required":["volumeID"],"type":"object"},"azureDisk":{"description":"AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.","properties":{"cachingMode":{"description":"Host Caching mode: None, Read Only, Read Write.","type":"string"},"diskName":{"description":"The Name of the data disk in the blob storage","type":"string"},"diskURI":{"description":"The URI the data disk in the blob storage","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"kind":{"description":"Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"}},"required":["diskName","diskURI"],"type":"object"},"azureFile":{"description":"AzureFile represents an Azure File Service mount on the host and bind mount to the pod.","properties":{"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretName":{"description":"the name of secret that contains Azure Storage Account Name and Key","type":"string"},"shareName":{"description":"Share Name","type":"string"}},"required":["secretName","shareName"],"type":"object"},"cephfs":{"description":"CephFS represents a Ceph FS mount on the host that shares a pod's lifetime","properties":{"monitors":{"description":"Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"path":{"description":"Optional: Used as the mounted root, rather than the full Ceph tree, default is /","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"boolean"},"secretFile":{"description":"Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"},"secretRef":{"description":"Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it","type":"string"}},"required":["monitors"],"type":"object"},"cinder":{"description":"Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"boolean"},"secretRef":{"description":"Optional: points to a secret object containing parameters used to connect to OpenStack.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeID":{"description":"volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md","type":"string"}},"required":["volumeID"],"type":"object"},"configMap":{"description":"ConfigMap represents a configMap that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"csi":{"description":"CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).","properties":{"driver":{"description":"Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.","type":"string"},"fsType":{"description":"Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.","type":"string"},"nodePublishSecretRef":{"description":"NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"readOnly":{"description":"Specifies a read-only configuration for the volume. Defaults to false (read/write).","type":"boolean"},"volumeAttributes":{"additionalProperties":{"type":"string"},"description":"VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.","type":"object"}},"required":["driver"],"type":"object"},"downwardAPI":{"description":"DownwardAPI represents downward API about the pod that should populate this volume","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"Items is a list of downward API volume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"emptyDir":{"description":"EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","properties":{"medium":{"description":"What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir","type":"string"},"sizeLimit":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true}},"type":"object"},"fc":{"description":"FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"lun":{"description":"Optional: FC target lun number","format":"int32","type":"integer"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"targetWWNs":{"description":"Optional: FC target worldwide names (WWNs)","items":{"type":"string"},"type":"array"},"wwids":{"description":"Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.","items":{"type":"string"},"type":"array"}},"type":"object"},"flexVolume":{"description":"FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.","properties":{"driver":{"description":"Driver is the name of the driver to use for this volume.","type":"string"},"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.","type":"string"},"options":{"additionalProperties":{"type":"string"},"description":"Optional: Extra command options if any.","type":"object"},"readOnly":{"description":"Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"}},"required":["driver"],"type":"object"},"flocker":{"description":"Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running","properties":{"datasetName":{"description":"Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated","type":"string"},"datasetUUID":{"description":"UUID of the dataset. This is unique identifier of a Flocker dataset","type":"string"}},"type":"object"},"gcePersistentDisk":{"description":"GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"partition":{"description":"The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","format":"int32","type":"integer"},"pdName":{"description":"Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk","type":"boolean"}},"required":["pdName"],"type":"object"},"gitRepo":{"description":"GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.","properties":{"directory":{"description":"Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.","type":"string"},"repository":{"description":"Repository URL","type":"string"},"revision":{"description":"Commit hash for the specified revision.","type":"string"}},"required":["repository"],"type":"object"},"glusterfs":{"description":"Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md","properties":{"endpoints":{"description":"EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"path":{"description":"Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"string"},"readOnly":{"description":"ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod","type":"boolean"}},"required":["endpoints","path"],"type":"object"},"hostPath":{"description":"HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.","properties":{"path":{"description":"Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"},"type":{"description":"Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath","type":"string"}},"required":["path"],"type":"object"},"iscsi":{"description":"ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md","properties":{"chapAuthDiscovery":{"description":"whether support iSCSI Discovery CHAP authentication","type":"boolean"},"chapAuthSession":{"description":"whether support iSCSI Session CHAP authentication","type":"boolean"},"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"initiatorName":{"description":"Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.","type":"string"},"iqn":{"description":"Target iSCSI Qualified Name.","type":"string"},"iscsiInterface":{"description":"iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).","type":"string"},"lun":{"description":"iSCSI Target Lun