Prometheus defines a Prometheus deployment.
object
spec
Property | Type | Description |
---|---|---|
|
|
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
|
Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
|
|
Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
object
Property | Type | Description |
---|---|---|
|
|
AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. |
|
|
AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade. |
|
|
AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade. |
|
|
If specified, the pod’s scheduling constraints. |
|
|
Define details regarding alerting. |
|
|
APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. |
|
|
ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files. |
|
|
Base image to use for a Prometheus deployment. |
|
|
ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/<configmap-name>. |
|
|
Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: |
|
|
A single application container that you want to run within a pod. |
|
|
Disable prometheus compaction. |
|
|
Enable access to prometheus web admin API. Defaults to the value of |
|
|
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. |
|
|
Interval between consecutive evaluations. |
|
|
The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). |
|
|
The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. |
|
|
IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor configs, and they will only discover endpoints within their current namespace. Defaults to false. |
|
|
Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. |
|
|
An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod |
|
|
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. |
|
|
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. |
|
|
A single application container that you want to run within a pod. |
|
|
ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. |
|
|
Log format for Prometheus to be configured with. |
|
|
Log level for Prometheus to be configured with. |
|
|
Define which Nodes the Pods are scheduled on. |
|
|
OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor to true, this overrides honor_labels to false. |
|
|
OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. |
|
|
When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. |
|
|
Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. |
|
|
Namespaces to be selected for PodMonitor discovery. If nil, only check own namespace. |
|
|
Experimental PodMonitors to be selected for target discovery. |
|
|
Port name used for the pods and governing service. This defaults to web |
|
|
Priority class assigned to the Pods |
|
|
Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of |
|
|
QuerySpec defines the query command line flags when starting Prometheus. |
|
|
If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way. |
|
|
RemoteReadSpec defines the remote_read configuration for prometheus. |
|
|
If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way. |
|
|
RemoteWriteSpec defines the remote_write configuration for prometheus. |
|
|
Name of Prometheus external label used to denote replica name. Defaults to the value of |
|
|
Number of instances to deploy for a Prometheus deployment. |
|
|
Define resources requests and limits for single Pods. |
|
|
Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression |
|
|
Maximum amount of disk space used by blocks. |
|
|
The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with |
|
|
Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used. |
|
|
A selector to select which PrometheusRules to mount for loading alerting rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. |
|
|
/--rules.*/ command-line arguments. |
|
|
Interval between consecutive scrapes. |
|
|
Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/<secret-name>. |
|
|
SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. |
|
|
ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. |
|
|
Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace. |
|
|
ServiceMonitors to be selected for target discovery. |
|
|
SHA of Prometheus container image to be deployed. Defaults to the value of |
|
|
Storage spec to specify how storage shall be used. |
|
|
Tag of Prometheus container image to be deployed. Defaults to the value of |
|
|
Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. This section is experimental, it may change significantly without deprecation notice in any release. This is experimental and may change significantly without backward compatibility in any release. |
|
|
If specified, the pod’s tolerations. |
|
|
The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. |
|
|
Version of Prometheus to be deployed. |
|
|
Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. |
|
|
Volume represents a named volume in a pod that may be accessed by any container in the pod. |
|
|
Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus >= 2.11.0. |
AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
If specified, the pod's scheduling constraints.
object
Property | Type | Description |
---|---|---|
|
|
Describes node affinity scheduling rules for the pod. |
|
|
Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). |
|
|
Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). |
Describes node affinity scheduling rules for the pod.
object
Property | Type | Description |
---|---|---|
|
|
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. |
|
|
An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). |
|
|
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. |
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
array
An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
object
preference
weight
Property | Type | Description |
---|---|---|
|
|
A node selector term, associated with the corresponding weight. |
|
|
Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. |
A node selector term, associated with the corresponding weight.
object
Property | Type | Description |
---|---|---|
|
|
A list of node selector requirements by node’s labels. |
|
|
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
A list of node selector requirements by node’s fields. |
|
|
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
A list of node selector requirements by node's labels.
array
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
The label key that the selector applies to. |
|
|
Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
|
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
A list of node selector requirements by node's fields.
array
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
The label key that the selector applies to. |
|
|
Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
|
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
object
nodeSelectorTerms
Property | Type | Description |
---|---|---|
|
|
Required. A list of node selector terms. The terms are ORed. |
|
|
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. |
Required. A list of node selector terms. The terms are ORed.
array
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
object
Property | Type | Description |
---|---|---|
|
|
A list of node selector requirements by node’s labels. |
|
|
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
A list of node selector requirements by node’s fields. |
|
|
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
A list of node selector requirements by node's labels.
array
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
The label key that the selector applies to. |
|
|
Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
|
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
A list of node selector requirements by node's fields.
array
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
The label key that the selector applies to. |
|
|
Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
|
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
object
Property | Type | Description |
---|---|---|
|
|
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. |
|
|
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) |
|
|
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. |
|
|
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running |
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
array
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
object
podAffinityTerm
weight
Property | Type | Description |
---|---|---|
|
|
Required. A pod affinity term, associated with the corresponding weight. |
|
|
weight associated with matching the corresponding podAffinityTerm, in the range 1-100. |
Required. A pod affinity term, associated with the corresponding weight.
