API reference
This page is automatically generated with
gen-crd-api-reference-docs
.
Packages:
monitoring.coreos.com/v1
Resource Types:Alertmanager
The Alertmanager
custom resource definition (CRD) defines a desired Alertmanager setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.
For each Alertmanager
resource, the Operator deploys a StatefulSet
in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.
The resource defines via label and namespace selectors which AlertmanagerConfig
objects should be associated to the deployed Alertmanager instances.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kind string |
Alertmanager |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
spec AlertmanagerSpec |
Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status AlertmanagerStatus |
Most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
PodMonitor
The PodMonitor
custom resource definition (CRD) defines how Prometheus
and PrometheusAgent
can scrape metrics from a group of pods.
Among other things, it allows to specify:
* The pods to scrape via label selectors.
* The container ports to scrape.
* Authentication credentials to use.
* Target and metric relabeling.
Prometheus
and PrometheusAgent
objects select PodMonitor
objects using label and namespace selectors.
Field | Description | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1
|
||||||||||||||||||||||||||||||||||||||||
kind string |
PodMonitor |
||||||||||||||||||||||||||||||||||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||
spec PodMonitorSpec |
Specification of desired Pod selection for target discovery by Prometheus.
|
Probe
The Probe
custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the blackbox exporter.
The Probe
resource needs 2 pieces of information:
* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects.
* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, …) as Prometheus metrics.
Prometheus
and PrometheusAgent
objects select Probe
objects using label and namespace selectors.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1
|
||||||||||||||||||||||||||||||||||||||||||||||||
kind string |
Probe |
||||||||||||||||||||||||||||||||||||||||||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||
spec ProbeSpec |
Specification of desired Ingress selection for target discovery by Prometheus.
|
Prometheus
The Prometheus
custom resource definition (CRD) defines a desired Prometheus setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.
For each Prometheus
resource, the Operator deploys one or several StatefulSet
objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.
The resource defines via label and namespace selectors which ServiceMonitor
, PodMonitor
, Probe
and PrometheusRule
objects should be associated to the deployed Prometheus instances.
The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kind string |
Prometheus |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
spec PrometheusSpec |
Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status PrometheusStatus |
Most recent observed status of the Prometheus cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
PrometheusRule
The PrometheusRule
custom resource definition (CRD) defines alerting and recording rules to be evaluated by Prometheus
or ThanosRuler
objects.
Prometheus
and ThanosRuler
objects select PrometheusRule
objects using label and namespace selectors.
Field | Description | ||
---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1
|
||
kind string |
PrometheusRule |
||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec PrometheusRuleSpec |
Specification of desired alerting rule definitions for Prometheus.
|
ServiceMonitor
The ServiceMonitor
custom resource definition (CRD) defines how Prometheus
and PrometheusAgent
can scrape metrics from a group of services.
Among other things, it allows to specify:
* The services to scrape via label selectors.
* The container ports to scrape.
* Authentication credentials to use.
* Target and metric relabeling.
Prometheus
and PrometheusAgent
objects select ServiceMonitor
objects using label and namespace selectors.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1
|
||||||||||||||||||||||||||||||||||||||||||
kind string |
ServiceMonitor |
||||||||||||||||||||||||||||||||||||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||
spec ServiceMonitorSpec |
Specification of desired Service selection for target discovery by Prometheus.
|
ThanosRuler
The ThanosRuler
custom resource definition (CRD) defines a desired Thanos Ruler setup to run in a Kubernetes cluster.
A ThanosRuler
instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).
The resource defines via label and namespace selectors which PrometheusRule
objects should be associated to the deployed Thanos Ruler instances.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kind string |
ThanosRuler |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
spec ThanosRulerSpec |
Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status ThanosRulerStatus |
Most recent observed status of the ThanosRuler cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
APIServerConfig
(Appears on:CommonPrometheusFields)
APIServerConfig defines how the Prometheus server connects to the Kubernetes API server.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config
Field | Description |
---|---|
host string |
Kubernetes API address consisting of a hostname or IP address followed by an optional port number. |
basicAuth BasicAuth |
(Optional)
BasicAuth configuration for the API server. Cannot be set at the same time as |
bearerTokenFile string |
File to read bearer token for accessing apiserver. Cannot be set at the same time as Deprecated: this will be removed in a future release. Prefer using |
tlsConfig TLSConfig |
(Optional)
TLS Config to use for the API server. |
authorization Authorization |
(Optional)
Authorization section for the API server. Cannot be set at the same time as |
bearerToken string |
Warning: this field shouldn’t be used because the token value appears
in clear-text. Prefer using Deprecated: this will be removed in a future release. |
AdditionalLabelSelectors
(string
alias)
(Appears on:TopologySpreadConstraint)
Value | Description |
---|---|
"OnResource" |
Automatically add a label selector that will select all pods matching the same Prometheus/PrometheusAgent resource (irrespective of their shards). |
"OnShard" |
Automatically add a label selector that will select all pods matching the same shard. |
AlertingSpec
(Appears on:PrometheusSpec)
AlertingSpec defines parameters for alerting configuration of Prometheus servers.
Field | Description |
---|---|
alertmanagers []AlertmanagerEndpoints |
Alertmanager endpoints where Prometheus should send alerts to. |
AlertmanagerAPIVersion
(string
alias)
(Appears on:AlertmanagerEndpoints)
Value | Description |
---|---|
"V1" |
|
"V2" |
AlertmanagerConfigMatcherStrategy
(Appears on:AlertmanagerSpec)
Field | Description |
---|---|
type AlertmanagerConfigMatcherStrategyType |
AlertmanagerConfigMatcherStrategyType defines the strategy used by AlertmanagerConfig objects to match alerts in the routes and inhibition rules. The default value is |
AlertmanagerConfigMatcherStrategyType
(string
alias)
(Appears on:AlertmanagerConfigMatcherStrategy)
Value | Description |
---|---|
"None" |
With |
"OnNamespace" |
With |
AlertmanagerConfiguration
(Appears on:AlertmanagerSpec)
AlertmanagerConfiguration defines the Alertmanager configuration.
Field | Description |
---|---|
name string |
The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration.
It must be defined in the same namespace as the Alertmanager object.
The operator will not enforce a |
global AlertmanagerGlobalConfig |
(Optional)
Defines the global parameters of the Alertmanager configuration. |
templates []SecretOrConfigMap |
(Optional)
Custom notification templates. |
AlertmanagerEndpoints
(Appears on:AlertingSpec)
AlertmanagerEndpoints defines a selection of a single Endpoints object containing Alertmanager IPs to fire alerts against.
