diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/crds/kustomization.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/crds/kustomization.yaml new file mode 100644 index 0000000..017d9c5 --- /dev/null +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/crds/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./monitoring.coreos.com_alertmanagers.yaml + - ./monitoring.coreos.com_podmonitors.yaml + - ./monitoring.coreos.com_prometheusrules.yaml + - ./monitoring.coreos.com_servicemonitors.yaml + - ./monitoring.coreos.com_thanosrulers.yaml diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/crds/monitoring.coreos.com_prometheuses.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/crds/monitoring.coreos.com_prometheuses.yaml deleted file mode 100644 index 8d78237..0000000 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/crds/monitoring.coreos.com_prometheuses.yaml +++ /dev/null @@ -1,11258 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.69.1 - name: prometheuses.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: Prometheus - listKind: PrometheusList - plural: prometheuses - shortNames: - - prom - singular: prometheus - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The version of Prometheus - jsonPath: .spec.version - name: Version - type: string - - description: The number of desired replicas - jsonPath: .spec.replicas - name: Desired - type: integer - - description: The number of ready replicas - jsonPath: .status.availableReplicas - name: Ready - type: integer - - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status - name: Reconciled - type: string - - jsonPath: .status.conditions[?(@.type == 'Available')].status - name: Available - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Whether the resource reconciliation is paused or not - jsonPath: .status.paused - name: Paused - priority: 1 - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: Prometheus defines a Prometheus deployment. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - "Specification of the desired behavior of the Prometheus - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - properties: - additionalAlertManagerConfigs: - description: - "AdditionalAlertManagerConfigs specifies a key of a Secret - containing additional Prometheus Alertmanager configurations. The - Alertmanager configurations are appended to the configuration generated - by the Prometheus Operator. They must be formatted according to - the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config - \n The user is responsible for making sure that the configurations - are valid \n Note that using this feature may expose the possibility - to break upgrades of Prometheus. It is advised to review Prometheus - release notes to ensure that no incompatible AlertManager configs - are going to break Prometheus after the upgrade." - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - additionalAlertRelabelConfigs: - description: - "AdditionalAlertRelabelConfigs specifies a key of a Secret - containing additional Prometheus alert relabel configurations. The - alert relabel configurations are appended to the configuration generated - by the Prometheus Operator. They must be formatted according to - the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - \n The user is responsible for making sure that the configurations - are valid \n Note that using this feature may expose the possibility - to break upgrades of Prometheus. It is advised to review Prometheus - release notes to ensure that no incompatible alert relabel configs - are going to break Prometheus after the upgrade." - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - additionalArgs: - description: - "AdditionalArgs allows setting additional arguments for - the 'prometheus' container. \n It is intended for e.g. activating - hidden flags which are not supported by the dedicated configuration - options yet. The arguments are passed as-is to the Prometheus container - which may cause issues if they are invalid or not supported by the - given Prometheus version. \n In case of an argument conflict (e.g. - an argument which is already set by the operator itself) or when - providing an invalid argument, the reconciliation will fail and - an error will be logged." - items: - description: Argument as part of the AdditionalArgs list. - properties: - name: - description: Name of the argument, e.g. "scrape.discovery-reload-interval". - minLength: 1 - type: string - value: - description: - Argument value, e.g. 30s. Can be empty for name-only - arguments (e.g. --storage.tsdb.no-lockfile) - type: string - required: - - name - type: object - type: array - additionalScrapeConfigs: - description: - "AdditionalScrapeConfigs allows specifying a key of a - Secret containing additional Prometheus scrape configurations. Scrape - configurations specified are appended to the configurations generated - by the Prometheus Operator. Job configurations specified must have - the form as specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Prometheus. It is advised to review Prometheus - release notes to ensure that no incompatible scrape configs are - going to break Prometheus after the upgrade." - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - affinity: - description: Defines the Pods' affinity scheduling rules if specified. - properties: - nodeAffinity: - description: - Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: - An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: - A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: - A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: - An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: - A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: - An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: - Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node selector terms. - The terms are ORed. - items: - description: - A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: - A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: - An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: - A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: - An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: - Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: - A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - key is the label key that - the selector applies to. - type: string - operator: - description: - operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: - A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - key is the label key that - the selector applies to. - type: string - operator: - description: - operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: - namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: - weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: - Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: - namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: - The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: - A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - key is the label key that - the selector applies to. - type: string - operator: - description: - operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: - A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - key is the label key that - the selector applies to. - type: string - operator: - description: - operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: - namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: - weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: - Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: - namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - alerting: - description: Defines the settings related to Alertmanager. - properties: - alertmanagers: - description: - AlertmanagerEndpoints Prometheus should fire alerts - against. - items: - description: - AlertmanagerEndpoints defines a selection of a - single Endpoints object containing Alertmanager IPs to fire - alerts against. - properties: - apiVersion: - description: - Version of the Alertmanager API that Prometheus - uses to send alerts. It can be "v1" or "v2". - type: string - authorization: - description: - "Authorization section for Alertmanager. \n - Cannot be set at the same time as `basicAuth`, `bearerTokenFile` - or `sigv4`." - properties: - credentials: - description: - Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: - "Defines the authentication type. The value - is case-insensitive. \n \"Basic\" is not a supported - value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: - "BasicAuth configuration for Alertmanager. - \n Cannot be set at the same time as `bearerTokenFile`, - `authorization` or `sigv4`." - properties: - password: - description: - "`password` specifies a key of a Secret - containing the password for authentication." - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: - "`username` specifies a key of a Secret - containing the username for authentication." - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenFile: - description: - "File to read bearer token for Alertmanager. - \n Cannot be set at the same time as `basicAuth`, `authorization`, - or `sigv4`. \n *Deprecated: this will be removed in a - future release. Prefer using `authorization`.*" - type: string - enableHttp2: - description: Whether to enable HTTP2. - type: boolean - name: - description: Name of the Endpoints object in the namespace. - type: string - namespace: - description: Namespace of the Endpoints object. - type: string - pathPrefix: - description: - Prefix for the HTTP path alerts are pushed - to. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port on which the Alertmanager API is exposed. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use when firing alerts. - type: string - sigv4: - description: - "Sigv4 allows to configures AWS's Signature - Verification 4 for the URL. \n It requires Prometheus - >= v2.48.0. \n Cannot be set at the same time as `basicAuth`, - `bearerTokenFile` or `authorization`." - properties: - accessKey: - description: - AccessKey is the AWS API key. If not specified, - the environment variable `AWS_ACCESS_KEY_ID` is used. - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - profile: - description: - Profile is the named AWS profile used to - authenticate. - type: string - region: - description: - Region is the AWS region. If blank, the - region from the default credentials chain used. - type: string - roleArn: - description: - RoleArn is the named AWS profile used to - authenticate. - type: string - secretKey: - description: - SecretKey is the AWS API secret. If not - specified, the environment variable `AWS_SECRET_ACCESS_KEY` - is used. - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - timeout: - description: - Timeout is a per-target Alertmanager timeout - when pushing alerts. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS Config to use for Alertmanager. - properties: - ca: - description: - Certificate authority used when verifying - server certificates. - properties: - configMap: - description: - ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: - Secret containing data to use for the - targets. - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: - Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: - Client certificate to present when doing - client-authentication. - properties: - configMap: - description: - ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: - Secret containing data to use for the - targets. - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: - Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: - Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: - Secret containing the client key file for - the targets. - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - name - - namespace - - port - type: object - type: array - required: - - alertmanagers - type: object - allowOverlappingBlocks: - description: - "AllowOverlappingBlocks enables vertical compaction and - vertical query merge in Prometheus. \n *Deprecated: this flag has - no effect for Prometheus >= 2.39.0 where overlapping blocks are - enabled by default.*" - type: boolean - apiserverConfig: - description: - "APIServerConfig allows specifying a host and auth methods - to access the Kuberntees API server. If null, Prometheus is assumed - to run inside of the cluster: it will discover the API servers automatically - and use the Pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." - properties: - authorization: - description: - "Authorization section for the API server. \n Cannot - be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`." - properties: - credentials: - description: - Selects a key of a Secret in the namespace that - contains the credentials for authentication. - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - credentialsFile: - description: - File to read a secret from, mutually exclusive - with `credentials`. - type: string - type: - description: - "Defines the authentication type. The value is - case-insensitive. \n \"Basic\" is not a supported value. - \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: - "BasicAuth configuration for the API server. \n Cannot - be set at the same time as `authorization`, `bearerToken`, or - `bearerTokenFile`." - properties: - password: - description: - "`password` specifies a key of a Secret containing - the password for authentication." - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: - "`username` specifies a key of a Secret containing - the username for authentication." - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerToken: - description: - "*Warning: this field shouldn't be used because the - token value appears in clear-text. Prefer using `authorization`.