object
topologyKey
Property | Type | Description |
---|---|---|
|
|
A label query over a set of resources, in this case pods. |
|
|
namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace" |
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
A label query over a set of resources, in this case pods.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
array
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
object
topologyKey
Property | Type | Description |
---|---|---|
|
|
A label query over a set of resources, in this case pods. |
|
|
namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace" |
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
A label query over a set of resources, in this case pods.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
object
Property | Type | Description |
---|---|---|
|
|
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. |
|
|
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) |
|
|
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. |
|
|
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running |
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
array
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
object
podAffinityTerm
weight
Property | Type | Description |
---|---|---|
|
|
Required. A pod affinity term, associated with the corresponding weight. |
|
|
weight associated with matching the corresponding podAffinityTerm, in the range 1-100. |
Required. A pod affinity term, associated with the corresponding weight.
object
topologyKey
Property | Type | Description |
---|---|---|
|
|
A label query over a set of resources, in this case pods. |
|
|
namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace" |
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
A label query over a set of resources, in this case pods.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
array
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
object
topologyKey
Property | Type | Description |
---|---|---|
|
|
A label query over a set of resources, in this case pods. |
|
|
namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace" |
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
A label query over a set of resources, in this case pods.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
Define details regarding alerting.
object
alertmanagers
Property | Type | Description |
---|---|---|
|
|
AlertmanagerEndpoints Prometheus should fire alerts against. |
|
|
AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. |
AlertmanagerEndpoints Prometheus should fire alerts against.
array
AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against.
object
name
namespace
port
Property | Type | Description |
---|---|---|
|
|
Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". |
|
|
BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. |
|
|
Name of Endpoints object in Namespace. |
|
|
Namespace of Endpoints object. |
|
|
Prefix for the HTTP path alerts are pushed to. |
|
|
Port the Alertmanager API is exposed on. |
|
|
Scheme to use when firing alerts. |
|
|
TLS Config to use for alertmanager connection. |
TLS Config to use for alertmanager connection.
object
Property | Type | Description |
---|---|---|
|
|
Stuct containing the CA cert to use for the targets. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Struct containing the client cert file for the targets. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Stuct containing the CA cert to use for the targets.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Struct containing the client cert file for the targets.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
object
host
Property | Type | Description |
---|---|---|
|
|
BasicAuth allow an endpoint to authenticate over basic authentication |
|
|
Bearer token for accessing apiserver. |
|
|
File to read bearer token for accessing apiserver. |
|
|
Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number |
|
|
TLS Config to use for accessing apiserver. |
BasicAuth allow an endpoint to authenticate over basic authentication
object
Property | Type | Description |
---|---|---|
|
|
The secret in the service monitor namespace that contains the password for authentication. |
|
|
The secret in the service monitor namespace that contains the username for authentication. |
The secret in the service monitor namespace that contains the password for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
The secret in the service monitor namespace that contains the username for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
TLS Config to use for accessing apiserver.
object
Property | Type | Description |
---|---|---|
|
|
Stuct containing the CA cert to use for the targets. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Struct containing the client cert file for the targets. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Stuct containing the CA cert to use for the targets.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Struct containing the client cert file for the targets.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files.
object
Property | Type | Description |
---|---|---|
|
|
Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
array
A single application container that you want to run within a pod.
object
name
Property | Type | Description |
---|---|---|
|
|
Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
|
|
Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
|
|
List of environment variables to set in the container. Cannot be updated. |
|
|
EnvVar represents an environment variable present in a Container. |
|
|
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. |
|
|
EnvFromSource represents the source of a set of ConfigMaps |
|
|
Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. |
|
|
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
|
|
Actions that the management system should take in response to container lifecycle events. Cannot be updated. |
|
|
Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. |
|
|
List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. |
|
|
ContainerPort represents a network port in a single container. |
|
|
Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
|
|
Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
|
|
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. |
|
|
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false |
|
|
Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. |
|
|
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. |
|
|
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. |
|
|
volumeDevices is the list of block devices to be used by the container. This is a beta feature. |
|
|
volumeDevice describes a mapping of a raw block device within a container. |
|
|
Pod volumes to mount into the container’s filesystem. Cannot be updated. |
|
|
VolumeMount describes a mounting of a Volume within a container. |
|
|
Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated. |
List of environment variables to set in the container. Cannot be updated.
array
EnvVar represents an environment variable present in a Container.
object
name
Property | Type | Description |
---|---|---|
|
|
Name of the environment variable. Must be a C_IDENTIFIER. |
|
|
Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". |
|
|
Source for the environment variable’s value. Cannot be used if value is not empty. |
Source for the environment variable's value. Cannot be used if value is not empty.
object
Property | Type | Description |
---|---|---|
|
|
Selects a key of a ConfigMap. |
|
|
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP. |
|
|
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. |
|
|
Selects a key of a secret in the pod’s namespace |
Selects a key of a ConfigMap.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.