Field | Description |
---|---|
namespace string |
(Optional)
Namespace of the Endpoints object. If not set, the object will be discovered in the namespace of the Prometheus object. |
name string |
Name of the Endpoints object in the namespace. |
port k8s.io/apimachinery/pkg/util/intstr.IntOrString |
Port on which the Alertmanager API is exposed. |
scheme string |
Scheme to use when firing alerts. |
pathPrefix string |
Prefix for the HTTP path alerts are pushed to. |
tlsConfig TLSConfig |
(Optional)
TLS Config to use for Alertmanager. |
basicAuth BasicAuth |
(Optional)
BasicAuth configuration for Alertmanager. Cannot be set at the same time as |
bearerTokenFile string |
File to read bearer token for Alertmanager. Cannot be set at the same time as Deprecated: this will be removed in a future release. Prefer using |
authorization SafeAuthorization |
(Optional)
Authorization section for Alertmanager. Cannot be set at the same time as |
sigv4 Sigv4 |
(Optional)
Sigv4 allows to configures AWS’s Signature Verification 4 for the URL. It requires Prometheus >= v2.48.0. Cannot be set at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
apiVersion AlertmanagerAPIVersion |
(Optional)
Version of the Alertmanager API that Prometheus uses to send alerts. It can be “V1” or “V2”. The field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported. |
timeout Duration |
(Optional)
Timeout is a per-target Alertmanager timeout when pushing alerts. |
enableHttp2 bool |
(Optional)
Whether to enable HTTP2. |
relabelings []RelabelConfig |
(Optional)
Relabel configuration applied to the discovered Alertmanagers. |
alertRelabelings []RelabelConfig |
(Optional)
Relabeling configs applied before sending alerts to a specific Alertmanager. It requires Prometheus >= v2.51.0. |
AlertmanagerGlobalConfig
(Appears on:AlertmanagerConfiguration)
AlertmanagerGlobalConfig configures parameters that are valid in all other configuration contexts. See https://prometheus.io/docs/alerting/latest/configuration/#configuration-file
Field | Description |
---|---|
smtp GlobalSMTPConfig |
(Optional)
Configures global SMTP parameters. |
resolveTimeout Duration |
ResolveTimeout is the default value used by alertmanager if the alert does not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. This has no impact on alerts from Prometheus, as they always include EndsAt. |
httpConfig HTTPConfig |
HTTP client configuration. |
slackApiUrl Kubernetes core/v1.SecretKeySelector |
The default Slack API URL. |
opsGenieApiUrl Kubernetes core/v1.SecretKeySelector |
The default OpsGenie API URL. |
opsGenieApiKey Kubernetes core/v1.SecretKeySelector |
The default OpsGenie API Key. |
pagerdutyUrl string |
The default Pagerduty URL. |
AlertmanagerSpec
(Appears on:Alertmanager)
AlertmanagerSpec is a specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Field | Description |
---|---|
podMetadata EmbeddedObjectMetadata |
PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. The following items are reserved and cannot be overridden: * “alertmanager” label, set to the name of the Alertmanager instance. * “app.kubernetes.io/instance” label, set to the name of the Alertmanager instance. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “alertmanager”. * “app.kubernetes.io/version” label, set to the Alertmanager version. * “kubectl.kubernetes.io/default-container” annotation, set to “alertmanager”. |
image string |
Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. |
imagePullPolicy Kubernetes core/v1.PullPolicy |
Image pull policy for the ‘alertmanager’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. |
version string |
Version the cluster should be on. |
tag string |
Tag of Alertmanager container image to be deployed. Defaults to the value of |
sha string |
SHA of Alertmanager container image to be deployed. Defaults to the value of |
baseImage string |
Base image that is used to deploy pods, without tag. Deprecated: use ‘image’ instead. |
imagePullSecrets []Kubernetes core/v1.LocalObjectReference |
An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod |
secrets []string |
Secrets is a list of Secrets in the same namespace as the Alertmanager
object, which shall be mounted into the Alertmanager Pods.
Each Secret is added to the StatefulSet definition as a volume named |
configMaps []string |
ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager
object, which shall be mounted into the Alertmanager Pods.
Each ConfigMap is added to the StatefulSet definition as a volume named |
configSecret string |
ConfigSecret is the name of a Kubernetes Secret in the same namespace as the
Alertmanager object, which contains the configuration for this Alertmanager
instance. If empty, it defaults to The Alertmanager configuration should be available under the
If either the secret or the |
logLevel string |
Log level for Alertmanager to be configured with. |
logFormat string |
Log format for Alertmanager to be configured with. |
replicas int32 |
Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. |
retention GoDuration |
Time duration Alertmanager shall retain data for. Default is ‘120h’,
and must match the regular expression |
storage StorageSpec |
Storage is the definition of how storage will be used by the Alertmanager instances. |
volumes []Kubernetes core/v1.Volume |
Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. |
volumeMounts []Kubernetes core/v1.VolumeMount |
VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. |
persistentVolumeClaimRetentionPolicy Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy |
(Optional)
The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate. |
externalUrl string |
The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. |
routePrefix string |
The route prefix Alertmanager registers HTTP handlers for. This is useful,
if using ExternalURL and a proxy is rewriting HTTP routes of a request,
and the actual ExternalURL is still true, but the server serves requests
under a different route prefix. For example for use with |
paused bool |
If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions. |
nodeSelector map[string]string |
Define which Nodes the Pods are scheduled on. |
resources Kubernetes core/v1.ResourceRequirements |
Define resources requests and limits for single Pods. |
affinity Kubernetes core/v1.Affinity |
If specified, the pod’s scheduling constraints. |
tolerations []Kubernetes core/v1.Toleration |
If specified, the pod’s tolerations. |
topologySpreadConstraints []Kubernetes core/v1.TopologySpreadConstraint |
If specified, the pod’s topology spread constraints. |
securityContext Kubernetes core/v1.PodSecurityContext |
SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. |
dnsPolicy DNSPolicy |
(Optional)
Defines the DNS policy for the pods. |
dnsConfig PodDNSConfig |
(Optional)
Defines the DNS configuration for the pods. |
serviceAccountName string |
ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. |
listenLocal bool |
ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. |
containers []Kubernetes core/v1.Container |
Containers allows injecting additional containers. This is meant to
allow adding an authentication proxy to an Alertmanager pod.
Containers described here modify an operator generated container if they
share the same name and modifications are done via a strategic merge
patch. The current container names are: |
initContainers []Kubernetes core/v1.Container |
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g.
fetch secrets for injection into the Alertmanager configuration from external sources. Any
errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
InitContainers described here modify an operator
generated init containers if they share the same name and modifications are
done via a strategic merge patch. The current init container name is:
|
priorityClassName string |
Priority class assigned to the Pods |
additionalPeers []string |
AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. |
clusterAdvertiseAddress string |
ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 1 addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 |
clusterGossipInterval GoDuration |
Interval between gossip attempts. |
clusterLabel string |
Defines the identifier that uniquely identifies the Alertmanager cluster.
You should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the |
clusterPushpullInterval GoDuration |
Interval between pushpull attempts. |
clusterPeerTimeout GoDuration |
Timeout for cluster peering. |
portName string |
Port name used for the pods and governing service.
Defaults to |
forceEnableClusterMode bool |
ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. |
alertmanagerConfigSelector Kubernetes meta/v1.LabelSelector |
AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. |
alertmanagerConfigNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. |
alertmanagerConfigMatcherStrategy AlertmanagerConfigMatcherStrategy |
AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects process incoming alerts. |
minReadySeconds uint32 |
(Optional)
Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. |
hostAliases []HostAlias |
Pods’ hostAliases configuration |
web AlertmanagerWebSpec |
Defines the web command line flags when starting Alertmanager. |
alertmanagerConfiguration AlertmanagerConfiguration |
(Optional)
alertmanagerConfiguration specifies the configuration of Alertmanager. If defined, it takes precedence over the This is an experimental feature, it may change in any upcoming release in a breaking way. |
automountServiceAccountToken bool |
(Optional)
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.
If the service account has |
enableFeatures []string |
(Optional)
Enable access to Alertmanager feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. It requires Alertmanager >= 0.27.0. |
AlertmanagerStatus
(Appears on:Alertmanager)
AlertmanagerStatus is the most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Field | Description |
---|---|
paused bool |
Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. |
replicas int32 |
Total number of non-terminated pods targeted by this Alertmanager object (their labels match the selector). |
updatedReplicas int32 |
Total number of non-terminated pods targeted by this Alertmanager object that have the desired version spec. |
availableReplicas int32 |
Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. |
unavailableReplicas int32 |
Total number of unavailable pods targeted by this Alertmanager object. |
selector string |
The selector used to match the pods targeted by this Alertmanager object. |
conditions []Condition |
(Optional)
The current state of the Alertmanager object. |
AlertmanagerWebSpec
(Appears on:AlertmanagerSpec)
AlertmanagerWebSpec defines the web command line flags when starting Alertmanager.
