Prometheus [monitoring.coreos.com/v1]

additionalAlertManagerConfigs

object

AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation:

https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config

The user is responsible for making sure that the configurations are valid

Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.

additionalAlertRelabelConfigs

object

AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation:

https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs

The user is responsible for making sure that the configurations are valid

Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.

additionalArgs

array

AdditionalArgs allows setting additional arguments for the 'prometheus' container.

It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version.

In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.

additionalArgs[]

object

Argument as part of the AdditionalArgs list.

additionalScrapeConfigs

object

AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.

affinity

object

Defines the Pods' affinity scheduling rules if specified.

alerting

object

Defines the settings related to Alertmanager.

allowOverlappingBlocks

boolean

AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus.

Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.

apiserverConfig

object

APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.

arbitraryFSAccessThroughSMs

object

When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor’s endpoint specifies a bearerTokenFile value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a malicious target can get access to the Prometheus service account’s token in the Prometheus' scrape request. Setting spec.arbitraryFSAccessThroughSM to 'true' would prevent the attack. Users should instead provide the credentials using the spec.bearerTokenSecret field.

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn’t set, the operator mounts the service account token by default.

Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the 'prometheus' container.

baseImage

string

Deprecated: use 'spec.image' instead.

bodySizeLimit

string

BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.

configMaps

array (string)

ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named configmap-<configmap-name>. The ConfigMaps are mounted into /etc/prometheus/configmaps/<configmap-name> in the 'prometheus' container.

containers

array

Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch.

The names of containers managed by the operator are: * prometheus * config-reloader * thanos-sidecar

Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

containers[]

object

A single application container that you want to run within a pod.

disableCompaction

boolean

When true, the Prometheus compaction is disabled.

enableAdminAPI

boolean

Enables access to the Prometheus web admin API.

WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so.

For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis

enableFeatures

array (string)

Enable access to Prometheus feature flags. By default, no features are enabled.

Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/

enableRemoteWriteReceiver

boolean

Enable Prometheus to be used as a receiver for the Prometheus remote write protocol.

WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver

It requires Prometheus >= v2.33.0.

enforcedBodySizeLimit

string

When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail.

It requires Prometheus >= v2.28.0.

When both enforcedBodySizeLimit and bodySizeLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedBodySizeLimit is greater than the bodySizeLimit, the bodySizeLimit will be set to enforcedBodySizeLimit. * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.

enforcedKeepDroppedTargets

integer

When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets is greater than zero and less than spec.enforcedKeepDroppedTargets.

It requires Prometheus >= v2.47.0.

When both enforcedKeepDroppedTargets and keepDroppedTargets are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedKeepDroppedTargets is greater than the keepDroppedTargets, the keepDroppedTargets will be set to enforcedKeepDroppedTargets. * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.

enforcedLabelLimit

integer

When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any spec.labelLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelLimit is greater than zero and less than spec.enforcedLabelLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelLimit and labelLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelLimit is greater than the labelLimit, the labelLimit will be set to enforcedLabelLimit. * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.

enforcedLabelNameLengthLimit

integer

When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any spec.labelNameLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelNameLengthLimit is greater than zero and less than spec.enforcedLabelNameLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelNameLengthLimit and labelNameLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelNameLengthLimit is greater than the labelNameLengthLimit, the labelNameLengthLimit will be set to enforcedLabelNameLengthLimit. * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.

enforcedLabelValueLengthLimit

integer

When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any spec.labelValueLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelValueLengthLimit is greater than zero and less than spec.enforcedLabelValueLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelValueLengthLimit and labelValueLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelValueLengthLimit is greater than the labelValueLengthLimit, the labelValueLengthLimit will be set to enforcedLabelValueLengthLimit. * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.

enforcedNamespaceLabel

string

When not empty, a label will be added to:

1. All metrics scraped from ServiceMonitor, PodMonitor, Probe and ScrapeConfig objects. 2. All metrics generated from recording rules defined in PrometheusRule objects. 3. All alerts generated from alerting rules defined in PrometheusRule objects. 4. All vector selectors of PromQL expressions defined in PrometheusRule objects.

The label will not added for objects referenced in spec.excludedFromEnforcement.

The label’s name is this field’s value. The label’s value is the namespace of the ServiceMonitor, PodMonitor, Probe, PrometheusRule or ScrapeConfig object.

enforcedSampleLimit

integer

When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any spec.sampleLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.sampleLimit is greater than zero and less than spec.enforcedSampleLimit.

It is meant to be used by admins to keep the overall number of samples/series under a desired limit.

When both enforcedSampleLimit and sampleLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedSampleLimit is greater than the sampleLimit, the sampleLimit will be set to enforcedSampleLimit. * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.

enforcedTargetLimit

integer

When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any spec.targetLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.targetLimit is greater than zero and less than spec.enforcedTargetLimit.