number.","format":"int32","type":"integer"},"portals":{"description":"iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","items":{"type":"string"},"type":"array"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.","type":"boolean"},"secretRef":{"description":"CHAP Secret for iSCSI target and initiator authentication","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"targetPortal":{"description":"iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).","type":"string"}},"required":["iqn","lun","targetPortal"],"type":"object"},"name":{"description":"Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","type":"string"},"nfs":{"description":"NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","properties":{"path":{"description":"Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"},"readOnly":{"description":"ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"boolean"},"server":{"description":"Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs","type":"string"}},"required":["path","server"],"type":"object"},"persistentVolumeClaim":{"description":"PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","properties":{"claimName":{"description":"ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims","type":"string"},"readOnly":{"description":"Will force the ReadOnly setting in VolumeMounts. Default false.","type":"boolean"}},"required":["claimName"],"type":"object"},"photonPersistentDisk":{"description":"PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"pdID":{"description":"ID that identifies Photon Controller persistent disk","type":"string"}},"required":["pdID"],"type":"object"},"portworxVolume":{"description":"PortworxVolume represents a portworx volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"volumeID":{"description":"VolumeID uniquely identifies a Portworx volume","type":"string"}},"required":["volumeID"],"type":"object"},"projected":{"description":"Items for all in one resources secrets, configmaps, and downward API","properties":{"defaultMode":{"description":"Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"sources":{"description":"list of volume projections","items":{"description":"Projection that may be projected along with other supported volume types","properties":{"configMap":{"description":"information about the configMap data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the ConfigMap or its keys must be defined","type":"boolean"}},"type":"object"},"downwardAPI":{"description":"information about the downwardAPI data to project","properties":{"items":{"description":"Items is a list of DownwardAPIVolume file","items":{"description":"DownwardAPIVolumeFile represents information to create the file containing the pod field","properties":{"fieldRef":{"description":"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.","properties":{"apiVersion":{"description":"Version of the schema the FieldPath is written in terms of, defaults to \"v1\".","type":"string"},"fieldPath":{"description":"Path of the field to select in the specified API version.","type":"string"}},"required":["fieldPath"],"type":"object"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'","type":"string"},"resourceFieldRef":{"description":"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.","properties":{"containerName":{"description":"Container name: required for volumes, optional for env vars","type":"string"},"divisor":{"anyOf":[{"type":"integer"},{"type":"string"}],"description":"Specifies the output format of the exposed resources, defaults to \"1\"","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","x-kubernetes-int-or-string":true},"resource":{"description":"Required: resource to select","type":"string"}},"required":["resource"],"type":"object"}},"required":["path"],"type":"object"},"type":"array"}},"type":"object"},"secret":{"description":"information about the secret data to project","properties":{"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"},"optional":{"description":"Specify whether the Secret or its key must be defined","type":"boolean"}},"type":"object"},"serviceAccountToken":{"description":"information about the serviceAccountToken data to project","properties":{"audience":{"description":"Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.","type":"string"},"expirationSeconds":{"description":"ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.","format":"int64","type":"integer"},"path":{"description":"Path is the path relative to the mount point of the file to project the token into.","type":"string"}},"required":["path"],"type":"object"}},"type":"object"},"type":"array"}},"required":["sources"],"type":"object"},"quobyte":{"description":"Quobyte represents a Quobyte mount on the host that shares a pod's lifetime","properties":{"group":{"description":"Group to map volume access to Default is no group","type":"string"},"readOnly":{"description":"ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.","type":"boolean"},"registry":{"description":"Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes","type":"string"},"tenant":{"description":"Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin","type":"string"},"user":{"description":"User to map volume access to Defaults to serivceaccount user","type":"string"},"volume":{"description":"Volume is a string that references an already created Quobyte volume by name.","type":"string"}},"required":["registry","volume"],"type":"object"},"rbd":{"description":"RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md","properties":{"fsType":{"description":"Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine","type":"string"},"image":{"description":"The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"keyring":{"description":"Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"monitors":{"description":"A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","items":{"type":"string"},"type":"array"},"pool":{"description":"The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"},"readOnly":{"description":"ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"boolean"},"secretRef":{"description":"SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"user":{"description":"The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it","type":"string"}},"required":["image","monitors"],"type":"object"},"scaleIO":{"description":"ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".","type":"string"},"gateway":{"description":"The host address of the ScaleIO API Gateway.","type":"string"},"protectionDomain":{"description":"The name of the ScaleIO Protection Domain for the configured storage.