Field | Description |
---|---|
tlsConfig WebTLSConfig |
Defines the TLS parameters for HTTPS. |
httpConfig WebHTTPConfig |
Defines HTTP parameters for web server. |
getConcurrency uint32 |
(Optional)
Maximum number of GET requests processed concurrently. This corresponds to the
Alertmanager’s |
timeout uint32 |
(Optional)
Timeout for HTTP requests. This corresponds to the Alertmanager’s
|
ArbitraryFSAccessThroughSMsConfig
(Appears on:CommonPrometheusFields)
ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service monitor selected by the Prometheus instance is allowed to use arbitrary files on the file system of the Prometheus container. This is the case when e.g. a service monitor specifies a BearerTokenFile in an endpoint. A malicious user could create a service monitor selecting arbitrary secret files in the Prometheus container. Those secrets would then be sent with a scrape request by Prometheus to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.
Field | Description |
---|---|
deny bool |
Argument
(Appears on:CommonPrometheusFields, ThanosRulerSpec, ThanosSpec)
Argument as part of the AdditionalArgs list.
Field | Description |
---|---|
name string |
Name of the argument, e.g. “scrape.discovery-reload-interval”. |
value string |
Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. –storage.tsdb.no-lockfile) |
AttachMetadata
(Appears on:PodMonitorSpec, ScrapeClass, ServiceMonitorSpec)
Field | Description |
---|---|
node bool |
(Optional)
When set to true, Prometheus attaches node metadata to the discovered targets. The Prometheus service account must have the |
Authorization
(Appears on:APIServerConfig, RemoteReadSpec, RemoteWriteSpec, ScrapeClass)
Field | Description |
---|---|
type string |
Defines the authentication type. The value is case-insensitive. “Basic” is not a supported value. Default: “Bearer” |
credentials Kubernetes core/v1.SecretKeySelector |
Selects a key of a Secret in the namespace that contains the credentials for authentication. |
credentialsFile string |
File to read a secret from, mutually exclusive with |
AuthorizationValidationError
AuthorizationValidationError is returned by Authorization.Validate() on semantically invalid configurations.
Field | Description |
---|---|
err string |
AzureAD
(Appears on:RemoteWriteSpec)
AzureAD defines the configuration for remote write’s azuread parameters.
Field | Description |
---|---|
cloud string |
(Optional)
The Azure Cloud. Options are ‘AzurePublic’, ‘AzureChina’, or ‘AzureGovernment’. |
managedIdentity ManagedIdentity |
(Optional)
ManagedIdentity defines the Azure User-assigned Managed identity.
Cannot be set at the same time as |
oauth AzureOAuth |
(Optional)
OAuth defines the oauth config that is being used to authenticate.
Cannot be set at the same time as It requires Prometheus >= v2.48.0. |
sdk AzureSDK |
(Optional)
SDK defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
Cannot be set at the same time as It requires Prometheus >= 2.52.0. |
AzureOAuth
(Appears on:AzureAD)
AzureOAuth defines the Azure OAuth settings.
Field | Description |
---|---|
clientId string |
|
clientSecret Kubernetes core/v1.SecretKeySelector |
|
tenantId string |
|
AzureSDK
(Appears on:AzureAD)
AzureSDK is used to store azure SDK config values.
Field | Description |
---|---|
tenantId string |
(Optional)
|
BasicAuth
(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
BasicAuth configures HTTP Basic Authentication settings.
Field | Description |
---|---|
username Kubernetes core/v1.SecretKeySelector |
|
password Kubernetes core/v1.SecretKeySelector |
|
ByteSize
(string
alias)
(Appears on:CommonPrometheusFields, PodMonitorSpec, PrometheusSpec, ServiceMonitorSpec)
ByteSize is a valid memory size type based on powers-of-2, so 1KB is 1024B.
Supported units: B, KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB Ex: 512MB
.
CommonPrometheusFields
(Appears on:PrometheusSpec, PrometheusAgentSpec)
CommonPrometheusFields are the options available to both the Prometheus server and agent.
Field | Description |
---|---|
podMetadata EmbeddedObjectMetadata |
PodMetadata configures labels and annotations which are propagated to the Prometheus pods. The following items are reserved and cannot be overridden: * “prometheus” label, set to the name of the Prometheus object. * “app.kubernetes.io/instance” label, set to the name of the Prometheus object. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “prometheus”. * “app.kubernetes.io/version” label, set to the Prometheus version. * “operator.prometheus.io/name” label, set to the name of the Prometheus object. * “operator.prometheus.io/shard” label, set to the shard number of the Prometheus object. * “kubectl.kubernetes.io/default-container” annotation, set to “prometheus”. |
serviceMonitorSelector Kubernetes meta/v1.LabelSelector |
ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If |
serviceMonitorNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. |
podMonitorSelector Kubernetes meta/v1.LabelSelector |
PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If |
podMonitorNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. |
probeSelector Kubernetes meta/v1.LabelSelector |
Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If |
probeNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. |
scrapeConfigSelector Kubernetes meta/v1.LabelSelector |
(Optional)
ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If Note that the ScrapeConfig custom resource definition is currently at Alpha level. |
scrapeConfigNamespaceSelector Kubernetes meta/v1.LabelSelector |
(Optional)
Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. Note that the ScrapeConfig custom resource definition is currently at Alpha level. |
version string |
Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. |
paused bool |
When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. |
image string |
(Optional)
Container image name for Prometheus. If specified, it takes precedence
over the Specifying If neither |
imagePullPolicy Kubernetes core/v1.PullPolicy |
Image pull policy for the ‘prometheus’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. |
imagePullSecrets []Kubernetes core/v1.LocalObjectReference |
An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod |
replicas int32 |
(Optional)
Number of replicas of each shard to deploy for a Prometheus deployment.
Default: 1 |
shards int32 |
(Optional)
Number of shards to distribute scraped targets onto.
When not defined, the operator assumes only one shard. Note that scaling down shards will not reshard data onto the remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. Alerting and recording rules By default, the sharding is performed on:
* The Users can define their own sharding implementation by setting the
|
replicaExternalLabelName string |
(Optional)
Name of Prometheus external label used to denote the replica name.
The external label will not be added when the field is set to the
empty string ( Default: “prometheus_replica” |
prometheusExternalLabelName string |
(Optional)
Name of Prometheus external label used to denote the Prometheus instance
name. The external label will not be added when the field is set to
the empty string ( Default: “prometheus” |
logLevel string |
Log level for Prometheus and the config-reloader sidecar. |
logFormat string |
Log format for Log level for Prometheus and the config-reloader sidecar. |
scrapeInterval Duration |
Interval between consecutive scrapes. Default: “30s” |
scrapeTimeout Duration |
Number of seconds to wait until a scrape request times out. |
scrapeProtocols []ScrapeProtocol |
(Optional)
The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). If unset, Prometheus uses its default value. It requires Prometheus >= v2.49.0.
|
externalLabels map[string]string |
The labels to add to any time series or alerts when communicating with
external systems (federation, remote storage, Alertmanager).
