From 4f1dc2f0c3e6bfb14aa914969f98cc8c9c082575 Mon Sep 17 00:00:00 2001 From: Mario Fernandez Herrero Date: Wed, 27 Sep 2023 11:34:13 +0200 Subject: [PATCH] fix: remove stripped down crds hack (#362) After enable operator-sdk gzip compression, stripped down crds hack is not needed anymore Signed-off-by: Mario Fernandez --- .../monitoring.rhobs_alertmanagerconfigs.yaml | 1926 +++++++ .../monitoring.rhobs_alertmanagers.yaml | 3786 ++++++++++++- .../monitoring.rhobs_podmonitors.yaml | 255 + bundle/manifests/monitoring.rhobs_probes.yaml | 264 + .../monitoring.rhobs_prometheusagents.yaml | 4264 ++++++++++++++- .../monitoring.rhobs_prometheuses.yaml | 4851 ++++++++++++++++- .../monitoring.rhobs_prometheusrules.yaml | 39 + .../monitoring.rhobs_scrapeconfigs.yaml | 132 + .../monitoring.rhobs_servicemonitors.yaml | 273 + .../monitoring.rhobs_thanosrulers.yaml | 3587 +++++++++++- ...bility-operator.clusterserviceversion.yaml | 2 +- deploy/dependencies/kustomization.yaml | 37 +- 12 files changed, 19372 insertions(+), 44 deletions(-) diff --git a/bundle/manifests/monitoring.rhobs_alertmanagerconfigs.yaml b/bundle/manifests/monitoring.rhobs_alertmanagerconfigs.yaml index 165dea39..4d6989f3 100644 --- a/bundle/manifests/monitoring.rhobs_alertmanagerconfigs.yaml +++ b/bundle/manifests/monitoring.rhobs_alertmanagerconfigs.yaml @@ -21,26 +21,51 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to + be aggregated across multiple namespaces configuring one Alertmanager cluster. properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: AlertmanagerConfigSpec is a specification of the desired + behavior of the Alertmanager configuration. By definition, the Alertmanager + configuration only applies to alerts for which the `namespace` label + is equal to the namespace of the AlertmanagerConfig resource. properties: inhibitRules: + description: List of inhibition rules. The rules will only apply to + alerts matching the resource's namespace. items: + description: InhibitRule defines an inhibition rule that allows + to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule properties: equal: + description: Labels that must have an equal value in the source + and target alert for the inhibition to take effect. items: type: string type: array sourceMatch: + description: Matchers for which one or more alerts have to exist + for the inhibition to take effect. The operator enforces that + the alert matches the resource's namespace. items: + description: Matcher defines how to match on alert's labels. properties: matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. enum: - '!=' - = @@ -48,20 +73,32 @@ spec: - '!~' type: string name: + description: Label to match. minLength: 1 type: string regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. type: boolean value: + description: Label value to match. type: string required: - name type: object type: array targetMatch: + description: Matchers that have to be fulfilled in the alerts + to be muted. The operator enforces that the alert matches + the resource's namespace. items: + description: Matcher defines how to match on alert's labels. properties: matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. enum: - '!=' - = @@ -69,11 +106,16 @@ spec: - '!~' type: string name: + description: Label to match. minLength: 1 type: string regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. type: boolean value: + description: Label value to match. type: string required: - name @@ -82,49 +124,80 @@ spec: type: object type: array muteTimeIntervals: + description: List of MuteTimeInterval specifying when the routes should + be muted. items: + description: MuteTimeInterval specifies the periods in time when + notifications will be muted properties: name: + description: Name of the time interval type: string timeIntervals: + description: TimeIntervals is a list of TimeInterval items: + description: TimeInterval describes intervals of time properties: daysOfMonth: + description: DaysOfMonth is a list of DayOfMonthRange items: + description: DayOfMonthRange is an inclusive range of + days of the month beginning at 1 properties: end: + description: End of the inclusive range maximum: 31 minimum: -31 type: integer start: + description: Start of the inclusive range maximum: 31 minimum: -31 type: integer type: object type: array months: + description: Months is a list of MonthRange items: + description: MonthRange is an inclusive range of months + of the year beginning in January Months can be specified + by name (e.g 'January') by numerical month (e.g '1') + or as an inclusive range (e.g 'January:March', '1:3', + '1:March') pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) type: string type: array times: + description: Times is a list of TimeRange items: + description: TimeRange defines a start and end time + in 24hr format properties: endTime: + description: EndTime is the end time in 24hr format. pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) type: string startTime: + description: StartTime is the start time in 24hr + format. pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) type: string type: object type: array weekdays: + description: Weekdays is a list of WeekdayRange items: + description: WeekdayRange is an inclusive range of days + of the week beginning on Sunday Days can be specified + by name (e.g 'Sunday') or as an inclusive range (e.g + 'Monday:Friday') pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) type: string type: array years: + description: Years is a list of YearRange items: + description: YearRange is an inclusive range of years pattern: ^2\d{3}(?::2\d{3}|$) type: string type: array @@ -133,46 +206,81 @@ spec: type: object type: array receivers: + description: List of receivers. items: + description: Receiver defines one or more notification integrations. properties: emailConfigs: + description: List of Email configurations. items: + description: EmailConfig configures notifications via Email. properties: authIdentity: + description: The identity to use for authentication. type: string authPassword: + description: The secret's key that contains the password + to use for authentication. The secret needs to be in + the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object authSecret: + description: The secret's key that contains the CRAM-MD5 + secret. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object authUsername: + description: The username to use for authentication. type: string from: + description: The sender address. type: string headers: + description: Further headers email header key/value pairs. + Overrides any headers previously set by the notification + implementation. items: + description: KeyValue defines a (key, value) tuple. properties: key: + description: Key of the tuple. minLength: 1 type: string value: + description: Value of the tuple. type: string required: - key @@ -180,40 +288,70 @@ spec: type: object type: array hello: + description: The hostname to identify to the SMTP server. type: string html: + description: The HTML body of the email notification. type: string requireTLS: + description: The SMTP TLS requirement. Note that Go does + not support unencrypted connections to remote SMTP endpoints. type: boolean sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean smarthost: + description: The SMTP host and port through which emails + are sent. E.g. example.com:25 type: string text: + description: The text body of the email notification. type: string tlsConfig: + description: TLS configuration properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to use + for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for + the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -221,26 +359,47 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when doing + client-authentication. properties: configMap: + description: ConfigMap containing data to use + for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for + the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -248,54 +407,94 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key file + for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the targets. type: string type: object to: + description: The email address to send notifications to. type: string type: object type: array name: + description: Name of the receiver. Must be unique across all + items from the list. minLength: 1 type: string opsgenieConfigs: + description: List of OpsGenie configurations. items: + description: OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config properties: actions: + description: Comma separated list of actions that will + be available for the alert. type: string apiKey: + description: The secret's key that contains the OpsGenie + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. type: string details: + description: A set of arbitrary key/value pairs that provide + further detail about the incident. items: + description: KeyValue defines a (key, value) tuple. properties: key: + description: Key of the tuple. minLength: 1 type: string value: + description: Value of the tuple. type: string required: - key @@ -303,47 +502,89 @@ spec: type: object type: array entity: + description: Optional field that can be used to specify + which domain alert is related to. type: string httpConfig: + description: HTTP client configuration. properties: authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: credentials: + description: The secret's key that contains the + credentials of the request properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: password: + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -351,41 +592,80 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -393,12 +673,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 + client secret properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -407,12 +697,17 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token + URL type: object scopes: + description: OAuth2 scopes used for the token + request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -421,30 +716,54 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -452,26 +771,48 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when + doing client-authentication. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -479,37 +820,61 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key + file for the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the + targets. type: string type: object type: object message: + description: Alert text limited to 130 characters. type: string note: + description: Additional alert note. type: string priority: + description: Priority level of alert. Possible values + are P1, P2, P3, P4, and P5. type: string responders: + description: List of responders responsible for notifications. items: + description: OpsGenieConfigResponder defines a responder + to an incident. One of `id`, `name` or `username` + has to be defined. properties: id: + description: ID of the responder. type: string name: + description: Name of the responder. type: string type: + description: Type of responder. enum: - team - teams @@ -519,39 +884,64 @@ spec: minLength: 1 type: string username: + description: Username of the responder. type: string required: - type type: object type: array sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean source: + description: Backlink to the sender of the notification. type: string tags: + description: Comma separated list of tags attached to + the notifications. type: string updateAlerts: + description: Whether to update message and description + of the alert in OpsGenie if it already exists By default, + the alert is never updated in OpsGenie, the new message + only appears in activity log. type: boolean type: object type: array pagerdutyConfigs: + description: List of PagerDuty configurations. items: + description: PagerDutyConfig configures notifications via + PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config properties: class: + description: The class/type of the event. type: string client: + description: Client identification. type: string clientURL: + description: Backlink to the sender of notification. type: string component: + description: The part or component of the affected system + that is broken. + type: string + description: + description: Description of the incident. type: string details: + description: Arbitrary key/value pairs that provide further + detail about the incident. items: + description: KeyValue defines a (key, value) tuple. properties: key: + description: Key of the tuple. minLength: 1 type: string value: + description: Value of the tuple. type: string required: - key @@ -559,47 +949,88 @@ spec: type: object type: array group: + description: A cluster or grouping of sources. type: string httpConfig: + description: HTTP client configuration. properties: authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: credentials: + description: The secret's key that contains the + credentials of the request properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: password: + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -607,41 +1038,80 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -649,12 +1119,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 + client secret properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -663,12 +1143,17 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token + URL type: object scopes: + description: OAuth2 scopes used for the token + request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -677,30 +1162,54 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -708,26 +1217,48 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when + doing client-authentication. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -735,121 +1266,227 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key + file for the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the + targets. type: string type: object type: object pagerDutyImageConfigs: + description: A list of image details to attach that provide + further detail about an incident. items: + description: PagerDutyImageConfig attaches images to + an incident properties: alt: + description: Alt is the optional alternative text + for the image. type: string href: + description: Optional URL; makes the image a clickable + link. type: string src: + description: Src of the image being attached to + the incident type: string type: object type: array pagerDutyLinkConfigs: + description: A list of link details to attach that provide + further detail about an incident. items: + description: PagerDutyLinkConfig attaches text links + to an incident properties: alt: + description: Text that describes the purpose of + the link, and can be used as the link's text. type: string href: + description: Href is the URL of the link to be attached type: string type: object type: array routingKey: + description: The secret's key that contains the PagerDuty + integration key (when using Events API v2). Either this + field or `serviceKey` needs to be defined. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean serviceKey: + description: The secret's key that contains the PagerDuty + service key (when using integration type "Prometheus"). + Either this field or `routingKey` needs to be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object severity: + description: Severity of the incident. type: string url: + description: The URL to send requests to. type: string type: object type: array pushoverConfigs: + description: List of Pushover configurations. items: + description: PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config properties: expire: + description: How long your notification will continue + to be retried for, unless the user acknowledges the + notification. pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string html: + description: Whether notification message is HTML or plain + text. type: boolean httpConfig: + description: HTTP client configuration. properties: authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: credentials: + description: The secret's key that contains the + credentials of the request properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: password: + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -857,41 +1494,80 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -899,12 +1575,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 + client secret properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -913,12 +1599,17 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token + URL type: object scopes: + description: OAuth2 scopes used for the token + request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -927,30 +1618,54 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -958,26 +1673,48 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when + doing client-authentication. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -985,58 +1722,107 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key + file for the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the + targets. type: string type: object type: object message: + description: Notification message. type: string priority: + description: Priority, see https://pushover.net/api#priority type: string retry: + description: How often the Pushover servers will send + the same notification to the user. Must be at least + 30 seconds. pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean sound: + description: The name of one of the sounds supported by + device clients to override the user's default sound + choice type: string title: + description: Notification title. type: string token: + description: The secret's key that contains the registered + application's API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object url: + description: A supplementary URL shown alongside the message. type: string urlTitle: + description: A title for supplementary URL, otherwise + just the URL is shown type: string userKey: + description: The secret's key that contains the recipient + user's user key. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -1044,12 +1830,26 @@ spec: type: object type: array slackConfigs: + description: List of Slack configurations. items: + description: SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config properties: actions: + description: A list of Slack actions that are sent with + each notification. items: + description: SlackAction configures a single Slack action + that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields + and https://api.slack.com/docs/message-buttons for + more information. properties: confirm: + description: SlackConfirmationField protect users + from destructive actions or particularly distinguished + decisions by asking them to confirm their button + click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. properties: dismissText: type: string @@ -1083,12 +1883,23 @@ spec: type: object type: array apiURL: + description: The secret's key that contains the Slack + webhook URL. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -1096,13 +1907,24 @@ spec: callbackId: type: string channel: + description: The channel or user to send notifications + to. type: string color: type: string fallback: type: string fields: + description: A list of Slack fields that are sent with + each notification. items: + description: SlackField configures a single Slack field + that is sent with each notification. Each field must + contain a title, value, and optionally, a boolean + value to indicate if the field is short enough to + be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields + for more information. properties: short: type: boolean @@ -1120,45 +1942,85 @@ spec: footer: type: string httpConfig: + description: HTTP client configuration. properties: authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: credentials: + description: The secret's key that contains the + credentials of the request properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: password: + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -1166,41 +2028,80 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1208,12 +2109,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 + client secret properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -1222,12 +2133,17 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token + URL type: object scopes: + description: OAuth2 scopes used for the token + request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -1236,30 +2152,54 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1267,26 +2207,48 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when + doing client-authentication. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1294,20 +2256,33 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key + file for the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the + targets. type: string type: object type: object @@ -1326,6 +2301,7 @@ spec: pretext: type: string sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean shortFields: type: boolean @@ -1342,54 +2318,101 @@ spec: type: object type: array snsConfigs: + description: List of SNS configurations items: + description: SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs properties: apiURL: + description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will + be used. type: string attributes: additionalProperties: type: string + description: SNS message attributes. type: object httpConfig: + description: HTTP client configuration. properties: authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: credentials: + description: The secret's key that contains the + credentials of the request properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: password: + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -1397,41 +2420,80 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1439,12 +2501,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 + client secret properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -1453,12 +2525,17 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token + URL type: object scopes: + description: OAuth2 scopes used for the token + request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -1467,30 +2544,54 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1498,26 +2599,48 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when + doing client-authentication. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1525,56 +2648,104 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key + file for the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the + targets. type: string type: object type: object message: + description: The message content of the SNS notification. type: string phoneNumber: + description: Phone number if message is delivered via + SMS in E.164 format. If you don't specify this value, + you must specify a value for the TopicARN or TargetARN. type: string sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean sigv4: + description: Configures AWS's Signature Verification 4 + signing process to sign requests. properties: accessKey: + description: AccessKey is the AWS API key. If not + specified, the environment variable `AWS_ACCESS_KEY_ID` + is used. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic profile: + description: Profile is the named AWS profile used + to authenticate. type: string region: + description: Region is the AWS region. If blank, the + region from the default credentials chain used. type: string roleArn: + description: RoleArn is the named AWS profile used + to authenticate. type: string secretKey: + description: SecretKey is the AWS API secret. If not + specified, the environment variable `AWS_SECRET_ACCESS_KEY` + is used. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -1582,74 +2753,140 @@ spec: x-kubernetes-map-type: atomic type: object subject: + description: Subject line when the message is delivered + to email endpoints. type: string targetARN: + description: The mobile platform endpoint ARN if message + is delivered via mobile notifications. If you don't + specify this value, you must specify a value for the + topic_arn or PhoneNumber. type: string topicARN: + description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, you must specify a + value for the PhoneNumber or TargetARN. type: string type: object type: array telegramConfigs: + description: List of Telegram configurations. items: + description: TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config properties: apiURL: + description: The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. type: string botToken: + description: Telegram bot token The secret needs to be + in the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object chatID: + description: The Telegram chat ID. format: int64 type: integer disableNotifications: + description: Disable telegram notifications type: boolean httpConfig: + description: HTTP client configuration. properties: authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: credentials: + description: The secret's key that contains the + credentials of the request properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: password: + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -1657,41 +2894,80 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1699,12 +2975,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 + client secret properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -1713,12 +2999,17 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token + URL type: object scopes: + description: OAuth2 scopes used for the token + request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -1727,30 +3018,54 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1758,26 +3073,48 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when + doing client-authentication. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1785,58 +3122,93 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key + file for the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the + targets. type: string type: object type: object message: + description: Message template type: string parseMode: + description: Parse mode for telegram message enum: - MarkdownV2 - Markdown - HTML type: string sendResolved: + description: Whether to notify about resolved alerts. type: boolean type: object type: array victoropsConfigs: + description: List of VictorOps configurations. items: + description: VictorOpsConfig configures notifications via + VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config properties: apiKey: + description: The secret's key that contains the API key + to use when talking to the VictorOps API. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object apiUrl: + description: The VictorOps API URL. type: string customFields: + description: Additional custom fields for notification. items: + description: KeyValue defines a (key, value) tuple. properties: key: + description: Key of the tuple. minLength: 1 type: string value: + description: Value of the tuple. type: string required: - key @@ -1844,47 +3216,88 @@ spec: type: object type: array entityDisplayName: + description: Contains summary of the alerted problem. type: string httpConfig: + description: The HTTP client's configuration. properties: authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: credentials: + description: The secret's key that contains the + credentials of the request properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: password: + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -1892,41 +3305,80 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1934,12 +3386,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 + client secret properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -1948,12 +3410,17 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token + URL type: object scopes: + description: OAuth2 scopes used for the token + request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -1962,30 +3429,54 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1993,26 +3484,48 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when + doing client-authentication. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -2020,78 +3533,142 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key + file for the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the + targets. type: string type: object type: object messageType: + description: Describes the behavior of the alert (CRITICAL, + WARNING, INFO). type: string monitoringTool: + description: The monitoring tool the state message is + from. type: string routingKey: + description: A key used to map the alert to a team. type: string sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean stateMessage: + description: Contains long explanation of the alerted + problem. type: string type: object type: array webhookConfigs: + description: List of webhook configurations. items: + description: WebhookConfig configures notifications via a + generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config properties: httpConfig: + description: HTTP client configuration. properties: authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: credentials: + description: The secret's key that contains the + credentials of the request properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: password: + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -2099,41 +3676,80 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -2141,12 +3757,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 + client secret properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -2155,12 +3781,17 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token + URL type: object scopes: + description: OAuth2 scopes used for the token + request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -2169,30 +3800,54 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -2200,26 +3855,48 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when + doing client-authentication. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -2227,38 +3904,70 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key + file for the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the + targets. type: string type: object type: object maxAlerts: + description: Maximum number of alerts to be sent per webhook + message. When 0, all alerts are included. format: int32 minimum: 0 type: integer sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean url: + description: The URL to send HTTP POST requests to. `urlSecret` + takes precedence over `url`. One of `urlSecret` and + `url` should be defined. type: string urlSecret: + description: The secret's key that contains the webhook + URL to send HTTP requests to. `urlSecret` takes precedence + over `url`. One of `urlSecret` and `url` should be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -2266,65 +3975,121 @@ spec: type: object type: array wechatConfigs: + description: List of WeChat configurations. items: + description: WeChatConfig configures notifications via WeChat. + See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config properties: agentID: type: string apiSecret: + description: The secret's key that contains the WeChat + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object apiURL: + description: The WeChat API URL. type: string corpID: + description: The corp id for authentication. type: string httpConfig: + description: HTTP client configuration. properties: authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: credentials: + description: The secret's key that contains the + credentials of the request properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: password: + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -2332,41 +4097,80 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -2374,12 +4178,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 + client secret properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -2388,12 +4202,17 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token + URL type: object scopes: + description: OAuth2 scopes used for the token + request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -2402,30 +4221,54 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -2433,26 +4276,48 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when + doing client-authentication. properties: configMap: + description: ConfigMap containing data to + use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use + for the targets. properties: key: + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -2460,28 +4325,44 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key + file for the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the + targets. type: string type: object type: object message: + description: API request data as defined by the WeChat + API. type: string messageType: type: string sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean toParty: type: string @@ -2496,25 +4377,50 @@ spec: type: object type: array route: + description: The Alertmanager route definition for alerts matching + the resource's namespace. If present, it will be added to the generated + Alertmanager configuration as a first-level route. properties: activeTimeIntervals: + description: ActiveTimeIntervals is a list of MuteTimeInterval + names when this route should be active. items: type: string type: array continue: + description: Boolean indicating whether an alert should continue + matching subsequent sibling nodes. It will always be overridden + to true for the first-level route by the Prometheus operator. type: boolean groupBy: + description: List of labels to group by. Labels must not be repeated + (unique list). Special label "..." (aggregate by all possible + labels), if provided, must be the only element in the list. items: type: string type: array groupInterval: + description: 'How long to wait before sending an updated notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "5m"' type: string groupWait: + description: 'How long to wait before sending the initial notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "30s"' type: string matchers: + description: 'List of matchers that the alert''s labels should + match. For the first level route, the operator removes any existing + equality and regexp matcher on the `namespace` label and adds + a `namespace: ` matcher.' items: + description: Matcher defines how to match on alert's labels. properties: matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. enum: - '!=' - = @@ -2522,25 +4428,45 @@ spec: - '!~' type: string name: + description: Label to match. minLength: 1 type: string regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. type: boolean value: + description: Label value to match. type: string required: - name type: object type: array muteTimeIntervals: + description: 'Note: this comment applies to the field definition + above but appears below otherwise it gets included in the generated + manifest. CRD schema doesn''t support self-referential types + for now (see https://github.com/kubernetes/kubernetes/issues/62872). + We have to use an alternative type to circumvent the limitation. + The downside is that the Kube API can''t validate the data beyond + the fact that it is a valid JSON representation. MuteTimeIntervals + is a list of MuteTimeInterval names that will mute this route + when matched,' items: type: string type: array receiver: + description: Name of the receiver for this route. If not empty, + it should be listed in the `receivers` field. type: string repeatInterval: + description: 'How long to wait before repeating the last notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "4h"' type: string routes: + description: Child routes. items: x-kubernetes-preserve-unknown-fields: true type: array diff --git a/bundle/manifests/monitoring.rhobs_alertmanagers.yaml b/bundle/manifests/monitoring.rhobs_alertmanagers.yaml index 6fb8b59e..039b7f14 100644 --- a/bundle/manifests/monitoring.rhobs_alertmanagers.yaml +++ b/bundle/manifests/monitoring.rhobs_alertmanagers.yaml @@ -19,13 +19,16 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: .spec.version + - description: The version of Alertmanager + jsonPath: .spec.version name: Version type: string - - jsonPath: .spec.replicas + - description: The number of desired replicas + jsonPath: .spec.replicas name: Replicas type: integer - - jsonPath: .status.availableReplicas + - description: The number of ready replicas + jsonPath: .status.availableReplicas name: Ready type: integer - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status @@ -37,43 +40,95 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.paused + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused name: Paused priority: 1 type: boolean name: v1 schema: openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: additionalPeers: + description: AdditionalPeers allows injecting a set of additional + Alertmanagers to peer with to form a highly available cluster. items: type: string type: array affinity: + description: If specified, the pod's scheduling constraints. properties: nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). properties: preference: + description: A node selector term, associated with the + corresponding weight. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -83,13 +138,33 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -101,6 +176,8 @@ spec: type: object x-kubernetes-map-type: atomic weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -109,18 +186,50 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. properties: nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -130,13 +239,33 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -154,22 +283,61 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -181,19 +349,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -205,19 +406,40 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -226,18 +448,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -249,19 +505,47 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -273,14 +557,33 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -288,22 +591,62 @@ spec: type: array type: object podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -315,19 +658,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -339,19 +715,40 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -360,18 +757,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -383,19 +814,47 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -407,14 +866,33 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -423,24 +901,48 @@ spec: type: object type: object alertmanagerConfigMatcherStrategy: + description: The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig + objects match the alerts. In the future more options may be added. properties: type: default: OnNamespace + description: If set to `OnNamespace`, the operator injects a label + matcher matching the namespace of the AlertmanagerConfig object + for all its routes and inhibition rules. `None` will not add + any additional matchers other than the ones specified in the + AlertmanagerConfig. Default is `OnNamespace`. enum: - OnNamespace - None type: string type: object alertmanagerConfigNamespaceSelector: + description: Namespaces to be selected for AlertmanagerConfig discovery. + If nil, only check own namespace. properties: matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: + description: key is the label key that the selector applies + to. type: string operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -452,19 +954,41 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object x-kubernetes-map-type: atomic alertmanagerConfigSelector: + description: AlertmanagerConfigs to be selected for to merge and configure + Alertmanager with. properties: matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: + description: key is the label key that the selector applies + to. type: string operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -476,53 +1000,102 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object x-kubernetes-map-type: atomic alertmanagerConfiguration: + description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the + configuration of Alertmanager. If defined, it takes precedence over + the `configSecret` field. This field may change in future releases.' properties: global: + description: Defines the global parameters of the Alertmanager + configuration. properties: httpConfig: + description: HTTP client configuration. properties: authorization: + description: Authorization header configuration for the + client. This is mutually exclusive with BasicAuth and + is only available starting from Alertmanager v0.22+. properties: credentials: + description: The secret's key that contains the credentials + of the request properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error type: string type: object basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, BasicAuth + takes precedence. properties: password: + description: The secret in the service monitor namespace + that contains the password for authentication. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor namespace + that contains the username for authentication. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -530,42 +1103,78 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. The + secret needs to be in the same namespace as the Alertmanager + object and accessible by the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic followRedirects: + description: FollowRedirects specifies whether the client + should follow HTTP 3xx redirects. type: boolean oauth2: + description: OAuth2 client credentials used to fetch a + token for the targets. properties: clientId: + description: The secret or configmap containing the + OAuth2 client id properties: configMap: + description: ConfigMap containing data to use + for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for + the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -573,12 +1182,22 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 client + secret properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -587,12 +1206,15 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token URL type: object scopes: + description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -601,30 +1223,53 @@ spec: - tokenUrl type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: + description: TLS configuration for the client. properties: ca: + description: Certificate authority used when verifying + server certificates. properties: configMap: + description: ConfigMap containing data to use + for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for + the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -632,26 +1277,47 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when doing + client-authentication. properties: configMap: + description: ConfigMap containing data to use + for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for + the targets. properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or + its key must be defined type: boolean required: - key @@ -659,59 +1325,98 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key file + for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the targets. type: string type: object type: object opsGenieApiKey: + description: The default OpsGenie API Key. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic opsGenieApiUrl: + description: The default OpsGenie API URL. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic pagerdutyUrl: + description: The default Pagerduty URL. type: string resolveTimeout: + description: ResolveTimeout is the default value used by alertmanager + if the alert does not include EndsAt, after this time passes + it can declare the alert as resolved if it has not been + updated. This has no impact on alerts from Prometheus, as + they always include EndsAt. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string slackApiUrl: + description: The default Slack API URL. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -719,30 +1424,51 @@ spec: x-kubernetes-map-type: atomic type: object name: + description: The name of the AlertmanagerConfig resource which + is used to generate the Alertmanager configuration. It must + be defined in the same namespace as the Alertmanager object. + The operator will not enforce a `namespace` label for routes + and inhibition rules. minLength: 1 type: string templates: + description: Custom notification templates. items: + description: SecretOrConfigMap allows to specify data as a Secret + or ConfigMap. Fields are mutually exclusive. properties: configMap: + description: ConfigMap containing data to use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the ConfigMap or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -752,91 +1478,203 @@ spec: type: array type: object automountServiceAccountToken: + description: 'AutomountServiceAccountToken indicates whether a service + account token should be automatically mounted in the pod. If the + service account has `automountServiceAccountToken: true`, set the + field to `false` to opt out of automounting API credentials.' type: boolean baseImage: + description: 'Base image that is used to deploy pods, without tag. + Deprecated: use ''image'' instead' type: string clusterAdvertiseAddress: + description: 'ClusterAdvertiseAddress is the explicit address to advertise + in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. + [1] RFC1918: https://tools.ietf.org/html/rfc1918' type: string clusterGossipInterval: + description: Interval between gossip attempts. pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string clusterPeerTimeout: + description: Timeout for cluster peering. pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string clusterPushpullInterval: + description: Interval between pushpull attempts. pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into `/etc/alertmanager/configmaps/` in the 'alertmanager' + container. items: type: string type: array configSecret: + description: "ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains the configuration + for this Alertmanager instance. If empty, it defaults to `alertmanager-`. + \n The Alertmanager configuration should be available under the + `alertmanager.yaml` key. Additional keys from the original secret + are copied to the generated secret and mounted into the `/etc/alertmanager/config` + directory in the `alertmanager` container. \n If either the secret + or the `alertmanager.yaml` key is missing, the operator provisions + a minimal Alertmanager configuration with one empty receiver (effectively + dropping alert notifications)." type: string containers: + description: 'Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. Containers described here modify an operator generated container + if they share the same name and modifications are done via a strategic + merge patch. The current container names are: `alertmanager` and + `config-reloader`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you + accept that this behaviour may break at any time without notice.' items: + description: A single application container that you want to run + within a pod. properties: args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -848,53 +1686,111 @@ spec: type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must be + defined type: boolean type: object x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -902,49 +1798,97 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -952,25 +1896,40 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -978,37 +1937,71 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1016,62 +2009,126 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port in a + single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -1082,37 +2139,71 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1120,51 +2211,97 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: + description: Resources resize policy for the container. items: + description: ContainerResizePolicy represents resource resize + policy for the container. properties: resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -1173,11 +2310,23 @@ spec: type: array x-kubernetes-list-type: atomic resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. type: string required: - name @@ -1193,6 +2342,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1201,101 +2352,260 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. properties: localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". type: string type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1303,61 +2613,139 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1365,19 +2753,40 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -1385,23 +2794,38 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. type: string forceEnableClusterMode: + description: ForceEnableClusterMode ensures Alertmanager does not + deactivate the cluster mode when running with a single replica. + Use case is e.g. spanning an Alertmanager cluster across Kubernetes + clusters with a single replica in each. type: boolean hostAliases: + description: Pods' hostAliases configuration items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. properties: hostnames: + description: Hostnames for the above IP address. items: type: string type: array ip: + description: IP address of the host file entry. type: string required: - hostnames @@ -1412,8 +2836,15 @@ spec: - ip x-kubernetes-list-type: map image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Alertmanager + is being configured. type: string imagePullPolicy: + description: Image pull policy for the 'alertmanager', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. enum: - "" - Always @@ -1421,78 +2852,172 @@ spec: - IfNotPresent type: string imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling prometheus and alertmanager images + from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. The current init container name is: + `init-config-reloader`. Overriding init containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice.' items: + description: A single application container that you want to run + within a pod. properties: args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -1504,53 +3029,111 @@ spec: type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must be + defined type: boolean type: object x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1558,49 +3141,97 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1608,25 +3239,40 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1634,37 +3280,71 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1672,62 +3352,126 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port in a + single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -1738,37 +3482,71 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1776,51 +3554,97 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: + description: Resources resize policy for the container. items: + description: ContainerResizePolicy represents resource resize + policy for the container. properties: resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -1829,11 +3653,23 @@ spec: type: array x-kubernetes-list-type: atomic resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. type: string required: - name @@ -1849,6 +3685,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1857,101 +3695,260 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. properties: localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". type: string type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1959,61 +3956,139 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -2021,19 +4096,40 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -2041,20 +4137,28 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. type: boolean logFormat: + description: Log format for Alertmanager to be configured with. enum: - "" - logfmt - json type: string logLevel: + description: Log level for Alertmanager to be configured with. enum: - "" - debug @@ -2063,41 +4167,81 @@ spec: - error type: string minReadySeconds: + description: Minimum number of seconds for which a newly created pod + should be ready without any of its container crashing for it to + be considered available. Defaults to 0 (pod will be considered available + as soon as it is ready) This is an alpha field from kubernetes 1.22 + until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate. format: int32 type: integer nodeSelector: additionalProperties: type: string + description: Define which Nodes the Pods are scheduled on. type: object paused: + description: If set to true all actions on the underlying managed + objects are not goint to be performed, except for delete actions. type: boolean podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. properties: annotations: additionalProperties: type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' type: object name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow a + client to request the generation of an appropriate name automatically. + Name is primarily intended for creation idempotence and configuration + definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object portName: default: web + description: Port name used for the pods and governing service. Defaults + to `web`. type: string priorityClassName: + description: Priority class assigned to the Pods type: string replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. format: int32 type: integer resources: + description: Define resources requests and limits for single Pods. properties: claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. type: string required: - name @@ -2113,6 +4257,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2121,64 +4267,162 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object retention: default: 120h + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string routePrefix: + description: The route prefix Alertmanager registers HTTP handlers + for. This is useful, if using ExternalURL and a proxy is rewriting + HTTP routes of a request, and the actual ExternalURL is still true, + but the server serves requests under a different route prefix. For + example for use with `kubectl proxy`. type: string secrets: + description: Secrets is a list of Secrets in the same namespace as + the Alertmanager object, which shall be mounted into the Alertmanager + Pods. Each Secret is added to the StatefulSet definition as a volume + named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` + in the 'alertmanager' container. items: type: string type: array securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. properties: fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that this field cannot + be set when spec.os.name is windows.' type: string runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies to + the container. type: string role: + description: Role is a SELinux role label that applies to + the container. type: string type: + description: Type is a SELinux type label that applies to + the container. type: string user: + description: User is a SELinux user label that applies to + the container. type: string type: object seccompProfile: + description: The seccomp options to use by the containers in this + pod. Note that this field cannot be set when spec.os.name is + windows. properties: localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." type: string required: - type type: object supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. Note that this field cannot be set when + spec.os.name is windows. items: + description: Sysctl defines a kernel parameter to be set properties: name: + description: Name of a property to set type: string value: + description: Value of a property to set type: string required: - name @@ -2186,55 +4430,157 @@ spec: type: object type: array windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. type: string hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature flag + will result in errors when validating the Pod. All of a + Pod's containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run the Prometheus Pods. type: string sha: + description: 'SHA of Alertmanager container image to be deployed. + Defaults to the value of `version`. Similar to a tag, but the SHA + explicitly deploys an immutable container image. Version and Tag + are ignored if SHA is set. Deprecated: use ''image'' instead. The + image digest can be specified as part of the image URL.' type: string storage: + description: Storage is the definition of how storage will be used + by the Alertmanager instances. properties: disableMountSubPath: + description: '*Deprecated: subPath usage will be removed in a + future release.