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"sslEnabled":{"description":"Flag to enable/disable SSL communication with Gateway, default false","type":"boolean"},"storageMode":{"description":"Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.","type":"string"},"storagePool":{"description":"The ScaleIO Storage Pool associated with the protection domain.","type":"string"},"system":{"description":"The name of the storage system as configured in ScaleIO.","type":"string"},"volumeName":{"description":"The name of a volume already created in the ScaleIO system that is associated with this volume source.","type":"string"}},"required":["gateway","secretRef","system"],"type":"object"},"secret":{"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","properties":{"defaultMode":{"description":"Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"items":{"description":"If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.","items":{"description":"Maps a string key to a path within a volume.","properties":{"key":{"description":"The key to project.","type":"string"},"mode":{"description":"Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.","format":"int32","type":"integer"},"path":{"description":"The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.","type":"string"}},"required":["key","path"],"type":"object"},"type":"array"},"optional":{"description":"Specify whether the Secret or its keys must be defined","type":"boolean"},"secretName":{"description":"Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","type":"string"}},"type":"object"},"storageos":{"description":"StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"readOnly":{"description":"Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.","type":"boolean"},"secretRef":{"description":"SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.","properties":{"name":{"description":"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?","type":"string"}},"type":"object"},"volumeName":{"description":"VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.","type":"string"},"volumeNamespace":{"description":"VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.","type":"string"}},"type":"object"},"vsphereVolume":{"description":"VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine","properties":{"fsType":{"description":"Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.","type":"string"},"storagePolicyID":{"description":"Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.","type":"string"},"storagePolicyName":{"description":"Storage Policy Based Management (SPBM) profile name.","type":"string"},"volumePath":{"description":"Path that identifies vSphere volume vmdk","type":"string"}},"required":["volumePath"],"type":"object"}},"required":["name"],"type":"object"},"type":"array"}},"type":"object"},"status":{"description":"Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status","properties":{"availableReplicas":{"description":"Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment.","format":"int32","type":"integer"},"paused":{"description":"Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.","type":"boolean"},"replicas":{"description":"Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector).","format":"int32","type":"integer"},"unavailableReplicas":{"description":"Total number of unavailable pods targeted by this ThanosRuler deployment.","format":"int32","type":"integer"},"updatedReplicas":{"description":"Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec.","format":"int32","type":"integer"}},"required":["availableReplicas","paused","replicas","unavailableReplicas","updatedReplicas"],"type":"object"}},"required":["spec"],"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} \ No newline at end of file diff --git a/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/alerts.libsonnet b/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/alerts.libsonnet index eb57ace..a60428a 100644 --- a/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/alerts.libsonnet +++ b/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/alerts.libsonnet @@ -60,10 +60,10 @@ { alert: 'AlertmanagerClusterFailedToSendAlerts', expr: ||| - min by (%(alertmanagerClusterLabels)s) ( - rate(alertmanager_notifications_failed_total{%(alertmanagerSelector)s}[5m]) + min by (%(alertmanagerClusterLabels)s, integration) ( + rate(alertmanager_notifications_failed_total{%(alertmanagerSelector)s, integration=~`%(alertmanagerCriticalIntegrationsRegEx)s`}[5m]) / - rate(alertmanager_notifications_total{%(alertmanagerSelector)s}[5m]) + rate(alertmanager_notifications_total{%(alertmanagerSelector)s, integration=~`%(alertmanagerCriticalIntegrationsRegEx)s`}[5m]) ) > 0.01 ||| % $._config, @@ -72,7 +72,26 @@ severity: 'critical', }, annotations: { - summary: 'All Alertmanager instances in a cluster failed to send notifications.', + summary: 'All Alertmanager instances in a cluster failed to send notifications to a critical integration.', + description: 'The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the %(alertmanagerClusterName)s cluster is {{ $value | humanizePercentage }}.' % $._config, + }, + }, + { + alert: 'AlertmanagerClusterFailedToSendAlerts', + expr: ||| + min by (%(alertmanagerClusterLabels)s, integration) ( + rate(alertmanager_notifications_failed_total{%(alertmanagerSelector)s, integration!~`%(alertmanagerCriticalIntegrationsRegEx)s`}[5m]) + / + rate(alertmanager_notifications_total{%(alertmanagerSelector)s, integration!~`%(alertmanagerCriticalIntegrationsRegEx)s`}[5m]) + ) + > 0.01 + ||| % $._config, + 'for': '5m', + labels: { + severity: 'warning', + }, + annotations: { + summary: 'All Alertmanager instances in a cluster failed to send notifications to a non-critical integration.', description: 'The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the %(alertmanagerClusterName)s cluster is {{ $value | humanizePercentage }}.' % $._config, }, }, diff --git a/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/config.libsonnet b/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/config.libsonnet index 001886c..a9d8b55 100644 --- a/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/config.libsonnet +++ b/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/config.libsonnet @@ -24,5 +24,13 @@ // Alertmanager cluster. All labels used here must also be present // in alertmanagerClusterLabels above. alertmanagerClusterName: '{{$labels.job}}', + + // alertmanagerCriticalIntegrationsRegEx is matched against the + // value of the `integration` label to determine if the + // AlertmanagerClusterFailedToSendAlerts is critical or merely a + // warning. This can be used to avoid paging about a failed + // integration that is itself not used for critical alerts. + // Example: @'pagerduty|webhook' + alertmanagerCriticalIntegrationsRegEx: @'.