Labels defined by |
enableRemoteWriteReceiver bool |
Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver It requires Prometheus >= v2.33.0. |
enableOTLPReceiver bool |
(Optional)
Enable Prometheus to be used as a receiver for the OTLP Metrics protocol. Note that the OTLP receiver endpoint is automatically enabled if It requires Prometheus >= v2.47.0. |
remoteWriteReceiverMessageVersions []RemoteWriteMessageVersion |
(Optional)
List of the protobuf message versions to accept when receiving the remote writes. It requires Prometheus >= v2.54.0. |
enableFeatures []EnableFeature |
(Optional)
Enable access to Prometheus feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ |
externalUrl string |
The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource). |
routePrefix string |
The route prefix Prometheus registers HTTP handlers for. This is useful when using |
storage StorageSpec |
Storage defines the storage used by Prometheus. |
volumes []Kubernetes core/v1.Volume |
Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. |
volumeMounts []Kubernetes core/v1.VolumeMount |
VolumeMounts allows the configuration of additional VolumeMounts. VolumeMounts will be appended to other VolumeMounts in the ‘prometheus’ container, that are generated as a result of StorageSpec objects. |
persistentVolumeClaimRetentionPolicy Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy |
(Optional)
The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate. |
web PrometheusWebSpec |
Defines the configuration of the Prometheus web server. |
resources Kubernetes core/v1.ResourceRequirements |
Defines the resources requests and limits of the ‘prometheus’ container. |
nodeSelector map[string]string |
Defines on which Nodes the Pods are scheduled. |
serviceAccountName string |
ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. |
automountServiceAccountToken bool |
(Optional)
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn’t set, the operator mounts the service account token by default. Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container. |
secrets []string |
Secrets is a list of Secrets in the same namespace as the Prometheus
object, which shall be mounted into the Prometheus Pods.
Each Secret is added to the StatefulSet definition as a volume named |
configMaps []string |
ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus
object, which shall be mounted into the Prometheus Pods.
Each ConfigMap is added to the StatefulSet definition as a volume named |
affinity Kubernetes core/v1.Affinity |
(Optional)
Defines the Pods’ affinity scheduling rules if specified. |
tolerations []Kubernetes core/v1.Toleration |
(Optional)
Defines the Pods’ tolerations if specified. |
topologySpreadConstraints []TopologySpreadConstraint |
(Optional)
Defines the pod’s topology spread constraints if specified. |
remoteWrite []RemoteWriteSpec |
(Optional)
Defines the list of remote write configurations. |
otlp OTLPConfig |
(Optional)
Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. |
securityContext Kubernetes core/v1.PodSecurityContext |
(Optional)
SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. |
dnsPolicy DNSPolicy |
(Optional)
Defines the DNS policy for the pods. |
dnsConfig PodDNSConfig |
(Optional)
Defines the DNS configuration for the pods. |
listenLocal bool |
When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address. |
containers []Kubernetes core/v1.Container |
(Optional)
Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The names of containers managed by the operator are:
* Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. |
initContainers []Kubernetes core/v1.Container |
(Optional)
InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The names of init container name managed by the operator are:
* Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. |
additionalScrapeConfigs Kubernetes core/v1.SecretKeySelector |
(Optional)
AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade. |
apiserverConfig APIServerConfig |
(Optional)
APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. |
priorityClassName string |
Priority class assigned to the Pods. |
portName string |
Port name used for the pods and governing service. Default: “web” |
arbitraryFSAccessThroughSMs ArbitraryFSAccessThroughSMsConfig |
When true, ServiceMonitor, PodMonitor and Probe object are forbidden to
reference arbitrary files on the file system of the ‘prometheus’
container.
When a ServiceMonitor’s endpoint specifies a |
overrideHonorLabels bool |
When true, Prometheus resolves label conflicts by renaming the labels in the scraped data
to “exported_” for all targets created from ServiceMonitor, PodMonitor and
ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.
In practice, |
overrideHonorTimestamps bool |
When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies. |
ignoreNamespaceSelectors bool |
When true, |
enforcedNamespaceLabel string |
When not empty, a label will be added to:
The label will not added for objects referenced in The label’s name is this field’s value.
The label’s value is the namespace of the |
enforcedSampleLimit uint64 |
(Optional)
When defined, enforcedSampleLimit specifies a global limit on the number
of scraped samples that will be accepted. This overrides any
It is meant to be used by admins to keep the overall number of samples/series under a desired limit. When both |
enforcedTargetLimit uint64 |
(Optional)
When defined, enforcedTargetLimit specifies a global limit on the number
of scraped targets. The value overrides any It is meant to be used by admins to to keep the overall number of targets under a desired limit. When both |
enforcedLabelLimit uint64 |
(Optional)
When defined, enforcedLabelLimit specifies a global limit on the number
of labels per sample. The value overrides any It requires Prometheus >= v2.27.0. When both |
enforcedLabelNameLengthLimit uint64 |
(Optional)
When defined, enforcedLabelNameLengthLimit specifies a global limit on the length
of labels name per sample. The value overrides any It requires Prometheus >= v2.27.0. When both |
enforcedLabelValueLengthLimit uint64 |
(Optional)
When not null, enforcedLabelValueLengthLimit defines a global limit on the length
of labels value per sample. The value overrides any It requires Prometheus >= v2.27.0. When both |
enforcedKeepDroppedTargets uint64 |
(Optional)
When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets
dropped by relabeling that will be kept in memory. The value overrides
any It requires Prometheus >= v2.47.0. When both |
enforcedBodySizeLimit ByteSize |
When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. It requires Prometheus >= v2.28.0. When both |
nameValidationScheme NameValidationSchemeOptions |
(Optional)
Specifies the validation scheme for metric and label names. |
minReadySeconds uint32 |
(Optional)
Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. |
hostAliases []HostAlias |
(Optional)
Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified. |
additionalArgs []Argument |
(Optional)
AdditionalArgs allows setting additional arguments for the ‘prometheus’ container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. |
walCompression bool |
(Optional)
Configures compression of the write-ahead log (WAL) using Snappy. WAL compression is enabled by default for Prometheus >= 2.20.0 Requires Prometheus v2.11.0 and above. |
excludedFromEnforcement []ObjectReference |
(Optional)
List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. It is only applicable if |
hostNetwork bool |
Use the host’s network namespace if true. Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). When hostNetwork is enabled, this will set the DNS policy to
|
podTargetLabels []string |
(Optional)
PodTargetLabels are appended to the |
tracingConfig PrometheusTracingConfig |
(Optional)
TracingConfig configures tracing in Prometheus. This is an experimental feature, it may change in any upcoming release in a breaking way. |
bodySizeLimit ByteSize |
(Optional)
BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. |
sampleLimit uint64 |
(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. |
targetLimit uint64 |
(Optional)
TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. |
labelLimit uint64 |
(Optional)
Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. |
labelNameLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. |
labelValueLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. |
keepDroppedTargets uint64 |
(Optional)
Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. |
reloadStrategy ReloadStrategyType |
(Optional)
Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint. |
maximumStartupDurationSeconds int32 |
(Optional)
Defines the maximum time that the |
scrapeClasses []ScrapeClass |
List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. This is an experimental feature, it may change in any upcoming release in a breaking way. |
serviceDiscoveryRole ServiceDiscoveryRole |
(Optional)
Defines the service discovery role used to discover targets from
If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role. |
tsdb TSDBSpec |
(Optional)
Defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. |
runtime RuntimeConfig |
(Optional)
RuntimeConfig configures the values for the Prometheus process behavior |
Condition
(Appears on:AlertmanagerStatus, PrometheusStatus, ThanosRulerStatus)
Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource.