*' type: boolean emptyDir: + description: 'EmptyDirVolumeSource to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: + description: 'EphemeralVolumeSource to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, + starting with k8s 1.19, it requires enabling the GenericEphemeralVolume + feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC will + be deleted together with the pod. The name of the PVC will + be `-` where `` is the + name from the `PodSpec.Volumes` array entry. Pod validation + will reject the pod if the concatenated name is not valid + for a PVC (for example, too long). \n An existing PVC with + that name that is not owned by the pod will *not* be used + for the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated PVC + is removed. If such a pre-created PVC is meant to be used + by the pod, the PVC has to updated with an owner reference + to the pod once the pod exists. Normally this should not + be necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no changes + will be made by Kubernetes to the PVC after it has been + created. \n Required, must not be nil." properties: metadata: + description: May contain labels and annotations that will + be copied into the PVC when creating it. No other fields + are allowed and will be rejected during validation. type: object spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. properties: accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. type: string kind: + description: Kind is the type of resource being + referenced type: string name: + description: Name is the name of resource being + referenced type: string required: - kind @@ -2242,25 +4588,90 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. type: string kind: + description: Kind is the type of resource being + referenced type: string name: + description: Name is the name of resource being + referenced type: string namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. type: string required: - kind - name type: object resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. properties: name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. type: string required: - name @@ -2276,6 +4687,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2284,18 +4697,43 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -2307,14 +4745,27 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. type: string volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. type: string type: object required: @@ -2322,37 +4773,87 @@ spec: type: object type: object volumeClaimTemplate: + description: Defines the PVC spec to be used by the Prometheus + StatefulSets. The easiest way to use a volume that cannot be + automatically provisioned is to use a label selector alongside + manually created PersistentVolumes. properties: apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: + description: EmbeddedMetadata contains metadata relevant to + an EmbeddedResource. properties: annotations: additionalProperties: type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' type: object name: + description: 'Name must be unique within a namespace. + Is required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be + updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: + description: 'Defines the desired characteristics of a volume + requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on the + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' properties: apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: + description: Kind is the type of resource being referenced type: string name: + description: Name is the name of resource being referenced type: string required: - kind @@ -2360,25 +4861,85 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they + must have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: + description: Kind is the type of resource being referenced type: string name: + description: Name is the name of resource being referenced type: string namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. type: string required: - kind - name type: object resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the status + field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. properties: name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. type: string required: - name @@ -2394,6 +4955,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2402,18 +4965,42 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: + description: selector is a label query over volumes to + consider for binding. properties: matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: + description: key is the label key that the selector + applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -2425,19 +5012,34 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. type: string volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. type: string type: object status: + description: '*Deprecated: this field is never set.*' properties: accessModes: + description: 'accessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array @@ -2448,6 +5050,19 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. For + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity request + is lowered, allocatedResources is only lowered if there + are no expansion operations in progress and if the actual + volume capacity is equal or lower than the requested + capacity. This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature. type: object capacity: additionalProperties: @@ -2456,23 +5071,43 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. type: object conditions: + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. items: + description: PersistentVolumeClaimCondition contains + details about state of pvc properties: lastProbeTime: + description: lastProbeTime is the time we probed + the condition. format: date-time type: string lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. format: date-time type: string message: + description: message is the human-readable message + indicating details about last transition. type: string reason: + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. type: string status: type: string type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -2480,43 +5115,98 @@ spec: type: object type: array phase: + description: phase represents the current phase of PersistentVolumeClaim. type: string resizeStatus: + description: resizeStatus stores status of resize operation. + ResizeStatus is not set by default but when expansion + is complete resizeStatus is set to empty string by resize + controller or kubelet. This is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature. type: string type: object type: object type: object tag: + description: 'Tag of Alertmanager container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag is + set. Deprecated: use ''image'' instead. The image tag can be specified + as part of the image URL.' type: string tolerations: + description: If specified, the pod's tolerations. items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . properties: effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. type: string key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. type: string operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. type: string tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. format: int64 type: integer value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. properties: labelSelector: + description: LabelSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. properties: matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. properties: key: + description: key is the label key that the selector + applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. items: type: string type: array @@ -2528,27 +5218,126 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in + both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist + in the incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. \n This is a + beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that satisfy + it. It''s a required field. Default value is 1 and 0 is not + allowed.' format: int32 type: integer minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." format: int32 type: integer nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: + description: TopologyKey is the key of node labels. Nodes that + have a label with this key and identical values are considered + to be in the same topology. We consider each + as a "bucket", and try to put balanced number of pods into + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. type: string whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a + pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any location, but + giving higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. For + example, in a 3-zone cluster, MaxSkew is set to 1, and pods + with the same labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable is + set to DoNotSchedule, incoming pod can only be scheduled to + zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on + zone2(zone3) satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make it *more* + imbalanced. It''s a required field.' type: string required: - maxSkew @@ -2557,21 +5346,44 @@ spec: type: object type: array version: + description: Version the cluster should be on. type: string volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, + that are generated as a result of StorageSpec objects. items: + description: VolumeMount describes a mounting of a Volume within + a container. properties: mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -2579,106 +5391,224 @@ spec: type: object type: array volumes: + description: Volumes allows configuration of additional volumes on + the output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. properties: awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. properties: cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' type: string diskName: + description: diskName is the Name of the data disk in the + blob storage type: string diskURI: + description: diskURI is the URI of data disk in the blob + storage type: string fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' type: string readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. properties: readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key type: string shareName: + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime properties: monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' type: string readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: + description: configMap represents a configMap that should populate + this volume properties: defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. items: + description: Maps a string key to a path within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -2686,66 +5616,139 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: optional specify whether the ConfigMap or its + keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). properties: driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. type: string fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. type: string nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. type: object required: - driver type: object downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume properties: defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: + description: Items is a list of downward API volume file items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field properties: fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource @@ -2757,35 +5760,114 @@ spec: type: array type: object emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." properties: metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. type: object spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. properties: accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. type: string kind: + description: Kind is the type of resource being + referenced type: string name: + description: Name is the name of resource being + referenced type: string required: - kind @@ -2793,25 +5875,94 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' properties: apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. type: string kind: + description: Kind is the type of resource being + referenced type: string name: + description: Name is the name of resource being + referenced type: string namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. type: string required: - kind - name type: object resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. properties: name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. type: string required: - name @@ -2827,6 +5978,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2835,18 +5988,46 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -2858,14 +6039,28 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. type: string volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. type: string type: object required: @@ -2873,38 +6068,74 @@ spec: type: object type: object fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. properties: fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' type: string lun: + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. properties: driver: + description: driver is the name of the driver to use for + this volume. type: string fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string + description: 'options is Optional: this field holds extra + command options if any.' type: object readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -2912,88 +6143,184 @@ spec: - driver type: object flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running properties: datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated type: string datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' properties: directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: + description: repository is the URL type: string revision: + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' properties: path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication type: boolean chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication type: boolean fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). type: string lun: + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. type: boolean secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -3001,67 +6328,148 @@ spec: - targetPortal type: object name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine properties: fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk type: string required: - pdID type: object portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine properties: fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: + description: projected items for all in one resources secrets, + configmaps, and downward API properties: defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. format: int32 type: integer sources: + description: sources is the list of volume projections items: + description: Projection that may be projected along with + other supported volume types properties: configMap: + description: configMap information about the configMap + data to project properties: items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -3069,42 +6477,91 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: + description: downwardAPI information about the downwardAPI + data to project properties: items: + description: Items is a list of DownwardAPIVolume + file items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field properties: fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' properties: apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". type: string fieldPath: + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' format: int32 type: integer path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' properties: containerName: + description: 'Container name: required + for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to + select' type: string required: - resource @@ -3116,16 +6573,48 @@ spec: type: array type: object secret: + description: secret information about the secret data + to project properties: items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -3133,19 +6622,45 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: optional field specify whether the + Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project properties: audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. type: string expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. format: int64 type: integer path: + description: path is the path relative to the + mount point of the file to project the token + into. type: string required: - path @@ -3154,76 +6669,148 @@ spec: type: array type: object quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime properties: group: + description: group to map volume access to Default is no + group type: string readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. type: boolean registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes type: string tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin type: string user: + description: user to map volume access to Defaults to serivceaccount + user type: string volume: + description: volume is a string that references an already + created Quobyte volume by name. type: string required: - registry - volume type: object rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. type: string system: + description: system is the name of the storage system as + configured in ScaleIO. type: string volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. type: string required: - gateway @@ -3231,19 +6818,54 @@ spec: - system type: object secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. items: + description: Maps a string key to a path within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -3251,36 +6873,76 @@ spec: type: object type: array optional: + description: optional field specify whether the Secret or + its keys must be defined type: boolean secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. type: string volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine properties: fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. type: string volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk type: string required: - volumePath @@ -3290,61 +6952,107 @@ spec: type: object type: array web: + description: Defines the web command line flags when starting Alertmanager. properties: getConcurrency: + description: Maximum number of GET requests processed concurrently. + This corresponds to the Alertmanager's `--web.get-concurrency` + flag. format: int32 type: integer httpConfig: + description: Defines HTTP parameters for web server. properties: headers: + description: List of headers that can be added to HTTP responses. properties: contentSecurityPolicy: + description: Set the Content-Security-Policy header to + HTTP responses. Unset if blank. type: string strictTransportSecurity: + description: Set the Strict-Transport-Security header + to HTTP responses. Unset if blank. Please make sure + that you use this with care as this header might force + browsers to load Prometheus and the other applications + hosted on the same domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security type: string xContentTypeOptions: + description: Set the X-Content-Type-Options header to + HTTP responses. Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options enum: - "" - NoSniff type: string xFrameOptions: + description: Set the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options enum: - "" - Deny - SameOrigin type: string xXSSProtection: + description: Set the X-XSS-Protection header to all responses. + Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection type: string type: object http2: + description: Enable HTTP/2 support. Note that HTTP/2 is only + supported with TLS. When TLSConfig is not configured, HTTP/2 + will be disabled. Whenever the value of the field changes, + a rolling update will be triggered. type: boolean type: object timeout: + description: Timeout for HTTP requests. This corresponds to the + Alertmanager's `--web.timeout` flag. format: int32 type: integer tlsConfig: + description: Defines the TLS parameters for HTTPS. properties: cert: + description: Contains the TLS certificate for the server. properties: configMap: + description: ConfigMap containing data to use for the + targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -3352,30 +7060,52 @@ spec: x-kubernetes-map-type: atomic type: object cipherSuites: + description: 'List of supported cipher suites for TLS versions + up to TLS 1.2. If empty, Go default cipher suites are used. + Available cipher suites are documented in the go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants' items: type: string type: array client_ca: + description: Contains the CA certificate for client certificate + authentication to the server. properties: configMap: + description: ConfigMap containing data to use for the + targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -3383,28 +7113,49 @@ spec: x-kubernetes-map-type: atomic type: object clientAuthType: + description: 'Server policy for client authentication. Maps + to ClientAuth Policies. For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType' type: string curvePreferences: + description: 'Elliptic curves that will be used in an ECDHE + handshake, in preference order. Available curves are documented + in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID' items: type: string type: array keySecret: + description: Secret containing the TLS key for the server. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic maxVersion: + description: Maximum TLS version that is acceptable. Defaults + to TLS13. type: string minVersion: + description: Minimum TLS version that is acceptable. Defaults + to TLS12. type: string preferServerCipherSuites: + description: Controls whether the server selects the client's + most preferred cipher suite, or the server's most preferred + cipher suite. If true then the server's preference, as expressed + in the order of elements in cipherSuites, is used. type: boolean required: - cert @@ -3413,26 +7164,45 @@ spec: type: object type: object status: + description: 'Most recent observed status of the Alertmanager cluster. + Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. format: int32 type: integer conditions: + description: The current state of the Alertmanager object. items: + description: Condition represents the state of the resources associated + with the Prometheus, Alertmanager or ThanosRuler resource. properties: lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. format: date-time type: string message: + description: Human-readable message indicating details for the + condition's last transition. type: string observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if `.metadata.generation` + is currently 12, but the `.status.conditions[].observedGeneration` + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 type: integer reason: + description: Reason for the condition's last transition. type: string status: + description: Status of the condition. type: string type: + description: Type of the condition being reported. type: string required: - lastTransitionTime @@ -3444,14 +7214,22 @@ spec: - type x-kubernetes-list-type: map paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. type: boolean replicas: + description: Total number of non-terminated pods targeted by this + Alertmanager object (their labels match the selector). format: int32 type: integer unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + object. format: int32 type: integer updatedReplicas: + description: Total number of non-terminated pods targeted by this + Alertmanager object that have the desired version spec. format: int32 type: integer required: diff --git a/bundle/manifests/monitoring.rhobs_podmonitors.yaml b/bundle/manifests/monitoring.rhobs_podmonitors.yaml index f35c434d..f3abf8fe 100644 --- a/bundle/manifests/monitoring.rhobs_podmonitors.yaml +++ b/bundle/manifests/monitoring.rhobs_podmonitors.yaml @@ -21,81 +21,140 @@ spec: - name: v1 schema: openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. properties: attachMetadata: + description: Attaches node metadata to discovered targets. Requires + Prometheus v2.35.0 and above. properties: node: + description: When set to true, Prometheus must have permissions + to get Nodes. type: boolean type: object jobLabel: + description: The label to use to retrieve the job name from. type: string labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. format: int64 type: integer labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. format: int64 type: integer namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. properties: any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. type: boolean matchNames: + description: List of namespace names to select from. items: type: string type: array type: object podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. items: + description: PodMetricsEndpoint defines a scrapeable endpoint of + a Kubernetes Pod serving Prometheus metrics. properties: authorization: + description: Authorization section for this endpoint properties: credentials: + description: The secret's key that contains the credentials + of the request properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error type: string type: object basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: + description: The secret in the service monitor namespace + that contains the password for authentication. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor namespace + that contains the username for authentication. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -103,35 +162,64 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + pod monitor and accessible by the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: + description: Whether to enable HTTP2. type: boolean filterRunning: + description: 'Drop pods that are not running. (Failed, Succeeded). + Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' type: boolean followRedirects: + description: FollowRedirects configures whether scrape requests + follow HTTP 3xx redirects. type: boolean honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. type: boolean honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. type: boolean interval: + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: + description: MetricRelabelConfigs to apply to samples before + ingestion. items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace - Replace @@ -157,46 +245,85 @@ spec: - DropEqual type: string modulus: + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' type: string separator: + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. properties: clientId: + description: The secret or configmap containing the OAuth2 + client id properties: configMap: + description: ConfigMap containing data to use for the + targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -204,12 +331,19 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 client secret properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -218,12 +352,15 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token URL type: object scopes: + description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -236,18 +373,37 @@ spec: items: type: string type: array + description: Optional HTTP URL parameters type: object path: + description: HTTP path to scrape for metrics. If empty, Prometheus + uses the default value (e.g. `/metrics`). type: string port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. type: string proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. type: string relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + Prometheus Operator automatically adds relabelings for a few + standard Kubernetes fields. The original scrape job''s name + is available via the `__tmp_prometheus_job_name` label. More + info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace - Replace @@ -273,59 +429,104 @@ spec: - DropEqual type: string modulus: + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' type: string separator: + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array scheme: + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. enum: - http - https type: string scrapeTimeout: + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string + description: 'Deprecated: Use ''port'' instead.' x-kubernetes-int-or-string: true tlsConfig: + description: TLS configuration to use when scraping the endpoint. properties: ca: + description: Certificate authority used when verifying server + certificates. properties: configMap: + description: ConfigMap containing data to use for the + targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -333,26 +534,43 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when doing client-authentication. properties: configMap: + description: ConfigMap containing data to use for the + targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -360,41 +578,71 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key file for the + targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the targets. type: string type: object type: object type: array podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. items: type: string type: array sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. format: int64 type: integer selector: + description: Selector to select Pod objects. properties: matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: + description: key is the label key that the selector applies + to. type: string operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -406,10 +654,17 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. format: int64 type: integer required: diff --git a/bundle/manifests/monitoring.rhobs_probes.yaml b/bundle/manifests/monitoring.rhobs_probes.yaml index bdce57be..4943417f 100644 --- a/bundle/manifests/monitoring.rhobs_probes.yaml +++ b/bundle/manifests/monitoring.rhobs_probes.yaml @@ -21,53 +21,91 @@ spec: - name: v1 schema: openAPIV3Schema: + description: Probe defines monitoring for a set of static targets or ingresses. properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: Specification of desired Ingress selection for target discovery + by Prometheus. properties: authorization: + description: Authorization section for this endpoint properties: credentials: + description: The secret's key that contains the credentials of + the request properties: key: + description: The key of the secret