*', }, } diff --git a/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/go.mod b/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/go.mod deleted file mode 100644 index e4d814a..0000000 --- a/monitoring/vendor/github.com/prometheus/alertmanager/doc/alertmanager-mixin/go.mod +++ /dev/null @@ -1,8 +0,0 @@ -module github.com/prometheus/alertmanager/doc/alertmanager-mixin - -go 1.14 - -require ( - github.com/google/go-jsonnet v0.17.0 // indirect - github.com/monitoring-mixins/mixtool v0.0.0-20201127170310-63dca667103c // indirect -) diff --git a/monitoring/vendor/github.com/prometheus/node_exporter/docs/node-mixin/alerts/alerts.libsonnet b/monitoring/vendor/github.com/prometheus/node_exporter/docs/node-mixin/alerts/alerts.libsonnet index db1e500..a19c8dc 100644 --- a/monitoring/vendor/github.com/prometheus/node_exporter/docs/node-mixin/alerts/alerts.libsonnet +++ b/monitoring/vendor/github.com/prometheus/node_exporter/docs/node-mixin/alerts/alerts.libsonnet @@ -231,7 +231,7 @@ }, annotations: { summary: 'Clock skew detected.', - message: 'Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.', + description: 'Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.', }, }, { @@ -247,7 +247,7 @@ }, annotations: { summary: 'Clock not synchronising.', - message: 'Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host.', + description: 'Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host.', }, }, { @@ -267,7 +267,7 @@ { alert: 'NodeRAIDDiskFailure', expr: ||| - node_md_disks{state="fail"} > 0 + node_md_disks{state="failed"} > 0 ||| % $._config, labels: { severity: 'warning', diff --git a/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/alerts.libsonnet b/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/alerts.libsonnet index d37b12b..f555a4c 100644 --- a/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/alerts.libsonnet +++ b/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/alerts.libsonnet @@ -158,12 +158,12 @@ alert: 'PrometheusRemoteStorageFailures', expr: ||| ( - rate(prometheus_remote_storage_failed_samples_total{%(prometheusSelector)s}[5m]) + (rate(prometheus_remote_storage_failed_samples_total{%(prometheusSelector)s}[5m]) or rate(prometheus_remote_storage_samples_failed_total{%(prometheusSelector)s}[5m])) / ( - rate(prometheus_remote_storage_failed_samples_total{%(prometheusSelector)s}[5m]) + (rate(prometheus_remote_storage_failed_samples_total{%(prometheusSelector)s}[5m]) or rate(prometheus_remote_storage_samples_failed_total{%(prometheusSelector)s}[5m])) + - rate(prometheus_remote_storage_succeeded_samples_total{%(prometheusSelector)s}[5m]) + (rate(prometheus_remote_storage_succeeded_samples_total{%(prometheusSelector)s}[5m]) or rate(prometheus_remote_storage_samples_total{%(prometheusSelector)s}[5m])) ) ) * 100 @@ -267,9 +267,9 @@ alert: 'PrometheusErrorSendingAlertsToAnyAlertmanager', expr: ||| min without (alertmanager) ( - rate(prometheus_notifications_errors_total{%(prometheusSelector)s}[5m]) + rate(prometheus_notifications_errors_total{%(prometheusSelector)s,alertmanager!~`%(nonNotifyingAlertmanagerRegEx)s`}[5m]) / - rate(prometheus_notifications_sent_total{%(prometheusSelector)s}[5m]) + rate(prometheus_notifications_sent_total{%(prometheusSelector)s,alertmanager!~`%(nonNotifyingAlertmanagerRegEx)s`}[5m]) ) * 100 > 3 @@ -289,9 +289,9 @@ alert: 'PrometheusErrorSendingAlertsToAnyAlertmanager', expr: ||| min by (%(prometheusHAGroupLabels)s) ( - rate(prometheus_notifications_errors_total{%(prometheusSelector)s}[5m]) + rate(prometheus_notifications_errors_total{%(prometheusSelector)s,alertmanager!~`%(nonNotifyingAlertmanagerRegEx)s`}[5m]) / - rate(prometheus_notifications_sent_total{%(prometheusSelector)s}[5m]) + rate(prometheus_notifications_sent_total{%(prometheusSelector)s,alertmanager!~`%(nonNotifyingAlertmanagerRegEx)s`}[5m]) ) * 100 > 3 diff --git a/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/config.libsonnet b/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/config.libsonnet index 5c4d012..6b96a31 100644 --- a/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/config.libsonnet +++ b/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/config.libsonnet @@ -27,5 +27,22 @@ // HA group. All labels used here must also be present in // prometheusHAGroupLabels above. prometheusHAGroupName: '{{$labels.job}}', + + // nonNotifyingAlertmanagerRegEx can be used to mark Alertmanager + // instances that are not part of the Alertmanager cluster + // delivering production notifications. This is important for the + // PrometheusErrorSendingAlertsToAnyAlertmanager alert. Otherwise, + // a still working test or auditing instance could mask a full + // failure of all the production instances. The provided regular + // expression is matched against the `alertmanager` label. + // Example: @'http://test-alertmanager\..*' + nonNotifyingAlertmanagerRegEx: @'', + + grafanaPrometheus: { + prefix: 'Prometheus / ', + tags: ['prometheus-mixin'], + // The default refresh time for all dashboards, default to 60s + refresh: '60s', + }, }, } diff --git a/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/dashboards.libsonnet b/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/dashboards.libsonnet index 31cea10..c1336cd 100644 --- a/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/dashboards.libsonnet +++ b/monitoring/vendor/github.com/prometheus/prometheus/documentation/prometheus-mixin/dashboards.libsonnet @@ -10,7 +10,9 @@ local template = grafana.template; { grafanaDashboards+:: { 'prometheus.json': - g.dashboard('Prometheus Overview') + g.dashboard( + '%(prefix)sOverview' % $._config.grafanaPrometheus + ) .addMultiTemplate('job', 'prometheus_build_info', 'job') .addMultiTemplate('instance', 'prometheus_build_info', 'instance') .addRow( @@ -96,7 +98,10 @@ local template = grafana.template; { yaxes: g.yaxes('ms') } + g.stack, ) - ), + ) + { + tags: $._config.grafanaPrometheus.tags, + refresh: $._config.grafanaPrometheus.refresh, + }, // Remote write specific dashboard. 'prometheus-remote-write.json': local timestampComparison = @@ -144,9 +149,9 @@ local template = grafana.template; rate( prometheus_remote_storage_samples_in_total{cluster=~"$cluster", instance=~"$instance"}[5m]) - - ignoring(remote_name, url) group_right(instance) rate(prometheus_remote_storage_succeeded_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m]) + ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m])) - - rate(prometheus_remote_storage_dropped_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m]) + (rate(prometheus_remote_storage_dropped_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~"$cluster", instance=~"$instance"}[5m])) |||, legendFormat='{{cluster}}:{{instance}} {{remote_name}}:{{url}}' )); @@ -215,7 +220,7 @@ local template = grafana.template; span=6, ) .addTarget(prometheus.target( - 'prometheus_remote_storage_pending_samples{cluster=~"$cluster", instance=~"$instance"}', + 'prometheus_remote_storage_pending_samples{cluster=~"$cluster", instance=~"$instance"} or prometheus_remote_storage_samples_pending{cluster=~"$cluster", instance=~"$instance"}', legendFormat='{{cluster}}:{{instance}} {{remote_name}}:{{url}}' )); @@ -250,7 +255,7 @@ local template = grafana.template; span=3, ) .addTarget(prometheus.target( - 'rate(prometheus_remote_storage_dropped_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m])', + 