object
fieldPath
Property | Type | Description |
---|---|---|
|
|
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
|
|
Path of the field to select in the specified API version. |
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
object
resource
Property | Type | Description |
---|---|---|
|
|
Container name: required for volumes, optional for env vars |
|
|
Specifies the output format of the exposed resources, defaults to "1" |
|
|
Required: resource to select |
Selects a key of a secret in the pod's namespace
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
array
EnvFromSource represents the source of a set of ConfigMaps
object
Property | Type | Description |
---|---|---|
|
|
The ConfigMap to select from |
|
|
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. |
|
|
The Secret to select from |
The ConfigMap to select from
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap must be defined |
The Secret to select from
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret must be defined |
Actions that the management system should take in response to container lifecycle events. Cannot be updated.
object
Property | Type | Description |
---|---|---|
|
|
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |
|
|
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
HTTPGet specifies the http request to perform. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
HTTPGet specifies the http request to perform. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
array
ContainerPort represents a network port in a single container.
object
containerPort
Property | Type | Description |
---|---|---|
|
|
Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536. |
|
|
What host IP to bind the external port to. |
|
|
Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. |
|
|
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. |
|
|
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". |
Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
object
Property | Type | Description |
---|---|---|
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
object
Property | Type | Description |
---|---|---|
|
|
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN |
|
|
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. |
|
|
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. |
|
|
procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. |
|
|
Whether this container has a read-only root filesystem. Default is false. |
|
|
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
object
Property | Type | Description |
---|---|---|
|
|
Added capabilities |
|
|
Removed capabilities |
The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
object
Property | Type | Description |
---|---|---|
|
|
Level is SELinux level label that applies to the container. |
|
|
Role is a SELinux role label that applies to the container. |
|
|
Type is a SELinux type label that applies to the container. |
|
|
User is a SELinux user label that applies to the container. |
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
object
Property | Type | Description |
---|---|---|
|
|
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. |
|
|
GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. |
|
|
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. |
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
volumeDevices is the list of block devices to be used by the container. This is a beta feature.
array
volumeDevice describes a mapping of a raw block device within a container.
object
devicePath
name
Property | Type | Description |
---|---|---|
|
|
devicePath is the path inside of the container that the device will be mapped to. |
|
|
name must match the name of a persistentVolumeClaim in the pod |
Pod volumes to mount into the container's filesystem. Cannot be updated.
array
VolumeMount describes a mounting of a Volume within a container.
object
mountPath
name
Property | Type | Description |
---|---|---|
|
|
Path within the container at which the volume should be mounted. Must not contain ':'. |
|
|
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. |
|
|
This must match the Name of a Volume. |
|
|
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. |
|
|
Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root). |
|
|
Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15. |
An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
array
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
array
A single application container that you want to run within a pod.
object
name
Property | Type | Description |
---|---|---|
|
|
Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
|
|
Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
|
|
List of environment variables to set in the container. Cannot be updated. |
|
|
EnvVar represents an environment variable present in a Container. |
|
|
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. |
|
|
EnvFromSource represents the source of a set of ConfigMaps |
|
|
Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. |
|
|
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
|
|
Actions that the management system should take in response to container lifecycle events. Cannot be updated. |
|
|
Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. |
|
|
List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. |
|
|
ContainerPort represents a network port in a single container. |
|
|
Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
|
|
Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
|
|
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. |
|
|
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false |
|
|
Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. |
|
|
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. |
|
|
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. |
|
|
volumeDevices is the list of block devices to be used by the container. This is a beta feature. |
|
|
volumeDevice describes a mapping of a raw block device within a container. |
|
|
Pod volumes to mount into the container’s filesystem. Cannot be updated. |
|
|
VolumeMount describes a mounting of a Volume within a container. |
|
|
Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated. |
List of environment variables to set in the container. Cannot be updated.
array
EnvVar represents an environment variable present in a Container.
object
name
Property | Type | Description |
---|---|---|
|
|
Name of the environment variable. Must be a C_IDENTIFIER. |
|
|
Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". |
|
|
Source for the environment variable’s value. Cannot be used if value is not empty. |
Source for the environment variable's value. Cannot be used if value is not empty.
object
Property | Type | Description |
---|---|---|
|
|
Selects a key of a ConfigMap. |
|
|
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP. |
|
|
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. |
|
|
Selects a key of a secret in the pod’s namespace |
Selects a key of a ConfigMap.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.
object
fieldPath
Property | Type | Description |
---|---|---|
|
|
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
|
|
Path of the field to select in the specified API version. |
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
object
resource
Property | Type | Description |
---|---|---|
|
|
Container name: required for volumes, optional for env vars |
|
|
Specifies the output format of the exposed resources, defaults to "1" |
|
|
Required: resource to select |
Selects a key of a secret in the pod's namespace
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
array
EnvFromSource represents the source of a set of ConfigMaps
object
Property | Type | Description |
---|---|---|
|
|
The ConfigMap to select from |
|
|
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. |
|
|
The Secret to select from |
The ConfigMap to select from
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap must be defined |
The Secret to select from
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret must be defined |
Actions that the management system should take in response to container lifecycle events. Cannot be updated.