* - \n *Deprecated: this will be removed in a future release.*" - type: string - bearerTokenFile: - description: - "File to read bearer token for accessing apiserver. - \n Cannot be set at the same time as `basicAuth`, `authorization`, - or `bearerToken`. \n *Deprecated: this will be removed in a - future release. Prefer using `authorization`.*" - type: string - host: - description: - Kubernetes API address consisting of a hostname or - IP address followed by an optional port number. - type: string - tlsConfig: - description: TLS Config to use for the API server. - properties: - ca: - description: - Certificate authority used when verifying server - certificates. - properties: - configMap: - description: - ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: - Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: - ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: - Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: - Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: - Secret containing the client key file for the - targets. - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - host - type: object - arbitraryFSAccessThroughSMs: - description: - When true, ServiceMonitor, PodMonitor and Probe object - are forbidden to reference arbitrary files on the file system of - the 'prometheus' container. When a ServiceMonitor's endpoint specifies - a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), - a malicious target can get access to the Prometheus service account's - token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` - to 'true' would prevent the attack. Users should instead provide - the credentials using the `spec.bearerTokenSecret` field. - properties: - deny: - type: boolean - type: object - baseImage: - description: "*Deprecated: use 'spec.image' instead.*" - type: string - bodySizeLimit: - description: - BodySizeLimit defines per-scrape on response body size. - Only valid in Prometheus versions 2.45.0 and newer. - pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ - type: string - configMaps: - description: - ConfigMaps is a list of ConfigMaps in the same namespace - as the Prometheus object, which shall be mounted into the Prometheus - Pods. Each ConfigMap is added to the StatefulSet definition as a - volume named `configmap-`. The ConfigMaps are mounted - into /etc/prometheus/configmaps/ in the 'prometheus' - container. - items: - type: string - type: array - containers: - description: - "Containers allows injecting additional containers or - modifying operator generated containers. This can be used to allow - adding an authentication proxy to the Pods or to change the behavior - of an operator generated container. Containers described here modify - an operator generated container if they share the same name and - modifications are done via a strategic merge patch. \n The names - of containers managed by the operator are: * `prometheus` * `config-reloader` - * `thanos-sidecar` \n Overriding containers is entirely outside - the scope of what the maintainers will support and by doing so, - you accept that this behaviour may break at any time without notice." - items: - description: - A single application container that you want to run - within a pod. - properties: - args: - description: - 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: - 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: - List of environment variables to set in the container. - Cannot be updated. - items: - description: - EnvVar represents an environment variable present - in a Container. - properties: - name: - description: - Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: - 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: - "Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['']`, - `metadata.annotations['']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs." - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: - "Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported." - properties: - containerName: - description: - "Container name: required for volumes, - optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: - List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: - EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: - An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: - "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: - "Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: - Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: - "PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: - "PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod's termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod's termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: - "Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: - Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: - "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: - TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: - "Optional: Host name to connect to, defaults - to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: - List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: - ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: - Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: - Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: - If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: - "Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: - Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: - "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: - TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: - "Optional: Host name to connect to, defaults - to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: - ContainerResizePolicy represents resource resize - policy for the container. - properties: - resourceName: - description: - "Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory." - type: string - restartPolicy: - description: - Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: - "Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - properties: - claims: - description: - "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: - Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - restartPolicy: - description: - 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' - type: string - securityContext: - description: - "SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: - "AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows." - type: boolean - capabilities: - description: - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: - Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: - procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: - Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: - The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: - Level is SELinux level label that applies - to the container. - type: string - role: - description: - Role is a SELinux role label that applies - to the container. - type: string - type: - description: - Type is a SELinux type label that applies - to the container. - type: string - user: - description: - User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: - localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: - "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: - The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: - HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: - "StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod's lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: - Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: - "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: - TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: - "Optional: Host name to connect to, defaults - to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: - Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: - Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: - "Optional: Path at which the file to which the - container's termination message will be written is mounted - into the container's filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: - Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: - Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: - volumeDevices is the list of block devices to be - used by the container. - items: - description: - volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: - devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: - name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: - VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: - Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: - mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: - Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: - Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: - Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: - Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - disableCompaction: - description: When true, the Prometheus compaction is disabled. - type: boolean - enableAdminAPI: - description: - "Enables access to the Prometheus web admin API. \n WARNING: - Enabling the admin APIs enables mutating endpoints, to delete data, - shutdown Prometheus, and more. Enabling this should be done with - care and the user is advised to add additional authentication authorization - via a proxy to ensure only clients authorized to perform these actions - can do so. \n For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis" - type: boolean - enableFeatures: - description: - "Enable access to Prometheus feature flags. By default, - no features are enabled. \n Enabling features which are disabled - by default is entirely outside the scope of what the maintainers - will support and by doing so, you accept that this behaviour may - break at any time without notice. \n For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" - items: - type: string - type: array - enableRemoteWriteReceiver: - description: - "Enable Prometheus to be used as a receiver for the Prometheus - remote write protocol. \n WARNING: This is not considered an efficient - way of ingesting samples. Use it with caution for specific low-volume - use cases. It is not suitable for replacing the ingestion via scraping - and turning Prometheus into a push-based metrics collection system. - For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - \n It requires Prometheus >= v2.33.0." - type: boolean - enforcedBodySizeLimit: - description: - "When defined, enforcedBodySizeLimit specifies a global - limit on the size of uncompressed response body that will be accepted - by Prometheus. Targets responding with a body larger than this many - bytes will cause the scrape to fail. \n It requires Prometheus >= - v2.28.0." - pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ - type: string - enforcedKeepDroppedTargets: - description: - "When defined, enforcedKeepDroppedTargets specifies a - global limit on the number of targets dropped by relabeling that - will be kept in memory. The value overrides any `spec.keepDroppedTargets` - set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` - is greater than zero and less than `spec.enforcedKeepDroppedTargets`. - \n It requires Prometheus >= v2.47.0." - format: int64 - type: integer - enforcedLabelLimit: - description: - "When defined, enforcedLabelLimit specifies a global - limit on the number of labels per sample. The value overrides any - `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects - unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. - \n It requires Prometheus >= v2.27.0." - format: int64 - type: integer - enforcedLabelNameLengthLimit: - description: - "When defined, enforcedLabelNameLengthLimit specifies - a global limit on the length of labels name per sample. The value - overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, - PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is - greater than zero and less than `spec.enforcedLabelNameLengthLimit`. - \n It requires Prometheus >= v2.27.0." - format: int64 - type: integer - enforcedLabelValueLengthLimit: - description: - "When not null, enforcedLabelValueLengthLimit defines - a global limit on the length of labels value per sample. The value - overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, - PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is - greater than zero and less than `spec.enforcedLabelValueLengthLimit`. - \n It requires Prometheus >= v2.27.0." - format: int64 - type: integer - enforcedNamespaceLabel: - description: - "When not empty, a label will be added to \n 1. All metrics - scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` - objects. 2. All metrics generated from recording rules defined in - `PrometheusRule` objects. 3. All alerts generated from alerting - rules defined in `PrometheusRule` objects. 