'rate(prometheus_remote_storage_dropped_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~"$cluster", instance=~"$instance"}[5m])', legendFormat='{{cluster}}:{{instance}} {{remote_name}}:{{url}}' )); @@ -261,7 +266,7 @@ local template = grafana.template; span=3, ) .addTarget(prometheus.target( - 'rate(prometheus_remote_storage_failed_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m])', + 'rate(prometheus_remote_storage_failed_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~"$cluster", instance=~"$instance"}[5m])', legendFormat='{{cluster}}:{{instance}} {{remote_name}}:{{url}}' )); @@ -272,7 +277,7 @@ local template = grafana.template; span=3, ) .addTarget(prometheus.target( - 'rate(prometheus_remote_storage_retried_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m])', + 'rate(prometheus_remote_storage_retried_samples_total{cluster=~"$cluster", instance=~"$instance"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~"$cluster", instance=~"$instance"}[5m])', legendFormat='{{cluster}}:{{instance}} {{remote_name}}:{{url}}' )); @@ -287,8 +292,10 @@ local template = grafana.template; legendFormat='{{cluster}}:{{instance}} {{remote_name}}:{{url}}' )); - dashboard.new('Prometheus Remote Write', - editable=true) + dashboard.new( + title='%(prefix)sRemote Write' % $._config.grafanaPrometheus, + editable=true + ) .addTemplate( { hide: 0, @@ -372,6 +379,9 @@ local template = grafana.template; .addPanel(failedSamples) .addPanel(retriedSamples) .addPanel(enqueueRetries) - ), + ) + { + tags: $._config.grafanaPrometheus.tags, + refresh: $._config.grafanaPrometheus.refresh, + }, }, } diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/README.md b/monitoring/vendor/github.com/thanos-io/thanos/mixin/README.md index 7061550..44b7209 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/README.md +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/README.md @@ -35,7 +35,7 @@ To install: go get github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb ``` -> An e.g. of how to install a given version of this library: `jb install github.com/thanos-io/thanos/mixin@master`. +> An e.g. of how to install a given version of this library: `jb install github.com/thanos-io/thanos/mixin@main`. ## Use as a library @@ -44,7 +44,7 @@ To use the `thanos-mixin` as a dependency, simply use the `jsonnet-bundler` inst $ mkdir thanos-mixin; cd thanos-mixin $ jb init # Creates the initial/empty `jsonnetfile.json` # Install the thanos-mixin dependency -$ jb install github.com/thanos-io/thanos/mixin@master # Creates `vendor/` & `jsonnetfile.lock.json`, and fills in `jsonnetfile.json` +$ jb install github.com/thanos-io/thanos/mixin@main # Creates `vendor/` & `jsonnetfile.lock.json`, and fills in `jsonnetfile.json` ``` To update the `thanos-mixin` as a dependency, simply use the `jsonnet-bundler` update functionality: diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/absent.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/absent.libsonnet index 604fa9f..1786a53 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/absent.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/absent.libsonnet @@ -13,7 +13,7 @@ local titlize(str) = std.join('', std.map(capitalize, std.split(str, '_'))); prometheusAlerts+:: { groups+: [ { - name: 'thanos-component-absent.rules', + name: 'thanos-component-absent', rules: [ { alert: '%sIsDown' % name, diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/add-runbook-links.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/add-runbook-links.libsonnet new file mode 100644 index 0000000..c871891 --- /dev/null +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/add-runbook-links.libsonnet @@ -0,0 +1,23 @@ +local utils = import '../lib/utils.libsonnet'; + +local lower(x) = + local cp(c) = std.codepoint(c); + local lowerLetter(c) = + if cp(c) >= 65 && cp(c) < 91 + then std.char(cp(c) + 32) + else c; + std.join('', std.map(lowerLetter, std.stringChars(x))); + +{ + _config+:: { + runbookURLPattern: 'https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-%s', + }, + + prometheusAlerts+:: + local addRunbookURL(rule) = rule { + [if 'alert' in rule && !('runbook_url' in rule.annotations) then 'annotations']+: { + runbook_url: $._config.runbookURLPattern % lower(rule.alert), + }, + }; + utils.mapRuleGroups(addRunbookURL), +} diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/alerts.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/alerts.libsonnet index 2903fd1..2ce46d5 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/alerts.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/alerts.libsonnet @@ -5,4 +5,5 @@ (import 'store.libsonnet') + (import 'rule.libsonnet') + (import 'bucket_replicate.libsonnet') + -(import 'absent.libsonnet') +(import 'absent.libsonnet') + +(import 'add-runbook-links.libsonnet') diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/bucket_replicate.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/bucket_replicate.libsonnet index 268e674..6abfecc 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/bucket_replicate.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/bucket_replicate.libsonnet @@ -8,7 +8,7 @@ prometheusAlerts+:: { groups+: [ { - name: 'thanos-bucket-replicate.rules', + name: 'thanos-bucket-replicate', rules: [ { alert: 'ThanosBucketReplicateIsDown', diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/compact.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/compact.libsonnet index 63743d8..de515fb 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/compact.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/compact.libsonnet @@ -8,7 +8,7 @@ prometheusAlerts+:: { groups+: [ { - name: 'thanos-compact.rules', + name: 'thanos-compact', rules: [ { alert: 'ThanosCompactMultipleRunning', diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/query.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/query.libsonnet index f6c8db2..8e2fd04 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/query.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/query.libsonnet @@ -11,7 +11,7 @@ prometheusAlerts+:: { groups+: [ { - name: 'thanos-query.rules', + name: 'thanos-query', rules: [ { alert: 'ThanosQueryHttpRequestQueryErrorRateHigh', diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/receive.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/receive.libsonnet index e07bf84..fa818ab 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/receive.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/receive.libsonnet @@ -10,7 +10,7 @@ prometheusAlerts+:: { groups+: [ { - name: 'thanos-receive.rules', + name: 'thanos-receive', rules: [ { alert: 'ThanosReceiveHttpRequestErrorRateHigh', diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/rule.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/rule.libsonnet index 8fd864c..f34e2fd 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/rule.