object
Property | Type | Description |
---|---|---|
|
|
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |
|
|
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
HTTPGet specifies the http request to perform. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
HTTPGet specifies the http request to perform. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
array
ContainerPort represents a network port in a single container.
object
containerPort
Property | Type | Description |
---|---|---|
|
|
Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536. |
|
|
What host IP to bind the external port to. |
|
|
Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. |
|
|
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. |
|
|
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". |
Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
object
Property | Type | Description |
---|---|---|
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
object
Property | Type | Description |
---|---|---|
|
|
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN |
|
|
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. |
|
|
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. |
|
|
procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. |
|
|
Whether this container has a read-only root filesystem. Default is false. |
|
|
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
object
Property | Type | Description |
---|---|---|
|
|
Added capabilities |
|
|
Removed capabilities |
The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
object
Property | Type | Description |
---|---|---|
|
|
Level is SELinux level label that applies to the container. |
|
|
Role is a SELinux role label that applies to the container. |
|
|
Type is a SELinux type label that applies to the container. |
|
|
User is a SELinux user label that applies to the container. |
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
object
Property | Type | Description |
---|---|---|
|
|
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. |
|
|
GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. |
|
|
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. |
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
object
Property | Type | Description |
---|---|---|
|
|
One and only one of the following should be specified. Exec specifies the action to take. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
|
HTTPGet specifies the http request to perform. |
|
|
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
|
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
|
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. |
|
|
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook |
|
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
One and only one of the following should be specified. Exec specifies the action to take.
object
Property | Type | Description |
---|---|---|
|
|
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('|', etc) won’t work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGet specifies the http request to perform.
object
port
Property | Type | Description |
---|---|---|
|
|
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. |
|
|
Custom headers to set in the request. HTTP allows repeated headers. |
|
|
HTTPHeader describes a custom header to be used in HTTP probes |
|
|
Path to access on the HTTP server. |
|
|
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
|
|
Scheme to use for connecting to the host. Defaults to HTTP. |
Custom headers to set in the request. HTTP allows repeated headers.
array
HTTPHeader describes a custom header to be used in HTTP probes
object
name
value
Property | Type | Description |
---|---|---|
|
|
The header field name |
|
|
The header field value |
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook
object
port
Property | Type | Description |
---|---|---|
|
|
Optional: Host name to connect to, defaults to the pod IP. |
|
|
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. |
volumeDevices is the list of block devices to be used by the container. This is a beta feature.
array
volumeDevice describes a mapping of a raw block device within a container.
object
devicePath
name
Property | Type | Description |
---|---|---|
|
|
devicePath is the path inside of the container that the device will be mapped to. |
|
|
name must match the name of a persistentVolumeClaim in the pod |
Pod volumes to mount into the container's filesystem. Cannot be updated.
array
VolumeMount describes a mounting of a Volume within a container.
object
mountPath
name
Property | Type | Description |
---|---|---|
|
|
Path within the container at which the volume should be mounted. Must not contain ':'. |
|
|
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. |
|
|
This must match the Name of a Volume. |
|
|
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. |
|
|
Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root). |
|
|
Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15. |
Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods.
object
Namespaces to be selected for PodMonitor discovery. If nil, only check own namespace.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
Experimental PodMonitors to be selected for target discovery.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
QuerySpec defines the query command line flags when starting Prometheus.
object
Property | Type | Description |
---|---|---|
|
|
The delta difference allowed for retrieving metrics during expression evaluations. |
|
|
Number of concurrent queries that can be run at once. |
|
|
Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. |
|
|
Maximum time a query may take before being aborted. |
If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way.
array
RemoteReadSpec defines the remote_read configuration for prometheus.
object
url
Property | Type | Description |
---|---|---|
|
|
BasicAuth for the URL. |
|
|
bearer token for remote read. |
|
|
File to read bearer token for remote read. |
|
|
Optional ProxyURL |
|
|
Whether reads should be made for queries for time ranges that the local storage should have complete data for. |
|
|
Timeout for requests to the remote read endpoint. |
|
|
An optional list of equality matchers which have to be present in a selector to query the remote read endpoint. |
|
|
TLS Config to use for remote read. |
|
|
The URL of the endpoint to send samples to. |
BasicAuth for the URL.
object
Property | Type | Description |
---|---|---|
|
|
The secret in the service monitor namespace that contains the password for authentication. |
|
|
The secret in the service monitor namespace that contains the username for authentication. |
The secret in the service monitor namespace that contains the password for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
The secret in the service monitor namespace that contains the username for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
TLS Config to use for remote read.
object
Property | Type | Description |
---|---|---|
|
|
Stuct containing the CA cert to use for the targets. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Struct containing the client cert file for the targets. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Stuct containing the CA cert to use for the targets.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Struct containing the client cert file for the targets.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way.
array
RemoteWriteSpec defines the remote_write configuration for prometheus.