It is meant to be used by admins to to keep the overall number of targets under a desired limit.

When both enforcedTargetLimit and targetLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedTargetLimit is greater than the targetLimit, the targetLimit will be set to enforcedTargetLimit. * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.

evaluationInterval

string

Interval between rule evaluations. Default: "30s"

excludedFromEnforcement

array

List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin.

It is only applicable if spec.enforcedNamespaceLabel set to true.

excludedFromEnforcement[]

object

ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.

exemplars

object

Exemplars related settings that are runtime reloadable. It requires to enable the exemplar-storage feature flag to be effective.

externalLabels

object (string)

The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by spec.replicaExternalLabelName and spec.prometheusExternalLabelName take precedence over this list.

externalUrl

string

The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource).

hostAliases

array

Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified.

hostAliases[]

object

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.

hostNetwork

boolean

Use the host’s network namespace if true.

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to ClusterFirstWithHostNet automatically.

ignoreNamespaceSelectors

boolean

When true, spec.namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object.

image

string

Container image name for Prometheus. If specified, it takes precedence over the spec.baseImage, spec.tag and spec.sha fields.

Specifying spec.version is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured.

If neither spec.image nor spec.baseImage are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released.

imagePullPolicy

string

Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

imagePullSecrets

array

An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

imagePullSecrets[]

object

LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.

initContainers

array

InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch.

The names of init container name managed by the operator are: * init-config-reloader.

Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers[]

object

A single application container that you want to run within a pod.

keepDroppedTargets

integer

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.

labelLimit

integer

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.

labelNameLengthLimit

integer

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.

labelValueLengthLimit

integer

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.

listenLocal

boolean

When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address.

logFormat

string

Log format for Log level for Prometheus and the config-reloader sidecar.

logLevel

string

Log level for Prometheus and the config-reloader sidecar.

maximumStartupDurationSeconds

integer

Defines the maximum time that the prometheus container’s startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).

minReadySeconds

integer

Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

nodeSelector

object (string)

Defines on which Nodes the Pods are scheduled.

overrideHonorLabels

boolean

When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to “exported_” for all targets created from ServiceMonitor, PodMonitor and ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies. In practice,overrideHonorLaels:true enforces honorLabels:false for all ServiceMonitor, PodMonitor and ScrapeConfig objects.

overrideHonorTimestamps

boolean

When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies.

paused

boolean

When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.

persistentVolumeClaimRetentionPolicy

object

The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.

podMetadata

object

PodMetadata configures labels and annotations which are propagated to the Prometheus pods.

The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/name" label, set to "prometheus". * "app.kubernetes.io/version" label, set to the Prometheus version. * "operator.prometheus.io/name" label, set to the name of the Prometheus object. * "operator.prometheus.io/shard" label, set to the shard number of the Prometheus object. * "kubectl.kubernetes.io/default-container" annotation, set to "prometheus".

podMonitorNamespaceSelector

object

Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

podMonitorSelector

object

PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

podTargetLabels

array (string)

PodTargetLabels are appended to the spec.podTargetLabels field of all PodMonitor and ServiceMonitor objects.

portName

string

Port name used for the pods and governing service. Default: "web"

priorityClassName

string

Priority class assigned to the Pods.

probeNamespaceSelector

object

Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

probeSelector

object

Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

prometheusExternalLabelName

string

Name of Prometheus external label used to denote the Prometheus instance name. The external label will not be added when the field is set to the empty string ("").

Default: "prometheus"

prometheusRulesExcludedFromEnforce

array

Defines the list of PrometheusRule objects to which the namespace label enforcement doesn’t apply. This is only relevant when spec.enforcedNamespaceLabel is set to true. Deprecated: use spec.excludedFromEnforcement instead.

prometheusRulesExcludedFromEnforce[]

object

PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics.

query

object

QuerySpec defines the configuration of the Promethus query service.

queryLogFile

string

queryLogFile specifies where the file to which PromQL queries are logged.

If the filename has an empty path, e.g. 'query.log', The Prometheus Pods will mount the file into an emptyDir volume at /var/log/prometheus. If a full path is provided, e.g. '/var/log/prometheus/query.log', you must mount a volume in the specified directory and it must be writable. This is because the prometheus container runs with a read-only root filesystem for security reasons. Alternatively, the location can be set to a standard I/O stream, e.g. /dev/stdout, to log query information to the default Prometheus log stream.

reloadStrategy

string

Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint.

remoteRead

array

Defines the list of remote read configurations.

remoteRead[]

object

RemoteReadSpec defines the configuration for Prometheus to read back samples from a remote endpoint.

remoteWrite

array

Defines the list of remote write configurations.

remoteWrite[]

object

RemoteWriteSpec defines the configuration to write samples from Prometheus to a remote endpoint.

replicaExternalLabelName

string

Name of Prometheus external label used to denote the replica name. The external label will not be added when the field is set to the empty string ("").