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/rule.libsonnet @@ -10,7 +10,7 @@ prometheusAlerts+:: { groups+: [ { - name: 'thanos-rule.rules', + name: 'thanos-rule', rules: [ { alert: 'ThanosRuleQueueIsDroppingAlerts', diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet index 20f217c..b4826c3 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet @@ -6,7 +6,7 @@ prometheusAlerts+:: { groups+: [ { - name: 'thanos-sidecar.rules', + name: 'thanos-sidecar', rules: [ { alert: 'ThanosSidecarPrometheusDown', @@ -22,6 +22,20 @@ severity: 'critical', }, }, + { + alert: 'ThanosSidecarBucketOperationsFailed', + annotations: { + description: 'Thanos Sidecar {{$labels.job}} {{$labels.pod}} bucket operations are failing', + summary: 'Thanos Sidecar bucket operations are failing', + }, + expr: ||| + rate(thanos_objstore_bucket_operation_failures_total{%(selector)s}[5m]) > 0 + ||| % thanos.sidecar, + 'for': '5m', + labels: { + severity: 'critical', + }, + }, { alert: 'ThanosSidecarUnhealthy', annotations: { diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/store.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/store.libsonnet index 32101fa..f8e669d 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/store.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/alerts/store.libsonnet @@ -11,7 +11,7 @@ prometheusAlerts+:: { groups+: [ { - name: 'thanos-store.rules', + name: 'thanos-store', rules: [ { alert: 'ThanosStoreGrpcErrorRate', diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/dashboards/compact.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/dashboards/compact.libsonnet index dbd30f9..31c2014 100644 --- a/monitoring/vendor/github.com/thanos-io/thanos/mixin/dashboards/compact.libsonnet +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/dashboards/compact.libsonnet @@ -80,6 +80,40 @@ local g = import '../lib/thanos-grafana-builder/builder.libsonnet'; g.latencyPanel('thanos_compact_garbage_collection_duration_seconds', 'namespace="$namespace",job=~"$job"') ) ) + .addRow( + g.row('Blocks deletion') + .addPanel( + g.panel( + 'Deletion Rate', + 'Shows deletion rate of blocks already marked for deletion.' + ) + + g.queryPanel( + 'sum(rate(thanos_compact_blocks_cleaned_total{namespace="$namespace",job=~"$job"}[$interval])) by (job)', + 'Blocks cleanup {{job}}' + ) + + g.stack + ) + .addPanel( + g.panel( + 'Deletion Error Rate', + 'Shows deletion failures rate of blocks already marked for deletion.' + ) + + g.queryPanel( + 'sum(rate(thanos_compact_block_cleanup_failures_total{namespace="$namespace",job=~"$job"}[$interval])) by (job)', + 'Blocks cleanup failures {{job}}' + ) + ) + .addPanel( + g.panel( + 'Marking Rate', + 'Shows rate at which blocks are marked for deletion (from GC and retention policy).' + ) + + g.queryPanel( + 'sum(rate(thanos_compact_blocks_marked_for_deletion_total{namespace="$namespace",job=~"$job"}[$interval])) by (job)', + 'Blocks marked {{job}}' + ) + ) + ) .addRow( g.row('Sync Meta') .addPanel( diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/lib/utils.libsonnet b/monitoring/vendor/github.com/thanos-io/thanos/mixin/lib/utils.libsonnet new file mode 100644 index 0000000..700ada9 --- /dev/null +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/lib/utils.libsonnet @@ -0,0 +1,13 @@ +{ + mapRuleGroups(f): { + groups: [ + group { + rules: [ + f(rule) + for rule in super.rules + ], + } + for group in super.groups + ], + }, +} diff --git a/monitoring/vendor/github.com/thanos-io/thanos/mixin/runbook.md b/monitoring/vendor/github.com/thanos-io/thanos/mixin/runbook.md new file mode 100755 index 0000000..150b7ed --- /dev/null +++ b/monitoring/vendor/github.com/thanos-io/thanos/mixin/runbook.md @@ -0,0 +1,97 @@ +# Alerts + +## Rule Groups + +* [thanos-bucket-replicate.rules](#thanos-bucket-replicate.rules) +* [thanos-compact.rules](#thanos-compact.rules) +* [thanos-component-absent.rules](#thanos-component-absent.rules) +* [thanos-query.rules](#thanos-query.rules) +* [thanos-receive.rules](#thanos-receive.rules) +* [thanos-rule.rules](#thanos-rule.rules) +* [thanos-sidecar.rules](#thanos-sidecar.rules) +* [thanos-store.rules](#thanos-store.rules) + +## thanos-bucket-replicate.rules + +|Name|Summary|Description|Severity|Runbook| +|---|---|---|---|---| +|ThanosBucketReplicateIsDown|Thanos Replicate has disappeared from Prometheus target discovery.|Thanos Replicate has disappeared from Prometheus target discovery.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosbucketreplicateisdown](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosbucketreplicateisdown)| +|ThanosBucketReplicateErrorRate|Thanose Replicate is failing to run.|Thanos Replicate failing to run, {{ $value humanize }}% of attempts failed.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosbucketreplicateerrorrate](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosbucketreplicateerrorrate)| +|ThanosBucketReplicateRunLatency|Thanos Replicate has a high latency for replicate operations.|Thanos Replicate {{$labels.job}} has a 99th percentile latency of {{ $value }} seconds for the replicate operations.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosbucketreplicaterunlatency](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosbucketreplicaterunlatency)| + +## thanos-compact.rules + +|Name|Summary|Description|Severity|Runbook| +|---|---|---|---|---| +|ThanosCompactMultipleRunning|Thanos Compact has multiple instances running.|No more than one Thanos Compact instance should be running at once. There are {{ $value }}|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactmultiplerunning](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactmultiplerunning)| +|ThanosCompactHalted|Thanos Compact has failed to run ans is now halted.|Thanos Compact {{$labels.job}} has failed to run and now is halted.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompacthalted](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompacthalted)| +|ThanosCompactHighCompactionFailures|Thanos Compact is failing to execute compactions.|Thanos Compact {{$labels.job}} is failing to execute {{ $value humanize }}% of compactions.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompacthighcompactionfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompacthighcompactionfailures)| +|ThanosCompactBucketHighOperationFailures|Thanos Compact Bucket is having a high number of operation failures.|Thanos Compact {{$labels.job}} Bucket is failing to execute {{ $value humanize }}% of operations.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactbuckethighoperationfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactbuckethighoperationfailures)| +|ThanosCompactHasNotRun|Thanos Compact has not uploaded anything for last 24 hours.|Thanos Compact {{$labels.job}} has not uploaded anything for 24 hours.