object
url
Property | Type | Description |
---|---|---|
|
|
BasicAuth for the URL. |
|
|
File to read bearer token for remote write. |
|
|
File to read bearer token for remote write. |
|
|
Optional ProxyURL |
|
|
QueueConfig allows tuning of the remote write queue parameters. |
|
|
Timeout for requests to the remote write endpoint. |
|
|
TLS Config to use for remote write. |
|
|
The URL of the endpoint to send samples to. |
|
|
The list of remote write relabel configurations. |
|
|
RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines |
BasicAuth for the URL.
object
Property | Type | Description |
---|---|---|
|
|
The secret in the service monitor namespace that contains the password for authentication. |
|
|
The secret in the service monitor namespace that contains the username for authentication. |
The secret in the service monitor namespace that contains the password for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
The secret in the service monitor namespace that contains the username for authentication.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
QueueConfig allows tuning of the remote write queue parameters.
object
Property | Type | Description |
---|---|---|
|
|
BatchSendDeadline is the maximum time a sample will wait in buffer. |
|
|
Capacity is the number of samples to buffer per shard before we start dropping them. |
|
|
MaxBackoff is the maximum retry delay. |
|
|
MaxRetries is the maximum number of times to retry a batch on recoverable errors. |
|
|
MaxSamplesPerSend is the maximum number of samples per send. |
|
|
MaxShards is the maximum number of shards, i.e. amount of concurrency. |
|
|
MinBackoff is the initial retry delay. Gets doubled for every retry. |
|
|
MinShards is the minimum number of shards, i.e. amount of concurrency. |
TLS Config to use for remote write.
object
Property | Type | Description |
---|---|---|
|
|
Stuct containing the CA cert to use for the targets. |
|
|
Path to the CA cert in the Prometheus container to use for the targets. |
|
|
Struct containing the client cert file for the targets. |
|
|
Path to the client cert file in the Prometheus container for the targets. |
|
|
Disable target certificate validation. |
|
|
Path to the client key file in the Prometheus container for the targets. |
|
|
Secret containing the client key file for the targets. |
|
|
Used to verify the hostname for the targets. |
Stuct containing the CA cert to use for the targets.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Struct containing the client cert file for the targets.
object
Property | Type | Description |
---|---|---|
|
|
ConfigMap containing data to use for the targets. |
|
|
Secret containing data to use for the targets. |
ConfigMap containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key to select. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its key must be defined |
Secret containing data to use for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Secret containing the client key file for the targets.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
The list of remote write relabel configurations.
array
RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
object
Property | Type | Description |
---|---|---|
|
|
Action to perform based on regex matching. Default is 'replace' |
|
|
Modulus to take of the hash of the source label values. |
|
|
Regular expression against which the extracted value is matched. Default is '(.*)' |
|
|
Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' |
|
|
Separator placed between concatenated source label values. default is ';'. |
|
|
The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. |
|
|
Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. |
Define resources requests and limits for single Pods.
object
Property | Type | Description |
---|---|---|
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
A selector to select which PrometheusRules to mount for loading alerting rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
/--rules.*/ command-line arguments.
object
Property | Type | Description |
---|---|---|
|
|
/--rules.alert.*/ command-line arguments |
/--rules.alert.*/ command-line arguments
object
Property | Type | Description |
---|---|---|
|
|
Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period. |
|
|
Max time to tolerate prometheus outage for restoring 'for' state of alert. |
|
|
Minimum amount of time to wait before resending an alert to Alertmanager. |
SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
object
Property | Type | Description |
---|---|---|
|
|
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. |
|
|
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. |
|
|
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
|
|
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. |
|
|
The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. |
|
|
A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container. |
|
|
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. |
|
|
Sysctl defines a kernel parameter to be set |
|
|
The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
object
Property | Type | Description |
---|---|---|
|
|
Level is SELinux level label that applies to the container. |
|
|
Role is a SELinux role label that applies to the container. |
|
|
Type is a SELinux type label that applies to the container. |
|
|
User is a SELinux user label that applies to the container. |
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.
array
Sysctl defines a kernel parameter to be set
object
name
value
Property | Type | Description |
---|---|---|
|
|
Name of a property to set |
|
|
Value of a property to set |
The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
object
Property | Type | Description |
---|---|---|
|
|
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. |
|
|
GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. |
|
|
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. |
Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
ServiceMonitors to be selected for target discovery.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
Storage spec to specify how storage shall be used.
object
Property | Type | Description |
---|---|---|
|
|
EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir |
|
|
A PVC spec to be used by the Prometheus StatefulSets. |
EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
object
Property | Type | Description |
---|---|---|
|
|
What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |
|
|
Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir |
A PVC spec to be used by the Prometheus StatefulSets.