Field | Description |
---|---|
type ConditionType |
Type of the condition being reported. |
status ConditionStatus |
Status of the condition. |
lastTransitionTime Kubernetes meta/v1.Time |
lastTransitionTime is the time of the last update to the current status property. |
reason string |
(Optional)
Reason for the condition’s last transition. |
message string |
(Optional)
Human-readable message indicating details for the condition’s last transition. |
observedGeneration int64 |
ObservedGeneration represents the .metadata.generation that the
condition was set based upon. For instance, if |
ConditionStatus
(string
alias)
(Appears on:Condition)
Value | Description |
---|---|
"Degraded" |
|
"False" |
|
"True" |
|
"Unknown" |
ConditionType
(string
alias)
(Appears on:Condition)
Value | Description |
---|---|
"Available" |
Available indicates whether enough pods are ready to provide the service. The possible status values for this condition type are: - True: all pods are running and ready, the service is fully available. - Degraded: some pods aren’t ready, the service is partially available. - False: no pods are running, the service is totally unavailable. - Unknown: the operator couldn’t determine the condition status. |
"Reconciled" |
Reconciled indicates whether the operator has reconciled the state of the underlying resources with the object’s spec. The possible status values for this condition type are: - True: the reconciliation was successful. - False: the reconciliation failed. - Unknown: the operator couldn’t determine the condition status. |
CoreV1TopologySpreadConstraint
(Appears on:TopologySpreadConstraint)
Field | Description |
---|---|
maxSkew int32 |
MaxSkew describes the degree to which pods may be unevenly distributed.
When |
topologyKey string |
TopologyKey is the key of node labels. Nodes that have a label with this key
and identical values are considered to be in the same topology.
We consider each |
whenUnsatisfiable Kubernetes core/v1.UnsatisfiableConstraintAction |
WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered “Unsatisfiable” for an incoming pod if and only if every possible node assignment for that pod would violate “MaxSkew” on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won’t make it more imbalanced. It’s a required field. |
labelSelector Kubernetes meta/v1.LabelSelector |
(Optional)
LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. |
minDomains int32 |
(Optional)
MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats “global minimum” as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won’t schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so “global minimum” is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. |
nodeAffinityPolicy Kubernetes core/v1.NodeInclusionPolicy |
(Optional)
NodeAffinityPolicy indicates how we will treat Pod’s nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. |
nodeTaintsPolicy Kubernetes core/v1.NodeInclusionPolicy |
(Optional)
NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. |
matchLabelKeys []string |
(Optional)
MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn’t set. Keys that don’t exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). |
DNSPolicy
(string
alias)
(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)
DNSPolicy specifies the DNS policy for the pod.
Value | Description |
---|---|
"ClusterFirst" |
DNSClusterFirst indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings. |
"ClusterFirstWithHostNet" |
DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings. |
"Default" |
DNSDefault indicates that the pod should use the default (as determined by kubelet) DNS settings. |
"None" |
DNSNone indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig. |
Duration
(string
alias)
(Appears on:AlertmanagerEndpoints, AlertmanagerGlobalConfig, CommonPrometheusFields, Endpoint, MetadataConfig, PodMetricsEndpoint, ProbeSpec, PrometheusSpec, PrometheusTracingConfig, QuerySpec, QueueConfig, RemoteReadSpec, RemoteWriteSpec, Rule, RuleGroup, TSDBSpec, ThanosRulerSpec, ThanosSpec, AzureSDConfig, ConsulSDConfig, DNSSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, FileSDConfig, GCESDConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OVHCloudSDConfig, OpenStackSDConfig, PuppetDBSDConfig, PushoverConfig, ScalewaySDConfig, ScrapeConfigSpec, PushoverConfig)
Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.
Supported units: y, w, d, h, m, s, ms
Examples: 30s
, 1m
, 1h20m15s
, 15d
EmbeddedObjectMetadata
(Appears on:AlertmanagerSpec, CommonPrometheusFields, EmbeddedPersistentVolumeClaim, ThanosRulerSpec)
EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included.
Field | Description |
---|---|
name string |
(Optional)
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
labels map[string]string |
(Optional)
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels |
annotations map[string]string |
(Optional)
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations |
EmbeddedPersistentVolumeClaim
(Appears on:StorageSpec)
EmbeddedPersistentVolumeClaim is an embedded version of k8s.io/api/core/v1.PersistentVolumeClaim. It contains TypeMeta and a reduced ObjectMeta.
Field | Description | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata EmbeddedObjectMetadata |
EmbeddedMetadata contains metadata relevant to an EmbeddedResource. |
||||||||||||||||||
spec Kubernetes core/v1.PersistentVolumeClaimSpec |
(Optional)
Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
||||||||||||||||||
status Kubernetes core/v1.PersistentVolumeClaimStatus |
(Optional)
Deprecated: this field is never set. |
EnableFeature
(string
alias)
(Appears on:CommonPrometheusFields)
Endpoint
(Appears on:ServiceMonitorSpec)
Endpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.
Field | Description |
---|---|
port string |
Name of the Service port which this endpoint refers to. It takes precedence over |
targetPort k8s.io/apimachinery/pkg/util/intstr.IntOrString |
(Optional)
Name or number of the target port of the |
path string |
HTTP path from which to scrape for metrics. If empty, Prometheus uses the default value (e.g. |
scheme string |
HTTP scheme to use for scraping.
If empty, Prometheus uses the default value |
params map[string][]string |
params define optional HTTP URL parameters. |
interval Duration |
Interval at which Prometheus scrapes the metrics from the target. If empty, Prometheus uses the global scrape interval. |
scrapeTimeout Duration |
Timeout after which Prometheus considers the scrape to be failed. If empty, Prometheus uses the global scrape timeout unless it is less than the target’s scrape interval value in which the latter is used. |
tlsConfig TLSConfig |
(Optional)
TLS configuration to use when scraping the target. |
bearerTokenFile string |
File to read bearer token for scraping the target. Deprecated: use |
bearerTokenSecret Kubernetes core/v1.SecretKeySelector |
(Optional)
Deprecated: use |
authorization SafeAuthorization |
(Optional)
Cannot be set at the same time as |
honorLabels bool |
When true, |
honorTimestamps bool |
(Optional)
|
trackTimestampsStaleness bool |
(Optional)
It requires Prometheus >= v2.48.0. |
basicAuth BasicAuth |
(Optional)
Cannot be set at the same time as |
oauth2 OAuth2 |
(Optional)
It requires Prometheus >= 2.27.0. Cannot be set at the same time as |
metricRelabelings []RelabelConfig |
(Optional)
|
relabelings []RelabelConfig |
(Optional)
The Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job’s name is available via the More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
proxyUrl string |
(Optional)
|
followRedirects bool |
(Optional)
|
enableHttp2 bool |
(Optional)
|
filterRunning bool |
(Optional)
When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. If unset, the filtering is enabled. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase |
Exemplars
(Appears on:PrometheusSpec)
Field | Description |
---|---|
maxSize int64 |
(Optional)
Maximum number of exemplars stored in memory for all series. exemplar-storage itself must be enabled using the If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage. |
GlobalSMTPConfig
(Appears on:AlertmanagerGlobalConfig)
GlobalSMTPConfig configures global SMTP parameters. See https://prometheus.io/docs/alerting/latest/configuration/#configuration-file
Field | Description |
---|---|
from string |
(Optional)
The default SMTP From header field. |
smartHost HostPort |
(Optional)
The default SMTP smarthost used for sending emails. |
hello string |
(Optional)
The default hostname to identify to the SMTP server. |
authUsername string |
(Optional)
SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn’t authenticate to the SMTP server. |
authPassword Kubernetes core/v1.SecretKeySelector |
(Optional)
SMTP Auth using LOGIN and PLAIN. |
authIdentity string |
(Optional)
SMTP Auth using PLAIN |
authSecret Kubernetes core/v1.SecretKeySelector |
(Optional)
SMTP Auth using CRAM-MD5. |
requireTLS bool |
(Optional)
The default SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. |
GoDuration
(string
alias)
(Appears on:AlertmanagerSpec)
GoDuration is a valid time duration that can be parsed by Go’s time.ParseDuration() function.