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompacthasnotrun](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompacthasnotrun)| + +## thanos-component-absent.rules + +|Name|Summary|Description|Severity|Runbook| +|---|---|---|---|---| +|ThanosCompactIsDown|thanos component has disappeared from Prometheus target discovery.|ThanosCompact has disappeared from Prometheus target discovery.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactisdown](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactisdown)| +|ThanosQueryIsDown|thanos component has disappeared from Prometheus target discovery.|ThanosQuery has disappeared from Prometheus target discovery.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryisdown](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryisdown)| +|ThanosReceiveIsDown|thanos component has disappeared from Prometheus target discovery.|ThanosReceive has disappeared from Prometheus target discovery.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceiveisdown](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceiveisdown)| +|ThanosRuleIsDown|thanos component has disappeared from Prometheus target discovery.|ThanosRule has disappeared from Prometheus target discovery.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosruleisdown](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosruleisdown)| +|ThanosSidecarIsDown|thanos component has disappeared from Prometheus target discovery.|ThanosSidecar has disappeared from Prometheus target discovery.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanossidecarisdown](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanossidecarisdown)| +|ThanosStoreIsDown|thanos component has disappeared from Prometheus target discovery.|ThanosStore has disappeared from Prometheus target discovery.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstoreisdown](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstoreisdown)| + +## thanos-query.rules + +|Name|Summary|Description|Severity|Runbook| +|---|---|---|---|---| +|ThanosQueryHttpRequestQueryErrorRateHigh|Thanos Query is failing to handle requests.|Thanos Query {{$labels.job}} is failing to handle {{ $value humanize }}% of "query" requests.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryhttprequestqueryerrorratehigh](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryhttprequestqueryerrorratehigh)| +|ThanosQueryHttpRequestQueryRangeErrorRateHigh|Thanos Query is failing to handle requests.|Thanos Query {{$labels.job}} is failing to handle {{ $value humanize }}% of "query_range" requests.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryhttprequestqueryrangeerrorratehigh](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryhttprequestqueryrangeerrorratehigh)| +|ThanosQueryGrpcServerErrorRate|Thanos Query is failing to handle requests.|Thanos Query {{$labels.job}} is failing to handle {{ $value humanize }}% of requests.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosquerygrpcservererrorrate](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosquerygrpcservererrorrate)| +|ThanosQueryGrpcClientErrorRate|Thanos Query is failing to send requests.|Thanos Query {{$labels.job}} is failing to send {{ $value humanize }}% of requests.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosquerygrpcclienterrorrate](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosquerygrpcclienterrorrate)| +|ThanosQueryHighDNSFailures|Thanos Query is having high number of DNS failures.|Thanos Query {{$labels.job}} have {{ $value humanize }}% of failing DNS queries for store endpoints.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryhighdnsfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryhighdnsfailures)| +|ThanosQueryInstantLatencyHigh|Thanos Query has high latency for queries.|Thanos Query {{$labels.job}} has a 99th percentile latency of {{ $value }} seconds for instant queries.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryinstantlatencyhigh](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryinstantlatencyhigh)| +|ThanosQueryRangeLatencyHigh|Thanos Query has high latency for queries.|Thanos Query {{$labels.job}} has a 99th percentile latency of {{ $value }} seconds for range queries.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryrangelatencyhigh](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosqueryrangelatencyhigh)| + +## thanos-receive.rules + +|Name|Summary|Description|Severity|Runbook| +|---|---|---|---|---| +|ThanosReceiveHttpRequestErrorRateHigh|Thanos Receive is failing to handle requests.|Thanos Receive {{$labels.job}} is failing to handle {{ $value humanize }}% of requests.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehttprequesterrorratehigh](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehttprequesterrorratehigh)| +|ThanosReceiveHttpRequestLatencyHigh|Thanos Receive has high HTTP requests latency.|Thanos Receive {{$labels.job}} has a 99th percentile latency of {{ $value }} seconds for requests.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehttprequestlatencyhigh](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehttprequestlatencyhigh)| +|ThanosReceiveHighReplicationFailures|Thanos Receive is having high number of replication failures.|Thanos Receive {{$labels.job}} is failing to replicate {{ $value humanize }}% of requests.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehighreplicationfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehighreplicationfailures)| +|ThanosReceiveHighForwardRequestFailures|Thanos Receive is failing to forward requests.|Thanos Receive {{$labels.job}} is failing to forward {{ $value humanize }}% of requests.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehighforwardrequestfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehighforwardrequestfailures)| +|ThanosReceiveHighHashringFileRefreshFailures|Thanos Receive is failing to refresh hasring file.|Thanos Receive {{$labels.job}} is failing to refresh hashring file, {{ $value humanize }} of attempts failed.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehighhashringfilerefreshfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivehighhashringfilerefreshfailures)| +|ThanosReceiveConfigReloadFailure|Thanos Receive has not been able to reload configuration.|Thanos Receive {{$labels.job}} has not been able to reload hashring configurations.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceiveconfigreloadfailure](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceiveconfigreloadfailure)| +|ThanosReceiveNoUpload|Thanos Receive has not uploaded latest data to object storage.|Thanos Receive {{ $labels.instance }} of {{$labels.job}} has not uploaded latest data to object storage.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivenoupload](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosreceivenoupload)| + +## thanos-rule.rules + +|Name|Summary|Description|Severity|Runbook| +|---|---|---|---|---| +|ThanosRuleQueueIsDroppingAlerts|Thanos Rule is failing to queue alerts.