object
Property | Type | Description |
---|---|---|
|
|
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
|
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims |
|
|
Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims |
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
object
Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
object
Property | Type | Description |
---|---|---|
|
|
AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 |
|
|
This field requires the VolumeSnapshotDataSource alpha feature gate to be enabled and currently VolumeSnapshot is the only supported data source. If the provisioner can support VolumeSnapshot data source, it will create a new volume and data will be restored to the volume at the same time. If the provisioner does not support VolumeSnapshot data source, volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change. |
|
|
Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources |
|
|
A label query over volumes to consider for binding. |
|
|
Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 |
|
|
volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature. |
|
|
VolumeName is the binding reference to the PersistentVolume backing this claim. |
This field requires the VolumeSnapshotDataSource alpha feature gate to be enabled and currently VolumeSnapshot is the only supported data source. If the provisioner can support VolumeSnapshot data source, it will create a new volume and data will be restored to the volume at the same time. If the provisioner does not support VolumeSnapshot data source, volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.
object
kind
name
Property | Type | Description |
---|---|---|
|
|
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. |
|
|
Kind is the type of resource being referenced |
|
|
Name is the name of resource being referenced |
Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
object
Property | Type | Description |
---|---|---|
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
A label query over volumes to consider for binding.
object
Property | Type | Description |
---|---|---|
|
|
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
|
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
array
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
object
key
operator
Property | Type | Description |
---|---|---|
|
|
key is the label key that the selector applies to. |
|
|
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
|
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
object
Property | Type | Description |
---|---|---|
|
|
AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 |
|
|
Represents the actual resources of the underlying volume. |
|
|
Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. |
|
|
PersistentVolumeClaimCondition contails details about state of pvc |
|
|
Phase represents the current phase of PersistentVolumeClaim. |
Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
array
PersistentVolumeClaimCondition contails details about state of pvc
object
status
type
Property | Type | Description |
---|---|---|
|
|
Last time we probed the condition. |
|
|
Last time the condition transitioned from one status to another. |
|
|
Human-readable message indicating details about last transition. |
|
|
Unique, this should be a short, machine understandable string that gives the reason for condition’s last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. |
|
|
|
|
|
PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type |
Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. This section is experimental, it may change significantly without deprecation notice in any release. This is experimental and may change significantly without backward compatibility in any release.
object
Property | Type | Description |
---|---|---|
|
|
Thanos base image if other than default. |
|
|
Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured. |
|
|
ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP. |
|
|
ObjectStorageConfig configures object storage in Thanos. |
|
|
Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set |
|
|
SHA of Thanos container image to be deployed. Defaults to the value of |
|
|
Tag of Thanos sidecar container image to be deployed. Defaults to the value of |
|
|
Version describes the version of Thanos to use. |
ObjectStorageConfig configures object storage in Thanos.
object
key
Property | Type | Description |
---|---|---|
|
|
The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set
object
Property | Type | Description |
---|---|---|
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
If specified, the pod's tolerations.
array
The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
object
Property | Type | Description |
---|---|---|
|
|
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. |
|
|
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. |
|
|
Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. |
|
|
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. |
|
|
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. |
Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
array
Volume represents a named volume in a pod that may be accessed by any container in the pod.
object
name
Property | Type | Description |
---|---|---|
|
|
AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
|
|
AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. |
|
|
AzureFile represents an Azure File Service mount on the host and bind mount to the pod. |
|
|
CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime |
|
|
Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md |
|
|
ConfigMap represents a configMap that should populate this volume |
|
|
CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). |
|
|
DownwardAPI represents downward API about the pod that should populate this volume |
|
|
EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |
|
|
FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod. |
|
|
FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. |
|
|
Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running |
|
|
GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
|
|
GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container. |
|
|
Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md |
|
|
HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. |
|
|
ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md |
|
|
Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
|
NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs |
|
|
PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims |
|
|
PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine |
|
|
PortworxVolume represents a portworx volume attached and mounted on kubelets host machine |
|
|
Items for all in one resources secrets, configmaps, and downward API |
|
|
Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime |
|
|
RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md |
|
|
ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. |
|
|
Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret |
|
|
StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. |
|
|
VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine |
AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
object
volumeID
Property | Type | Description |
---|---|---|
|
|
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). |
|
|
Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
|
|
Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
object
diskName
diskURI
Property | Type | Description |
---|---|---|
|
|
Host Caching mode: None, Read Only, Read Write. |
|
|
The Name of the data disk in the blob storage |
|
|
The URI the data disk in the blob storage |
|
|
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared |
|
|
Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
object
secretName
shareName
Property | Type | Description |
---|---|---|
|
|
Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
the name of secret that contains Azure Storage Account Name and Key |
|
|
Share Name |
CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
object
monitors
Property | Type | Description |
---|---|---|
|
|
Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it |
|
|
Optional: Used as the mounted root, rather than the full Ceph tree, default is / |
|
|
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it |
|
|
Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it |
|
|
Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it |
|
|
Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it |
Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
object
volumeID
Property | Type | Description |
---|---|---|
|
|
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md |
|
|
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md |
|
|
Optional: points to a secret object containing parameters used to connect to OpenStack. |
|
|
volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md |
Optional: points to a secret object containing parameters used to connect to OpenStack.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
ConfigMap represents a configMap that should populate this volume
object
Property | Type | Description |
---|---|---|
|
|
Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. |
|
|
Maps a string key to a path within a volume. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its keys must be defined |
If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
array
Maps a string key to a path within a volume.