4. All vector selectors - of PromQL expressions defined in `PrometheusRule` objects. \n The - label will not added for objects referenced in `spec.excludedFromEnforcement`. - \n The label's name is this field's value. The label's value is - the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or - `PrometheusRule` object." - type: string - enforcedSampleLimit: - description: - "When defined, enforcedSampleLimit specifies a global - limit on the number of scraped samples that will be accepted. This - overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, - Probe objects unless `spec.sampleLimit` is greater than zero and - less than than `spec.enforcedSampleLimit`. \n It is meant to be - used by admins to keep the overall number of samples/series under - a desired limit." - format: int64 - type: integer - enforcedTargetLimit: - description: - "When defined, enforcedTargetLimit specifies a global - limit on the number of scraped targets. The value overrides any - `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects - unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. - \n It is meant to be used by admins to to keep the overall number - of targets under a desired limit." - format: int64 - type: integer - evaluationInterval: - default: 30s - description: 'Interval between rule evaluations. Default: "30s"' - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - excludedFromEnforcement: - description: - "List of references to PodMonitor, ServiceMonitor, Probe - and PrometheusRule objects to be excluded from enforcing a namespace - label of origin. \n It is only applicable if `spec.enforcedNamespaceLabel` - set to true." - items: - description: - ObjectReference references a PodMonitor, ServiceMonitor, - Probe or PrometheusRule object. - properties: - group: - default: monitoring.coreos.com - description: - Group of the referent. When not specified, it defaults - to `monitoring.coreos.com` - enum: - - monitoring.coreos.com - type: string - name: - description: - Name of the referent. When not set, all resources - in the namespace are matched. - type: string - namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - minLength: 1 - type: string - resource: - description: Resource of the referent. - enum: - - prometheusrules - - servicemonitors - - podmonitors - - probes - - scrapeconfigs - type: string - required: - - namespace - - resource - type: object - type: array - exemplars: - description: - Exemplars related settings that are runtime reloadable. - It requires to enable the `exemplar-storage` feature flag to be - effective. - properties: - maxSize: - description: - "Maximum number of exemplars stored in memory for - all series. \n exemplar-storage itself must be enabled using - the `spec.enableFeature` option for exemplars to be scraped - in the first place. \n If not set, Prometheus uses its default - value. A value of zero or less than zero disables the storage." - format: int64 - type: integer - type: object - externalLabels: - additionalProperties: - type: string - description: - The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). - Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` - take precedence over this list. - type: object - externalUrl: - description: - The external URL under which the Prometheus service is - externally available. This is necessary to generate correct URLs - (for instance if Prometheus is accessible behind an Ingress resource). - type: string - hostAliases: - description: - Optional list of hosts and IPs that will be injected - into the Pod's hosts file if specified. - items: - description: - HostAlias holds the mapping between IP and hostnames - that will be injected as an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - required: - - hostnames - - ip - type: object - type: array - x-kubernetes-list-map-keys: - - ip - x-kubernetes-list-type: map - hostNetwork: - description: - "Use the host's network namespace if true. \n Make sure - to understand the security implications if you want to enable it - (https://kubernetes.io/docs/concepts/configuration/overview/). \n - When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` - automatically." - type: boolean - ignoreNamespaceSelectors: - description: - When true, `spec.namespaceSelector` from all PodMonitor, - ServiceMonitor and Probe objects will be ignored. They will only - discover targets within the namespace of the PodMonitor, ServiceMonitor - and Probe object. - type: boolean - image: - description: - "Container image name for Prometheus. If specified, it - takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` - fields. \n Specifying `spec.version` is still necessary to ensure - the Prometheus Operator knows which version of Prometheus is being - configured. \n If neither `spec.image` nor `spec.baseImage` are - defined, the operator will use the latest upstream version of Prometheus - available at the time when the operator was released." - type: string - imagePullPolicy: - description: - Image pull policy for the 'prometheus', 'init-config-reloader' - and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy - for more details. - enum: - - "" - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - description: - An optional list of references to Secrets in the same - namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: - LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - x-kubernetes-map-type: atomic - type: array - initContainers: - description: - "InitContainers allows injecting initContainers to the - Pod definition. Those can be used to e.g. fetch secrets for injection - into the Prometheus configuration from external sources. Any errors - during the execution of an initContainer will lead to a restart - of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - InitContainers described here modify an operator generated init - containers if they share the same name and modifications are done - via a strategic merge patch. \n The names of init container name - managed by the operator are: * `init-config-reloader`. \n Overriding - init containers is entirely outside the scope of what the maintainers - will support and by doing so, you accept that this behaviour may - break at any time without notice." - items: - description: - A single application container that you want to run - within a pod. - properties: - args: - description: - 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: - 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: - List of environment variables to set in the container. - Cannot be updated. - items: - description: - EnvVar represents an environment variable present - in a Container. - properties: - name: - description: - Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: - 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: - "Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['']`, - `metadata.annotations['']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs." - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: - "Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported." - properties: - containerName: - description: - "Container name: required for volumes, - optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace - properties: - key: - description: - The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: - List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: - EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: - An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: - "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: - "Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: - Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: - "PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: - "PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod's termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod's termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: - "Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: - Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: - "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: - TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: - "Optional: Host name to connect to, defaults - to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: - List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: - ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: - Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: - Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: - If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: - "Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: - Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: - "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: - TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: - "Optional: Host name to connect to, defaults - to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: - ContainerResizePolicy represents resource resize - policy for the container. - properties: - resourceName: - description: - "Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory." - type: string - restartPolicy: - description: - Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: - "Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - properties: - claims: - description: - "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: - Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - restartPolicy: - description: - 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' - type: string - securityContext: - description: - "SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: - "AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows." - type: boolean - capabilities: - description: - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: - Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: - procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: - Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: - The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: - Level is SELinux level label that applies - to the container. - type: string - role: - description: - Role is a SELinux role label that applies - to the container. - type: string - type: - description: - Type is a SELinux type label that applies - to the container. - type: string - user: - description: - User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: - localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: - "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: - The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: - HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: - "StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod's lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: - Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: - "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: - The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: - TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: - "Optional: Host name to connect to, defaults - to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: - Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: - Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: - "Optional: Path at which the file to which the - container's termination message will be written is mounted - into the container's filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: - Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: - Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: - volumeDevices is the list of block devices to be - used by the container. - items: - description: - volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: - devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: - name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: - VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: - Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: - mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: - Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: - Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: - Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: - Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - keepDroppedTargets: - description: - "Per-scrape limit on the number of targets dropped by - relabeling that will be kept in memory. 0 means no limit. \n It - requires Prometheus >= v2.47.0." - format: int64 - type: integer - labelLimit: - description: - Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.45.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: - Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.45.0 - and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: - Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.45.0 - and newer. - format: int64 - type: integer - listenLocal: - description: - When true, the Prometheus server listens on the loopback - address instead of the Pod IP's address. - type: boolean - logFormat: - description: - Log format for Log level for Prometheus and the config-reloader - sidecar. - enum: - - "" - - logfmt - - json - type: string - logLevel: - description: Log level for Prometheus and the config-reloader sidecar. - enum: - - "" - - debug - - info - - warn - - error - type: string - minReadySeconds: - description: - "Minimum number of seconds for which a newly created - Pod should be ready without any of its container crashing for it - to be considered available. Defaults to 0 (pod will be considered - available as soon as it is ready) \n This is an alpha field from - kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds - feature gate." - format: int32 - type: integer - nodeSelector: - additionalProperties: - type: string - description: Defines on which Nodes the Pods are scheduled. - type: object - overrideHonorLabels: - description: - When true, Prometheus resolves label conflicts by renaming - the labels in the scraped data to "exported_