Supported units: h, m, s, ms
Examples: 45ms
, 30s
, 1m
, 1h20m15s
HTTPConfig
(Appears on:AlertmanagerGlobalConfig)
HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config
Field | Description |
---|---|
authorization SafeAuthorization |
(Optional)
Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. |
basicAuth BasicAuth |
(Optional)
BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. |
oauth2 OAuth2 |
(Optional)
OAuth2 client credentials used to fetch a token for the targets. |
bearerTokenSecret Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the Alertmanager object and accessible by the Prometheus Operator. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration for the client. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
FollowRedirects specifies whether the client should follow HTTP 3xx redirects. |
HostAlias
(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)
HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.
Field | Description |
---|---|
ip string |
IP address of the host file entry. |
hostnames []string |
Hostnames for the above IP address. |
HostPort
(Appears on:GlobalSMTPConfig)
HostPort represents a “host:port” network address.
Field | Description |
---|---|
host string |
Defines the host’s address, it can be a DNS name or a literal IP address. |
port string |
Defines the host’s port, it can be a literal port number or a port name. |
LabelName
(string
alias)
(Appears on:RelabelConfig)
LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.
ManagedIdentity
(Appears on:AzureAD)
ManagedIdentity defines the Azure User-assigned Managed identity.
Field | Description |
---|---|
clientId string |
The client id |
MetadataConfig
(Appears on:RemoteWriteSpec)
MetadataConfig configures the sending of series metadata to the remote storage.
Field | Description |
---|---|
send bool |
Defines whether metric metadata is sent to the remote storage or not. |
sendInterval Duration |
Defines how frequently metric metadata is sent to the remote storage. |
NameValidationSchemeOptions
(string
alias)
(Appears on:CommonPrometheusFields)
Specifies the validation scheme for metric and label names.
Supported values are:
* UTF8NameValidationScheme
for UTF-8 support.
* LegacyNameValidationScheme
for letters, numbers, colons, and underscores.
Note that LegacyNameValidationScheme
cannot be used along with the OpenTelemetry NoUTF8EscapingWithSuffixes
translation strategy (if enabled).
Value | Description |
---|---|
"Legacy" |
|
"UTF8" |
NamespaceSelector
(Appears on:PodMonitorSpec, ProbeTargetIngress, ServiceMonitorSpec)
NamespaceSelector is a selector for selecting either all namespaces or a
list of namespaces.
If any
is true, it takes precedence over matchNames
.
If matchNames
is empty and any
is false, it means that the objects are
selected from the current namespace.
Field | Description |
---|---|
any bool |
Boolean describing whether all namespaces are selected in contrast to a list restricting them. |
matchNames []string |
List of namespace names to select from. |
NativeHistogramConfig
(Appears on:PodMonitorSpec, ProbeSpec, ServiceMonitorSpec, ScrapeConfigSpec)
NativeHistogramConfig extends the native histogram configuration settings.
Field | Description |
---|---|
scrapeClassicHistograms bool |
(Optional)
Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. |
nativeHistogramBucketLimit uint64 |
(Optional)
If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0. |
nativeHistogramMinBucketFactor k8s.io/apimachinery/pkg/api/resource.Quantity |
(Optional)
If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0. |
NonEmptyDuration
(string
alias)
(Appears on:Rule)
NonEmptyDuration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.
Compared to Duration, NonEmptyDuration enforces a minimum length of 1.
Supported units: y, w, d, h, m, s, ms
Examples: 30s
, 1m
, 1h20m15s
, 15d
OAuth2
(Appears on:Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
OAuth2 configures OAuth2 settings.
Field | Description |
---|---|
clientId SecretOrConfigMap |
|
clientSecret Kubernetes core/v1.SecretKeySelector |
|
tokenUrl string |
|
scopes []string |
|
endpointParams map[string]string |
(Optional)
|
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
OAuth2ValidationError
Field | Description |
---|---|
err string |
OTLPConfig
(Appears on:CommonPrometheusFields)
OTLPConfig is the configuration for writing to the OTLP endpoint.
Field | Description |
---|---|
promoteResourceAttributes []string |
(Optional)
List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. |
translationStrategy TranslationStrategyOption |
(Optional)
Configures how the OTLP receiver endpoint translates the incoming metrics. If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. |
ObjectReference
(Appears on:CommonPrometheusFields, ThanosRulerSpec)
ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.
Field | Description |
---|---|
group string |
(Optional)
Group of the referent. When not specified, it defaults to |
resource string |
Resource of the referent. |
namespace string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
name string |
(Optional)
Name of the referent. When not set, all resources in the namespace are matched. |
PodDNSConfig
(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Field | Description |
---|---|
nameservers []string |
A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. |
searches []string |
A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. |
options []PodDNSConfigOption |
A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Resolution options given in Options will override those that appear in the base DNSPolicy. |
PodDNSConfigOption
(Appears on:PodDNSConfig)
PodDNSConfigOption defines DNS resolver options of a pod.
Field | Description |
---|---|
name string |
Name is required and must be unique. |
value string |
Value is optional. |
PodMetricsEndpoint
(Appears on:PodMonitorSpec)
PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.
Field | Description |
---|---|
port string |
(Optional)
The It takes precedence over the |
portNumber int32 |
(Optional)
The |
targetPort k8s.io/apimachinery/pkg/util/intstr.IntOrString |
Name or number of the target port of the Deprecated: use ‘port’ or ‘portNumber’ instead. |
path string |
HTTP path from which to scrape for metrics. If empty, Prometheus uses the default value (e.g. |
scheme string |
HTTP scheme to use for scraping.
If empty, Prometheus uses the default value |
params map[string][]string |
|
interval Duration |
Interval at which Prometheus scrapes the metrics from the target. If empty, Prometheus uses the global scrape interval. |
scrapeTimeout Duration |
Timeout after which Prometheus considers the scrape to be failed. If empty, Prometheus uses the global scrape timeout unless it is less than the target’s scrape interval value in which the latter is used. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to use when scraping the target. |
bearerTokenSecret Kubernetes core/v1.SecretKeySelector |
(Optional)
Deprecated: use |
honorLabels bool |
When true, |
honorTimestamps bool |
(Optional)
|
trackTimestampsStaleness bool |
(Optional)
It requires Prometheus >= v2.48.0. |
basicAuth BasicAuth |
(Optional)
Cannot be set at the same time as |
oauth2 OAuth2 |
(Optional)
It requires Prometheus >= 2.27.0. Cannot be set at the same time as |
authorization SafeAuthorization |
(Optional)
Cannot be set at the same time as |
metricRelabelings []RelabelConfig |
(Optional)
|
relabelings []RelabelConfig |
(Optional)
The Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job’s name is available via the More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
proxyUrl string |
(Optional)
|
followRedirects bool |
(Optional)
|
enableHttp2 bool |
(Optional)
|
filterRunning bool |
(Optional)
When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. If unset, the filtering is enabled. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase |
PodMonitorSpec
(Appears on:PodMonitor)
PodMonitorSpec contains specification parameters for a PodMonitor.
Field | Description |
---|---|
jobLabel string |
The label to use to retrieve the job name from.