object
key
path
Property | Type | Description |
---|---|---|
|
|
The key to project. |
|
|
Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. |
CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).
object
driver
Property | Type | Description |
---|---|---|
|
|
Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. |
|
|
Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. |
|
|
NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. |
|
|
Specifies a read-only configuration for the volume. Defaults to false (read/write). |
|
|
VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values. |
NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
DownwardAPI represents downward API about the pod that should populate this volume
object
Property | Type | Description |
---|---|---|
|
|
Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
Items is a list of downward API volume file |
|
|
DownwardAPIVolumeFile represents information to create the file containing the pod field |
Items is a list of downward API volume file
array
DownwardAPIVolumeFile represents information to create the file containing the pod field
object
path
Property | Type | Description |
---|---|---|
|
|
Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. |
|
|
Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' |
|
|
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. |
Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
object
fieldPath
Property | Type | Description |
---|---|---|
|
|
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
|
|
Path of the field to select in the specified API version. |
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
object
resource
Property | Type | Description |
---|---|---|
|
|
Container name: required for volumes, optional for env vars |
|
|
Specifies the output format of the exposed resources, defaults to "1" |
|
|
Required: resource to select |
EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
object
Property | Type | Description |
---|---|---|
|
|
What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |
|
|
Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir |
FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
object
Property | Type | Description |
---|---|---|
|
|
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
Optional: FC target lun number |
|
|
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
Optional: FC target worldwide names (WWNs) |
|
|
Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. |
FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
object
driver
Property | Type | Description |
---|---|---|
|
|
Driver is the name of the driver to use for this volume. |
|
|
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. |
|
|
Optional: Extra command options if any. |
|
|
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. |
Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
object
Property | Type | Description |
---|---|---|
|
|
Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated |
|
|
UUID of the dataset. This is unique identifier of a Flocker dataset |
GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
object
pdName
Property | Type | Description |
---|---|---|
|
|
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
|
|
Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
|
|
ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
object
repository
Property | Type | Description |
---|---|---|
|
|
Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. |
|
|
Repository URL |
|
|
Commit hash for the specified revision. |
Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
object
endpoints
path
Property | Type | Description |
---|---|---|
|
|
EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod |
|
|
Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod |
|
|
ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod |
HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
object
path
Property | Type | Description |
---|---|---|
|
|
Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
|
|
Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
object
iqn
lun
targetPortal
Property | Type | Description |
---|---|---|
|
|
whether support iSCSI Discovery CHAP authentication |
|
|
whether support iSCSI Session CHAP authentication |
|
|
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. |
|
|
Target iSCSI Qualified Name. |
|
|
iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). |
|
|
iSCSI Target Lun number. |
|
|
iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). |
|
|
ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. |
|
|
CHAP Secret for iSCSI target and initiator authentication |
|
|
iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). |
CHAP Secret for iSCSI target and initiator authentication
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
object
path
server
Property | Type | Description |
---|---|---|
|
|
Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs |
|
|
ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs |
|
|
Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs |
PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
object
claimName
Property | Type | Description |
---|---|---|
|
|
ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims |
|
|
Will force the ReadOnly setting in VolumeMounts. Default false. |
PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
object
pdID
Property | Type | Description |
---|---|---|
|
|
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
ID that identifies Photon Controller persistent disk |
PortworxVolume represents a portworx volume attached and mounted on kubelets host machine
object
volumeID
Property | Type | Description |
---|---|---|
|
|
FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
VolumeID uniquely identifies a Portworx volume |
Items for all in one resources secrets, configmaps, and downward API
object
sources
Property | Type | Description |
---|---|---|
|
|
Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
list of volume projections |
|
|
Projection that may be projected along with other supported volume types |
list of volume projections
array
Projection that may be projected along with other supported volume types
object
Property | Type | Description |
---|---|---|
|
|
information about the configMap data to project |
|
|
information about the downwardAPI data to project |
|
|
information about the secret data to project |
|
|
information about the serviceAccountToken data to project |
information about the configMap data to project
object
Property | Type | Description |
---|---|---|
|
|
If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. |
|
|
Maps a string key to a path within a volume. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the ConfigMap or its keys must be defined |
If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
array
Maps a string key to a path within a volume.
object
key
path
Property | Type | Description |
---|---|---|
|
|
The key to project. |
|
|
Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. |
information about the downwardAPI data to project
object
Property | Type | Description |
---|---|---|
|
|
Items is a list of DownwardAPIVolume file |
|
|
DownwardAPIVolumeFile represents information to create the file containing the pod field |
Items is a list of DownwardAPIVolume file
array
DownwardAPIVolumeFile represents information to create the file containing the pod field
object
path
Property | Type | Description |
---|---|---|
|
|
Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. |
|
|
Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' |
|
|
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. |
Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
object
fieldPath
Property | Type | Description |
---|---|---|
|
|
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
|
|
Path of the field to select in the specified API version. |
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
object
resource
Property | Type | Description |
---|---|---|
|
|
Container name: required for volumes, optional for env vars |
|
|
Specifies the output format of the exposed resources, defaults to "1" |
|
|
Required: resource to select |
information about the secret data to project
object
Property | Type | Description |
---|---|---|
|
|
If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. |
|
|
Maps a string key to a path within a volume. |
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
|
Specify whether the Secret or its key must be defined |
If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
array
Maps a string key to a path within a volume.