|Thanos Rule {{$labels.job}} {{$labels.pod}} is failing to queue alerts.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulequeueisdroppingalerts](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulequeueisdroppingalerts)| +|ThanosRuleSenderIsFailingAlerts|Thanos Rule is failing to send alerts to alertmanager.|Thanos Rule {{$labels.job}} {{$labels.pod}} is failing to send alerts to alertmanager.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulesenderisfailingalerts](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulesenderisfailingalerts)| +|ThanosRuleHighRuleEvaluationFailures|Thanos Rule is failing to evaluate rules.|Thanos Rule {{$labels.job}} {{$labels.pod}} is failing to evaluate rules.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulehighruleevaluationfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulehighruleevaluationfailures)| +|ThanosRuleHighRuleEvaluationWarnings|Thanos Rule has high number of evaluation warnings.|Thanos Rule {{$labels.job}} {{$labels.pod}} has high number of evaluation warnings.|info|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulehighruleevaluationwarnings](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulehighruleevaluationwarnings)| +|ThanosRuleRuleEvaluationLatencyHigh|Thanos Rule has high rule evaluation latency.|Thanos Rule {{$labels.job}}/{{$labels.pod}} has higher evaluation latency than interval for {{$labels.rule_group}}.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosruleruleevaluationlatencyhigh](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosruleruleevaluationlatencyhigh)| +|ThanosRuleGrpcErrorRate|Thanos Rule is failing to handle grpc requests.|Thanos Rule {{$labels.job}} is failing to handle {{ $value humanize }}% of requests.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulegrpcerrorrate](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulegrpcerrorrate)| +|ThanosRuleConfigReloadFailure|Thanos Rule has not been able to reload configuration.|Thanos Rule {{$labels.job}} has not been able to reload its configuration.|info|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosruleconfigreloadfailure](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosruleconfigreloadfailure)| +|ThanosRuleQueryHighDNSFailures|Thanos Rule is having high number of DNS failures.|Thanos Rule {{$labels.job}} has {{ $value humanize }}% of failing DNS queries for query endpoints.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulequeryhighdnsfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulequeryhighdnsfailures)| +|ThanosRuleAlertmanagerHighDNSFailures|Thanos Rule is having high number of DNS failures.|Thanos Rule {{$labels.job}} has {{ $value humanize }}% of failing DNS queries for Alertmanager endpoints.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulealertmanagerhighdnsfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulealertmanagerhighdnsfailures)| +|ThanosRuleNoEvaluationFor10Intervals|Thanos Rule has rule groups that did not evaluate for 10 intervals.|Thanos Rule {{$labels.job}} has {{ $value humanize }}% rule groups that did not evaluate for at least 10x of their expected interval.|info|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulenoevaluationfor10intervals](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosrulenoevaluationfor10intervals)| +|ThanosNoRuleEvaluations|Thanos Rule did not perform any rule evaluations.|Thanos Rule {{$labels.job}} did not perform any rule evaluations in the past 2 minutes.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosnoruleevaluations](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosnoruleevaluations)| + +## thanos-sidecar.rules + +|Name|Summary|Description|Severity|Runbook| +|---|---|---|---|---| +|ThanosSidecarPrometheusDown|Thanos Sidecar cannot connect to Prometheus|Thanos Sidecar {{$labels.job}} {{$labels.pod}} cannot connect to Prometheus.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanossidecarprometheusdown](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanossidecarprometheusdown)| +|ThanosSidecarUnhealthy|Thanos Sidecar is unhealthy.|Thanos Sidecar {{$labels.job}} {{$labels.pod}} is unhealthy for {{ $value }} seconds.|critical|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanossidecarunhealthy](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanossidecarunhealthy)| + +## thanos-store.rules + +|Name|Summary|Description|Severity|Runbook| +|---|---|---|---|---| +|ThanosStoreGrpcErrorRate|Thanos Store is failing to handle qrpcd requests.|Thanos Store {{$labels.job}} is failing to handle {{ $value humanize }}% of requests.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstoregrpcerrorrate](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstoregrpcerrorrate)| +|ThanosStoreSeriesGateLatencyHigh|Thanos Store has high latency for store series gate requests.|Thanos Store {{$labels.job}} has a 99th percentile latency of {{ $value }} seconds for store series gate requests.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstoreseriesgatelatencyhigh](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstoreseriesgatelatencyhigh)| +|ThanosStoreBucketHighOperationFailures|Thanos Store Bucket is failing to execute operations.|Thanos Store {{$labels.job}} Bucket is failing to execute {{ $value humanize }}% of operations.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstorebuckethighoperationfailures](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstorebuckethighoperationfailures)| +|ThanosStoreObjstoreOperationLatencyHigh|Thanos Store is having high latency for bucket operations.|Thanos Store {{$labels.job}} Bucket has a 99th percentile latency of {{ $value }} seconds for the bucket operations.|warning|[https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstoreobjstoreoperationlatencyhigh](https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanosstoreobjstoreoperationlatencyhigh)| diff --git a/monitoring/vendor/mixin b/monitoring/vendor/mixin index b78ed5a..2fca898 120000 --- a/monitoring/vendor/mixin +++ b/monitoring/vendor/mixin @@ -1 +1 @@ -github.com/prometheus-operator/prometheus-operator/jsonnet/mixin \ No newline at end of file +github.com/etcd-io/etcd/contrib/mixin \ No newline at end of file diff --git a/monitoring/vendor/prometheus-operator-mixin b/monitoring/vendor/prometheus-operator-mixin new file mode 120000 index 0000000..b78ed5a --- /dev/null +++ b/monitoring/vendor/prometheus-operator-mixin @@ -0,0 +1 @@ +github.com/prometheus-operator/prometheus-operator/jsonnet/mixin \ No newline at end of file diff --git a/monitoring/vendor/thanos-mixin b/monitoring/vendor/thanos-mixin new file mode 120000 index 0000000..17b674a --- /dev/null +++ b/monitoring/vendor/thanos-mixin @@ -0,0 +1 @@ +github.com/thanos-io/thanos/mixin \ No newline at end of file