For example if If the value of this field is empty, the |
podTargetLabels []string |
|
podMetricsEndpoints []PodMetricsEndpoint |
(Optional)
Defines how to scrape metrics from the selected pods. |
selector Kubernetes meta/v1.LabelSelector |
Label selector to select the Kubernetes |
selectorMechanism SelectorMechanism |
(Optional)
Mechanism used to select the endpoints to scrape. By default, the selection process relies on relabel configurations to filter the discovered targets. Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. Which strategy is best for your use case needs to be carefully evaluated. It requires Prometheus >= v2.17.0. |
namespaceSelector NamespaceSelector |
|
sampleLimit uint64 |
(Optional)
|
targetLimit uint64 |
(Optional)
|
scrapeProtocols []ScrapeProtocol |
(Optional)
If unset, Prometheus uses its default value. It requires Prometheus >= v2.49.0. |
fallbackScrapeProtocol ScrapeProtocol |
(Optional)
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. It requires Prometheus >= v3.0.0. |
labelLimit uint64 |
(Optional)
Per-scrape limit on number of labels that will be accepted for a sample. It requires Prometheus >= v2.27.0. |
labelNameLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels name that will be accepted for a sample. It requires Prometheus >= v2.27.0. |
labelValueLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels value that will be accepted for a sample. It requires Prometheus >= v2.27.0. |
scrapeClassicHistograms bool |
(Optional)
Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. |
nativeHistogramBucketLimit uint64 |
(Optional)
If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0. |
nativeHistogramMinBucketFactor k8s.io/apimachinery/pkg/api/resource.Quantity |
(Optional)
If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0. |
keepDroppedTargets uint64 |
(Optional)
Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. |
attachMetadata AttachMetadata |
(Optional)
It requires Prometheus >= v2.35.0. |
scrapeClass string |
(Optional)
The scrape class to apply. |
bodySizeLimit ByteSize |
(Optional)
When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. It requires Prometheus >= v2.28.0. |
ProbeSpec
(Appears on:Probe)
ProbeSpec contains specification parameters for a Probe.
Field | Description |
---|---|
jobName string |
The job name assigned to scraped metrics by default. |
prober ProberSpec |
Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. |
module string |
The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml |
targets ProbeTargets |
Targets defines a set of static or dynamically discovered targets to probe. |
interval Duration |
Interval at which targets are probed using the configured prober. If not specified Prometheus’ global scrape interval is used. |
scrapeTimeout Duration |
Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. |
tlsConfig SafeTLSConfig |
TLS configuration to use when scraping the endpoint. |
bearerTokenSecret Kubernetes core/v1.SecretKeySelector |
Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator. |
basicAuth BasicAuth |
BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint |
oauth2 OAuth2 |
OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. |
metricRelabelings []RelabelConfig |
MetricRelabelConfigs to apply to samples before ingestion. |
authorization SafeAuthorization |
Authorization section for this endpoint |
sampleLimit uint64 |
(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. |
targetLimit uint64 |
(Optional)
TargetLimit defines a limit on the number of scraped targets that will be accepted. |
scrapeProtocols []ScrapeProtocol |
(Optional)
If unset, Prometheus uses its default value. It requires Prometheus >= v2.49.0. |
fallbackScrapeProtocol ScrapeProtocol |
(Optional)
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. It requires Prometheus >= v3.0.0. |
labelLimit uint64 |
(Optional)
Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. |
labelNameLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. |
labelValueLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. |
scrapeClassicHistograms bool |
(Optional)
Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. |
nativeHistogramBucketLimit uint64 |
(Optional)
If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0. |
nativeHistogramMinBucketFactor k8s.io/apimachinery/pkg/api/resource.Quantity |
(Optional)
If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0. |
keepDroppedTargets uint64 |
(Optional)
Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. |
scrapeClass string |
(Optional)
The scrape class to apply. |
ProbeTargetIngress
(Appears on:ProbeTargets)
ProbeTargetIngress defines the set of Ingress objects considered for probing. The operator configures a target for each host/path combination of each ingress object.
Field | Description |
---|---|
selector Kubernetes meta/v1.LabelSelector |
Selector to select the Ingress objects. |
namespaceSelector NamespaceSelector |
From which namespaces to select Ingress objects. |
relabelingConfigs []RelabelConfig |
RelabelConfigs to apply to the label set of the target before it gets
scraped.
The original ingress address is available via the
|
ProbeTargetStaticConfig
(Appears on:ProbeTargets)
ProbeTargetStaticConfig defines the set of static targets considered for probing.
Field | Description |
---|---|
static []string |
The list of hosts to probe. |
labels map[string]string |
Labels assigned to all metrics scraped from the targets. |
relabelingConfigs []RelabelConfig |
RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
ProbeTargets
(Appears on:ProbeSpec)
ProbeTargets defines how to discover the probed targets.
One of the staticConfig
or ingress
must be defined.
If both are defined, staticConfig
takes precedence.
Field | Description |
---|---|
staticConfig ProbeTargetStaticConfig |
staticConfig defines the static list of targets to probe and the
relabeling configuration.
If |
ingress ProbeTargetIngress |
ingress defines the Ingress objects to probe and the relabeling
configuration.
If |
ProbeTargetsValidationError
ProbeTargetsValidationError is returned by ProbeTargets.Validate() on semantically invalid configurations.
Field | Description |
---|---|
err string |
ProberSpec
(Appears on:ProbeSpec)
ProberSpec contains specification parameters for the Prober used for probing.
Field | Description |
---|---|
url string |
Mandatory URL of the prober. |
scheme string |
HTTP scheme to use for scraping.
|
path string |
Path to collect metrics from.
Defaults to |
proxyUrl string |
Optional ProxyURL. |
PrometheusRuleExcludeConfig
(Appears on:PrometheusSpec, ThanosRulerSpec)
PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics.
Field | Description |
---|---|
ruleNamespace string |
Namespace of the excluded PrometheusRule object. |
ruleName string |
Name of the excluded PrometheusRule object. |
PrometheusRuleSpec
(Appears on:PrometheusRule)
PrometheusRuleSpec contains specification parameters for a Rule.
Field | Description |
---|---|
groups []RuleGroup |
Content of Prometheus rule file |
PrometheusSpec
(Appears on:Prometheus)
PrometheusSpec is a specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Field | Description |
---|---|
podMetadata EmbeddedObjectMetadata |
PodMetadata configures labels and annotations which are propagated to the Prometheus pods. The following items are reserved and cannot be overridden: * “prometheus” label, set to the name of the Prometheus object. * “app.kubernetes.io/instance” label, set to the name of the Prometheus object. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “prometheus”. * “app.kubernetes.io/version” label, set to the Prometheus version. * “operator.prometheus.io/name” label, set to the name of the Prometheus object. * “operator.prometheus.io/shard” label, set to the shard number of the Prometheus object. * “kubectl.kubernetes.io/default-container” annotation, set to “prometheus”. |
serviceMonitorSelector Kubernetes meta/v1.LabelSelector |
ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If |
serviceMonitorNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. |
podMonitorSelector Kubernetes meta/v1.LabelSelector |
PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If |
podMonitorNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. |
probeSelector Kubernetes meta/v1.LabelSelector |
Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If |
probeNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. |
scrapeConfigSelector Kubernetes meta/v1.LabelSelector |
(Optional)
ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If Note that the ScrapeConfig custom resource definition is currently at Alpha level. |
scrapeConfigNamespaceSelector Kubernetes meta/v1.LabelSelector |
(Optional)
Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. Note that the ScrapeConfig custom resource definition is currently at Alpha level. |
version string |
Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. |
paused bool |
When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. |
image string |
(Optional)
Container image name for Prometheus. If specified, it takes precedence
over the Specifying If neither |
imagePullPolicy Kubernetes core/v1.PullPolicy |
Image pull policy for the ‘prometheus’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. |
imagePullSecrets []Kubernetes core/v1.LocalObjectReference |
An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod |
replicas int32 |
(Optional)
Number of replicas of each shard to deploy for a Prometheus deployment.