object
key
path
Property | Type | Description |
---|---|---|
|
|
The key to project. |
|
|
Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. |
information about the serviceAccountToken data to project
object
path
Property | Type | Description |
---|---|---|
|
|
Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. |
|
|
ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. |
|
|
Path is the path relative to the mount point of the file to project the token into. |
Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
object
registry
volume
Property | Type | Description |
---|---|---|
|
|
Group to map volume access to Default is no group |
|
|
ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. |
|
|
Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes |
|
|
Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin |
|
|
User to map volume access to Defaults to serivceaccount user |
|
|
Volume is a string that references an already created Quobyte volume by name. |
RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
object
image
monitors
Property | Type | Description |
---|---|---|
|
|
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine |
|
|
The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it |
|
|
Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it |
|
|
A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it |
|
|
The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it |
|
|
ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it |
|
|
SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it |
|
|
The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it |
SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
object
gateway
secretRef
system
Property | Type | Description |
---|---|---|
|
|
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". |
|
|
The host address of the ScaleIO API Gateway. |
|
|
The name of the ScaleIO Protection Domain for the configured storage. |
|
|
Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. |
|
|
Flag to enable/disable SSL communication with Gateway, default false |
|
|
Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. |
|
|
The ScaleIO Storage Pool associated with the protection domain. |
|
|
The name of the storage system as configured in ScaleIO. |
|
|
The name of a volume already created in the ScaleIO system that is associated with this volume source. |
SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
object
Property | Type | Description |
---|---|---|
|
|
Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. |
|
|
Maps a string key to a path within a volume. |
|
|
Specify whether the Secret or its keys must be defined |
|
|
Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret |
If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
array
Maps a string key to a path within a volume.
object
key
path
Property | Type | Description |
---|---|---|
|
|
The key to project. |
|
|
Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
|
|
The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. |
StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
object
Property | Type | Description |
---|---|---|
|
|
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. |
|
|
SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. |
|
|
VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. |
|
|
VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. |
SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
object
Property | Type | Description |
---|---|---|
|
|
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
object
volumePath
Property | Type | Description |
---|---|---|
|
|
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. |
|
|
Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. |
|
|
Storage Policy Based Management (SPBM) profile name. |
|
|
Path that identifies vSphere volume vmdk |
Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
object
availableReplicas
paused
replicas
unavailableReplicas
updatedReplicas
Property | Type | Description |
---|---|---|
|
|
Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. |
|
|
Represents whether any actions on the underlaying managed objects are being performed. Only delete actions will be performed. |
|
|
Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). |
|
|
Total number of unavailable pods targeted by this Prometheus deployment. |
|
|
Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. |
The following API endpoints are available:
/apis/monitoring.coreos.com/v1/prometheuses
GET
: list objects of kind Prometheus
/apis/monitoring.coreos.com/v1/namespaces/{namespace}/prometheuses
DELETE
: delete collection of Prometheus
GET
: list objects of kind Prometheus
POST
: create Prometheus
/apis/monitoring.coreos.com/v1/namespaces/{namespace}/prometheuses/{name}
DELETE
: delete Prometheus
GET
: read the specified Prometheus
PATCH
: partially update the specified Prometheus
PUT
: replace the specified Prometheus
Parameter | Type | Description |
---|---|---|
|
|
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. |
|
|
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
|
A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
|
A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
|
If 'true', then the output is pretty printed. |
|
|
When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv. |
|
|
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
|
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
GET
list objects of kind Prometheus
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
Parameter | Type | Description |
---|---|---|
|
|
object name and auth scope, such as for teams and projects |
Parameter | Type | Description |
---|---|---|
|
|
If 'true', then the output is pretty printed. |
DELETE
delete collection of Prometheus
Parameter | Type | Description |
---|---|---|
|
|
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. |
|
|
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
|
A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
|
A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
|
When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv. |
|
|
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
|
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
GET
list objects of kind Prometheus
Parameter | Type | Description |
---|---|---|
|
|
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. |
|
|
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
|
A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
|
A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
|
When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv. |
|
|
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
|
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
POST
create Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
Parameter | Type | Description |
---|---|---|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
Parameter | Type | Description |
---|---|---|
|
|
name of the Prometheus |
|
|
object name and auth scope, such as for teams and projects |
Parameter | Type | Description |
---|---|---|
|
|
If 'true', then the output is pretty printed. |
DELETE
delete Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. |
|
|
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. |
|
|
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. |
Parameter | Type | Description |
---|---|---|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
GET
read the specified Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When specified: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PATCH
partially update the specified Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
Parameter | Type | Description |
---|---|---|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PUT
replace the specified Prometheus
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
Parameter | Type | Description |
---|---|---|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
Empty |