Default: "prometheus_replica"

replicas

integer

Number of replicas of each shard to deploy for a Prometheus deployment. spec.replicas multiplied by spec.shards is the total number of Pods created.

Default: 1

resources

object

Defines the resources requests and limits of the 'prometheus' container.

retention

string

How long to retain the Prometheus data.

Default: "24h" if spec.retention and spec.retentionSize are empty.

retentionSize

string

Maximum number of bytes used by the Prometheus data.

routePrefix

string

The route prefix Prometheus registers HTTP handlers for.

This is useful when using spec.externalURL, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.

ruleNamespaceSelector

object

Namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

ruleSelector

object

PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects.

rules

object

Defines the configuration of the Prometheus rules' engine.

sampleLimit

integer

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.

scrapeClasses

array

List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

This is an experimental feature, it may change in any upcoming release in a breaking way.

scrapeClasses[]

object

scrapeConfigNamespaceSelector

object

Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

scrapeConfigSelector

object

ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

scrapeInterval

string

Interval between consecutive scrapes.

Default: "30s"

scrapeProtocols

array (string)

The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

scrapeTimeout

string

Number of seconds to wait until a scrape request times out.

secrets

array (string)

Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each Secret is added to the StatefulSet definition as a volume named secret-<secret-name>. The Secrets are mounted into /etc/prometheus/secrets/<secret-name> in the 'prometheus' container.

securityContext

object

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.

serviceMonitorNamespaceSelector

object

Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

serviceMonitorSelector

object

ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

sha

string

Deprecated: use 'spec.image' instead. The image’s digest can be specified as part of the image name.

shards

integer

Number of shards to distribute targets onto. spec.replicas multiplied by spec.shards is the total number of Pods created.

Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location.

Sharding is performed on the content of the address target meta-label for PodMonitors and ServiceMonitors and param_target for Probes.

Default: 1

storage

object

Storage defines the storage used by Prometheus.

tag

string

Deprecated: use 'spec.image' instead. The image’s tag can be specified as part of the image name.

targetLimit

integer

TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.

thanos

object

Defines the configuration of the optional Thanos sidecar.

tolerations

array

Defines the Pods' tolerations if specified.

tolerations[]

object

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.

topologySpreadConstraints

array

Defines the pod’s topology spread constraints if specified.

topologySpreadConstraints[]

object

tracingConfig

object

TracingConfig configures tracing in Prometheus.

This is an experimental feature, it may change in any upcoming release in a breaking way.

tsdb

object

Defines the runtime reloadable configuration of the timeseries database (TSDB).

version

string

Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files.

If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released.

volumeMounts

array

VolumeMounts allows the configuration of additional VolumeMounts.

VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects.

volumeMounts[]

object

VolumeMount describes a mounting of a Volume within a container.

volumes

array

Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumes[]

object

Volume represents a named volume in a pod that may be accessed by any container in the pod.

walCompression

boolean

Configures compression of the write-ahead log (WAL) using Snappy.

WAL compression is enabled by default for Prometheus >= 2.20.0

Requires Prometheus v2.11.0 and above.

web

object

Defines the configuration of the Prometheus web server.

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop kubebuilder:default when controller-gen doesn’t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.

optional

boolean

Specify whether the Secret or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop kubebuilder:default when controller-gen doesn’t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.

optional

boolean

Specify whether the Secret or its key must be defined

name

string

Name of the argument, e.g. "scrape.discovery-reload-interval".

value

string

Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop kubebuilder:default when controller-gen doesn’t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.

optional

boolean

Specify whether the Secret or its key must be defined

nodeAffinity

object

Describes node affinity scheduling rules for the pod.

podAffinity

object

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

object

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

preferredDuringSchedulingIgnoredDuringExecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringExecution[]

object

An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).

requiredDuringSchedulingIgnoredDuringExecution

object

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

preference

object

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

matchExpressions

array

A list of node selector requirements by node’s labels.

matchExpressions[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchFields

array

A list of node selector requirements by node’s fields.

matchFields[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

nodeSelectorTerms

array

Required. A list of node selector terms. The terms are ORed.

nodeSelectorTerms[]

object

A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.

matchExpressions

array

A list of node selector requirements by node’s labels.

matchExpressions[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchFields

array

A list of node selector requirements by node’s fields.

matchFields[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

preferredDuringSchedulingIgnoredDuringExecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringExecution[]

object

The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)

requiredDuringSchedulingIgnoredDuringExecution

array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

requiredDuringSchedulingIgnoredDuringExecution[]

object

Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running

podAffinityTerm

object

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.