to select from. Must be + a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must be + defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error type: string type: object basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic + authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: + description: The secret in the service monitor namespace that + contains the password for authentication. properties: key: + description: The key of the secret to select from. Must be + a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must be + defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor namespace that + contains the username for authentication. properties: key: + description: The key of the secret to select from. Must be + a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must be + defined type: boolean required: - key @@ -75,36 +113,62 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. + The secret needs to be in the same namespace as the probe and accessible + by the Prometheus Operator. properties: key: + description: The key of the secret to select from. Must be a + valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic interval: + description: Interval at which targets are probed using the configured + prober. If not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string jobName: + description: The job name assigned to scraped metrics by default. type: string labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. format: int64 type: integer labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. format: int64 type: integer metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. items: + description: 'RelabelConfig allows dynamic rewriting of the label + set, being applied to samples before ingestion. It defines ``-section + of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace + description: Action to perform based on regex matching. Default + is 'replace'. uppercase and lowercase actions require Prometheus + >= 2.36. enum: - replace - Replace @@ -130,48 +194,86 @@ spec: - DropEqual type: string modulus: + description: Modulus to take of the hash of the source label + values. format: int64 type: integer regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex capture + groups are available. Default is '$1' type: string separator: + description: Separator placed between concatenated source label + values. default is ';'. type: string sourceLabels: + description: The source labels select values from existing labels. + Their content is concatenated using the configured separator + and matched against the configured regular expression for + the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label name which + may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: + description: Label to which the resulting value is written in + a replace action. It is mandatory for replace actions. Regex + capture groups are available. type: string type: object type: array module: + description: 'The module to use for probing specifying how to probe + the target. Example module configuring in the blackbox exporter: + https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. properties: clientId: + description: The secret or configmap containing the OAuth2 client + id properties: configMap: + description: ConfigMap containing data to use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the ConfigMap or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -179,12 +281,19 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: + description: The secret containing the OAuth2 client secret properties: key: + description: The key of the secret to select from. Must be + a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must be + defined type: boolean required: - key @@ -193,12 +302,15 @@ spec: endpointParams: additionalProperties: type: string + description: Parameters to append to the token URL type: object scopes: + description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: + description: The URL to fetch the token from minLength: 1 type: string required: @@ -207,49 +319,87 @@ spec: - tokenUrl type: object prober: + description: Specification for the prober to use for probing targets. + The prober.URL parameter is required. Targets cannot be probed if + left empty. properties: path: default: /probe + description: Path to collect metrics from. Defaults to `/probe`. type: string proxyUrl: + description: Optional ProxyURL. type: string scheme: + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. enum: - http - https type: string url: + description: Mandatory URL of the prober. type: string required: - url type: object sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. format: int64 type: integer scrapeTimeout: + description: Timeout for scraping metrics from the Prometheus exporter. + If not specified, the Prometheus global scrape timeout is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. format: int64 type: integer targets: + description: Targets defines a set of static or dynamically discovered + targets to probe. properties: ingress: + description: ingress defines the Ingress objects to probe and + the relabeling configuration. If `staticConfig` is also defined, + `staticConfig` takes precedence. properties: namespaceSelector: + description: From which namespaces to select Ingress objects. properties: any: + description: Boolean describing whether all namespaces + are selected in contrast to a list restricting them. type: boolean matchNames: + description: List of namespace names to select from. items: type: string type: array type: object relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the target before it gets scraped. The original ingress + address is available via the `__tmp_prometheus_ingress_address` + label. It can be used to customize the probed URL. The original + scrape job''s name is available via the `__tmp_prometheus_job_name` + label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace - Replace @@ -275,33 +425,69 @@ spec: - DropEqual type: string modulus: + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' type: string separator: + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array selector: + description: Selector to select the Ingress objects. properties: matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: + description: key is the label key that the selector + applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. items: type: string type: array @@ -313,21 +499,40 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object staticConfig: + description: 'staticConfig defines the static list of targets + to probe and the relabeling configuration. If `ingress` is also + defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' properties: labels: additionalProperties: type: string + description: Labels assigned to all metrics scraped from the + targets. type: object relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace - Replace @@ -353,52 +558,88 @@ spec: - DropEqual type: string modulus: + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' type: string separator: + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array static: + description: The list of hosts to probe. items: type: string type: array type: object type: object tlsConfig: + description: TLS configuration to use when scraping the endpoint. properties: ca: + description: Certificate authority used when verifying server + certificates. properties: configMap: + description: ConfigMap containing data to use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the ConfigMap or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -406,26 +647,40 @@ spec: x-kubernetes-map-type: atomic type: object cert: + description: Client certificate to present when doing client-authentication. properties: configMap: + description: ConfigMap containing data to use for the targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the ConfigMap or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -433,20 +688,29 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: + description: Disable target certificate validation. type: boolean keySecret: + description: Secret containing the client key file for the targets. properties: key: + description: The key of the secret to select from. Must be + a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must be + defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the targets. type: string type: object type: object diff --git a/bundle/manifests/monitoring.rhobs_prometheusagents.yaml b/bundle/manifests/monitoring.rhobs_prometheusagents.yaml index ff5a4f3c..1268bb6f 100644 --- a/bundle/manifests/monitoring.rhobs_prometheusagents.yaml +++ b/bundle/manifests/monitoring.rhobs_prometheusagents.yaml @@ -19,13 +19,16 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: .spec.version + - description: The version of Prometheus agent + jsonPath: .spec.version name: Version type: string - - jsonPath: .spec.replicas + - description: The number of desired replicas + jsonPath: .spec.replicas name: Desired type: integer - - jsonPath: .status.availableReplicas + - description: The number of ready replicas + jsonPath: .status.availableReplicas name: Ready type: integer - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status @@ -37,63 +40,142 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.paused + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused name: Paused priority: 1 type: boolean name: v1alpha1 schema: openAPIV3Schema: + description: PrometheusAgent defines a Prometheus agent deployment. properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: 'Specification of the desired behavior of the Prometheus + agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: additionalArgs: + description: "AdditionalArgs allows setting additional arguments for + the 'prometheus' container. \n It is intended for e.g. activating + hidden flags which are not supported by the dedicated configuration + options yet. The arguments are passed as-is to the Prometheus container + which may cause issues if they are invalid or not supported by the + given Prometheus version. \n In case of an argument conflict (e.g. + an argument which is already set by the operator itself) or when + providing an invalid argument, the reconciliation will fail and + an error will be logged." items: + description: Argument as part of the AdditionalArgs list. properties: name: + description: Name of the argument, e.g. "scrape.discovery-reload-interval". minLength: 1 type: string value: + description: Argument value, e.g. 30s. Can be empty for name-only + arguments (e.g. --storage.tsdb.no-lockfile) type: string required: - name type: object type: array additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a + Secret containing additional Prometheus scrape configurations. Scrape + configurations specified are appended to the configurations generated + by the Prometheus Operator. Job configurations specified must have + the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are + going to break Prometheus after the upgrade.' properties: key: + description: The key of the secret to select from. Must be a + valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic affinity: + description: Defines the Pods' affinity scheduling rules if specified. properties: nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). properties: preference: + description: A node selector term, associated with the + corresponding weight. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -103,13 +185,33 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -121,6 +223,8 @@ spec: type: object x-kubernetes-map-type: atomic weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -129,18 +233,50 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. properties: nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -150,13 +286,33 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -174,22 +330,61 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -201,19 +396,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -225,19 +453,40 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -246,18 +495,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -269,19 +552,47 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -293,14 +604,33 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -308,22 +638,62 @@ spec: type: array type: object podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -335,19 +705,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -359,19 +762,40 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -380,18 +804,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -403,19 +861,47 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -427,14 +913,33 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -443,47 +948,82 @@ spec: type: object type: object apiserverConfig: + description: 'APIServerConfig allows specifying a host and auth methods + to access the Kuberntees API server. If null, Prometheus is assumed + to run inside of the cluster: it will discover the API servers automatically + and use the Pod''s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.' properties: authorization: + description: Authorization section for accessing apiserver properties: credentials: + description: The secret's key that contains the credentials + of the request properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic credentialsFile: + description: File to read a secret from, mutually exclusive + with Credentials (from SafeAuthorization) type: string type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error type: string type: object basicAuth: + description: BasicAuth allow an endpoint to authenticate over + basic authentication properties: password: + description: The secret in the service monitor namespace that + contains the password for authentication. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: + description: The secret in the service monitor namespace that + contains the username for authentication. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -491,34 +1031,57 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: + description: Bearer token for accessing apiserver. type: string bearerTokenFile: + description: File to read bearer token for accessing apiserver. type: string host: + description: Host of apiserver. A valid string consisting of a + hostname or IP followed by an optional port number type: string tlsConfig: + description: TLS Config to use for accessing apiserver. properties: ca: + description: Certificate authority used when verifying server + certificates. properties: configMap: + description: ConfigMap containing data to use for the + targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -526,28 +1089,47 @@ spec: x-kubernetes-map-type: atomic type: object caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. type: string cert: + description: Client certificate to present when doing client-authentication. properties: configMap: + description: ConfigMap containing data to use for the + targets. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: + description: Secret containing data to use for the targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -555,103 +1137,217 @@ spec: x-kubernetes-map-type: atomic type: object certFile: + description: Path to the client cert file in the Prometheus + container for the targets. type: string insecureSkipVerify: + description: Disable target certificate validation. type: boolean keyFile: + description: Path to the client key file in the Prometheus + container for the targets. type: string keySecret: + description: Secret containing the client key file for the + targets. properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: + description: Used to verify the hostname for the targets. type: string type: object required: - host type: object arbitraryFSAccessThroughSMs: + description: When true, ServiceMonitor, PodMonitor and Probe object + are forbidden to reference arbitrary files on the file system of + the 'prometheus' container. When a ServiceMonitor's endpoint specifies + a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), + a malicious target can get access to the Prometheus service account's + token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` + to 'true' would prevent the attack. Users should instead provide + the credentials using the `spec.bearerTokenSecret` field. properties: deny: type: boolean type: object configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into /etc/prometheus/configmaps/ in the 'prometheus' + container. items: type: string type: array containers: + description: "Containers allows injecting additional containers or + modifying operator generated containers. This can be used to allow + adding an authentication proxy to the Pods or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and + modifications are done via a strategic merge patch. \n The names + of containers managed by the operator are: * `prometheus` * `config-reloader` + * `thanos-sidecar` \n Overriding containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice." items: + description: A single application container that you want to run + within a pod. properties: args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -663,53 +1359,111 @@ spec: type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must be + defined type: boolean type: object x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -717,49 +1471,97 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -767,25 +1569,40 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -793,37 +1610,71 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -831,62 +1682,126 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port in a + single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -897,37 +1812,71 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -935,51 +1884,97 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: + description: Resources resize policy for the container. items: + description: ContainerResizePolicy represents resource resize + policy for the container. properties: resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -988,11 +1983,23 @@ spec: type: array x-kubernetes-list-type: atomic resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. type: string required: - name @@ -1008,6 +2015,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1016,101 +2025,260 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. properties: localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". type: string type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1118,61 +2286,139 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1180,19 +2426,40 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -1200,51 +2467,123 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array enableFeatures: + description: "Enable access to Prometheus feature flags. By default, + no features are enabled. \n Enabling features which are disabled + by default is entirely outside the scope of what the maintainers + will support and by doing so, you accept that this behaviour may + break at any time without notice. \n For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" items: type: string type: array enableRemoteWriteReceiver: + description: "Enable Prometheus to be used as a receiver for the Prometheus + remote write protocol. \n WARNING: This is not considered an efficient + way of ingesting samples. Use it with caution for specific low-volume + use cases. It is not suitable for replacing the ingestion via scraping + and turning Prometheus into a push-based metrics collection system. + For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + \n It requires Prometheus >= v2.33.0." type: boolean enforcedBodySizeLimit: + description: "When defined, enforcedBodySizeLimit specifies a global + limit on the size of uncompressed response body that will be accepted + by Prometheus. Targets responding with a body larger than this many + bytes will cause the scrape to fail. \n It requires Prometheus >= + v2.28.0." pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string enforcedLabelLimit: + description: "When defined, enforcedLabelLimit specifies a global + limit on the number of labels per sample. The value overrides any + `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. + \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedLabelNameLengthLimit: + description: "When defined, enforcedLabelNameLengthLimit specifies + a global limit on the length of labels name per sample. The value + overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, + PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is + greater than zero and less than `spec.enforcedLabelNameLengthLimit`. + \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedLabelValueLengthLimit: + description: "When not null, enforcedLabelValueLengthLimit defines + a global limit on the length of labels value per sample. The value + overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, + PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is + greater than zero and less than `spec.enforcedLabelValueLengthLimit`. + \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedNamespaceLabel: + description: "When not empty, a label will be added to \n 1. All metrics + scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` + objects. 2. All metrics generated from recording rules defined in + `PrometheusRule` objects. 3. All alerts generated from alerting + rules defined in `PrometheusRule` objects. 4. All vector selectors + of PromQL expressions defined in `PrometheusRule` objects. \n The + label will not added for objects referenced in `spec.excludedFromEnforcement`. + \n The label's name is this field's value. The label's value is + the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or + `PrometheusRule` object." type: string enforcedSampleLimit: + description: "When defined, enforcedSampleLimit specifies a global + limit on the number of scraped samples that will be accepted. This + overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, + Probe objects unless `spec.sampleLimit` is greater than zero and + less than than `spec.enforcedSampleLimit`. \n It is meant to be + used by admins to keep the overall number of samples/series under + a desired limit." format: int64 type: integer enforcedTargetLimit: + description: "When defined, enforcedTargetLimit specifies a global + limit on the number of scraped targets. The value overrides any + `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. + \n It is meant to be used by admins to to keep the overall number + of targets under a desired limit." format: int64 type: integer excludedFromEnforcement: + description: "List of references to PodMonitor, ServiceMonitor, Probe + and PrometheusRule objects to be excluded from enforcing a namespace + label of origin. \n It is only applicable if `spec.enforcedNamespaceLabel` + set to true." items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. properties: group: default: monitoring.rhobs + description: Group of the referent. When not specified, it defaults + to `monitoring.rhobs` enum: - monitoring.rhobs type: string name: + description: Name of the referent. When not set, all resources + in the namespace are matched. type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' minLength: 1 type: string resource: + description: Resource of the referent. enum: - prometheusrules - servicemonitors @@ -1259,17 +2598,30 @@ spec: externalLabels: additionalProperties: type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` + take precedence over this list. type: object externalUrl: + description: The external URL under which the Prometheus service is + externally available. This is necessary to generate correct URLs + (for instance if Prometheus is accessible behind an Ingress resource). type: string hostAliases: + description: Optional list of hosts and IPs that will be injected + into the Pod's hosts file if specified. items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. properties: hostnames: + description: Hostnames for the above IP address. items: type: string type: array ip: + description: IP address of the host file entry. type: string required: - hostnames @@ -1280,12 +2632,31 @@ spec: - ip x-kubernetes-list-type: map hostNetwork: + description: "Use the host's network namespace if true. \n Make sure + to understand the security implications if you want to enable it + (https://kubernetes.io/docs/concepts/configuration/overview/). \n + When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` + automatically." type: boolean ignoreNamespaceSelectors: + description: When true, `spec.namespaceSelector` from all PodMonitor, + ServiceMonitor and Probe objects will be ignored. They will only + discover targets within the namespace of the PodMonitor, ServiceMonitor + and Probe objec. type: boolean image: + description: "Container image name for Prometheus. If specified, it + takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` + fields. \n Specifying `spec.version` is still necessary to ensure + the Prometheus Operator knows which version of Prometheus is being + configured. \n If neither `spec.image` nor `spec.baseImage` are + defined, the operator will use the latest upstream version of Prometheus + available at the time when the operator was released." type: string imagePullPolicy: + description: Image pull policy for the 'prometheus', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. enum: - "" - Always @@ -1293,78 +2664,172 @@ spec: - IfNotPresent type: string imagePullSecrets: + description: An optional list of references to Secrets in the same + namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: + description: "InitContainers allows injecting initContainers to the + Pod definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. \n The names of init container name + managed by the operator are: * `init-config-reloader`. \n Overriding + init containers is entirely outside the scope of what the maintainers + will support and by doing so, you accept that this behaviour may + break at any time without notice." items: + description: A single application container that you want to run + within a pod. properties: args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select from. Must + be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -1376,53 +2841,111 @@ spec: type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must be + defined type: boolean type: object x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1430,49 +2953,97 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1480,25 +3051,40 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1506,37 +3092,71 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1544,62 +3164,126 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port in a + single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -1610,37 +3294,71 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1648,51 +3366,97 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: + description: Resources resize policy for the container. items: + description: ContainerResizePolicy represents resource resize + policy for the container. properties: resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -1701,11 +3465,23 @@ spec: type: array x-kubernetes-list-type: atomic resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. type: string required: - name @@ -1721,6 +3497,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1729,101 +3507,260 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. properties: localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". type: string type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC port. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: + description: The header field value type: string required: - name @@ -1831,61 +3768,139 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1893,19 +3908,40 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -1913,20 +3949,28 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array listenLocal: + description: When true, the Prometheus server listens on the loopback + address instead of the Pod IP's address. type: boolean logFormat: + description: Log format for Log level for Prometheus and the config-reloader + sidecar. enum: - "" - logfmt - json type: string logLevel: + description: Log level for Prometheus and the config-reloader sidecar. enum: - "" - debug @@ -1935,41 +3979,90 @@ spec: - error type: string minReadySeconds: + description: "Minimum number of seconds for which a newly created + Pod should be ready without any of its container crashing for it + to be considered available. Defaults to 0 (pod will be considered + available as soon as it is ready) \n This is an alpha field from + kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate." format: int32 type: integer nodeSelector: additionalProperties: type: string + description: Defines on which Nodes the Pods are scheduled. type: object overrideHonorLabels: + description: When true, Prometheus resolves label conflicts by renaming + the labels in the scraped data to "exported_