Default: 1 |
shards int32 |
(Optional)
Number of shards to distribute scraped targets onto.
When not defined, the operator assumes only one shard. Note that scaling down shards will not reshard data onto the remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. Alerting and recording rules By default, the sharding is performed on:
* The Users can define their own sharding implementation by setting the
|
replicaExternalLabelName string |
(Optional)
Name of Prometheus external label used to denote the replica name.
The external label will not be added when the field is set to the
empty string ( Default: “prometheus_replica” |
prometheusExternalLabelName string |
(Optional)
Name of Prometheus external label used to denote the Prometheus instance
name. The external label will not be added when the field is set to
the empty string ( Default: “prometheus” |
logLevel string |
Log level for Prometheus and the config-reloader sidecar. |
logFormat string |
Log format for Log level for Prometheus and the config-reloader sidecar. |
scrapeInterval Duration |
Interval between consecutive scrapes. Default: “30s” |
scrapeTimeout Duration |
Number of seconds to wait until a scrape request times out. |
scrapeProtocols []ScrapeProtocol |
(Optional)
The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). If unset, Prometheus uses its default value. It requires Prometheus >= v2.49.0.
|
externalLabels map[string]string |
The labels to add to any time series or alerts when communicating with
external systems (federation, remote storage, Alertmanager).
Labels defined by |
enableRemoteWriteReceiver bool |
Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver It requires Prometheus >= v2.33.0. |
enableOTLPReceiver bool |
(Optional)
Enable Prometheus to be used as a receiver for the OTLP Metrics protocol. Note that the OTLP receiver endpoint is automatically enabled if It requires Prometheus >= v2.47.0. |
remoteWriteReceiverMessageVersions []RemoteWriteMessageVersion |
(Optional)
List of the protobuf message versions to accept when receiving the remote writes. It requires Prometheus >= v2.54.0. |
enableFeatures []EnableFeature |
(Optional)
Enable access to Prometheus feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ |
externalUrl string |
The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource). |
routePrefix string |
The route prefix Prometheus registers HTTP handlers for. This is useful when using |
storage StorageSpec |
Storage defines the storage used by Prometheus. |
volumes []Kubernetes core/v1.Volume |
Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. |
volumeMounts []Kubernetes core/v1.VolumeMount |
VolumeMounts allows the configuration of additional VolumeMounts. VolumeMounts will be appended to other VolumeMounts in the ‘prometheus’ container, that are generated as a result of StorageSpec objects. |
persistentVolumeClaimRetentionPolicy Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy |
(Optional)
The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate. |
web PrometheusWebSpec |
Defines the configuration of the Prometheus web server. |
resources Kubernetes core/v1.ResourceRequirements |
Defines the resources requests and limits of the ‘prometheus’ container. |
nodeSelector map[string]string |
Defines on which Nodes the Pods are scheduled. |
serviceAccountName string |
ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. |
automountServiceAccountToken bool |
(Optional)
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn’t set, the operator mounts the service account token by default. Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container. |
secrets []string |
Secrets is a list of Secrets in the same namespace as the Prometheus
object, which shall be mounted into the Prometheus Pods.
Each Secret is added to the StatefulSet definition as a volume named |
configMaps []string |
ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus
object, which shall be mounted into the Prometheus Pods.
Each ConfigMap is added to the StatefulSet definition as a volume named |
affinity Kubernetes core/v1.Affinity |
(Optional)
Defines the Pods’ affinity scheduling rules if specified. |
tolerations []Kubernetes core/v1.Toleration |
(Optional)
Defines the Pods’ tolerations if specified. |
topologySpreadConstraints []TopologySpreadConstraint |
(Optional)
Defines the pod’s topology spread constraints if specified. |
remoteWrite []RemoteWriteSpec |
(Optional)
Defines the list of remote write configurations. |
otlp OTLPConfig |
(Optional)
Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. |
securityContext Kubernetes core/v1.PodSecurityContext |
(Optional)
SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. |
dnsPolicy DNSPolicy |
(Optional)
Defines the DNS policy for the pods. |
dnsConfig PodDNSConfig |
(Optional)
Defines the DNS configuration for the pods. |
listenLocal bool |
When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address. |
containers []Kubernetes core/v1.Container |
(Optional)
Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The names of containers managed by the operator are:
* Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. |
initContainers []Kubernetes core/v1.Container |
(Optional)
InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The names of init container name managed by the operator are:
* Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. |
additionalScrapeConfigs Kubernetes core/v1.SecretKeySelector |
(Optional)
AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade. |
apiserverConfig APIServerConfig |
(Optional)
APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. |
priorityClassName string |
Priority class assigned to the Pods. |
portName string |
Port name used for the pods and governing service. Default: “web” |
arbitraryFSAccessThroughSMs ArbitraryFSAccessThroughSMsConfig |
When true, ServiceMonitor, PodMonitor and Probe object are forbidden to
reference arbitrary files on the file system of the ‘prometheus’
container.
When a ServiceMonitor’s endpoint specifies a |
overrideHonorLabels bool |
When true, Prometheus resolves label conflicts by renaming the labels in the scraped data
to “exported_” for all targets created from ServiceMonitor, PodMonitor and
ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.
In practice, |
overrideHonorTimestamps bool |
When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies. |
ignoreNamespaceSelectors bool |
When true, |
enforcedNamespaceLabel string |
When not empty, a label will be added to:
The label will not added for objects referenced in The label’s name is this field’s value.
The label’s value is the namespace of the |
enforcedSampleLimit uint64 |
(Optional)
When defined, enforcedSampleLimit specifies a global limit on the number
of scraped samples that will be accepted. This overrides any
It is meant to be used by admins to keep the overall number of samples/series under a desired limit. When both |
enforcedTargetLimit uint64 |
(Optional)
When defined, enforcedTargetLimit specifies a global limit on the number
of scraped targets. The value overrides any It is meant to be used by admins to to keep the overall number of targets under a desired limit. When both |
enforcedLabelLimit uint64 |
(Optional)
When defined, enforcedLabelLimit specifies a global limit on the number
of labels per sample. The value overrides any It requires Prometheus >= v2.27.0. When both |
enforcedLabelNameLengthLimit uint64 |
(Optional)
When defined, enforcedLabelNameLengthLimit specifies a global limit on the length
of labels name per sample. The value overrides any It requires Prometheus >= v2.27.0. When both |
enforcedLabelValueLengthLimit uint64 |
(Optional)
When not null, enforcedLabelValueLengthLimit defines a global limit on the length
of labels value per sample. The value overrides any It requires Prometheus >= v2.27.0. When both |
enforcedKeepDroppedTargets uint64 |
(Optional)
When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets
dropped by relabeling that will be kept in memory. The value overrides
any It requires Prometheus >= v2.47.0. When both |
enforcedBodySizeLimit ByteSize |
When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. It requires Prometheus >= v2.28.0. When both |
nameValidationScheme NameValidationSchemeOptions |
(Optional)
Specifies the validation scheme for metric and label names. |
minReadySeconds uint32 |
(Optional)
Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. |
hostAliases []HostAlias |
(Optional)
Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified. |
additionalArgs []Argument |
(Optional)
AdditionalArgs allows setting additional arguments for the ‘prometheus’ container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. |
walCompression bool |
(Optional)
Configures compression of the write-ahead log (WAL) using Snappy. WAL compression is enabled by default for Prometheus >= 2.20.0 Requires Prometheus v2.11.0 and above. |
excludedFromEnforcement []ObjectReference |
(Optional)
List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. It is only applicable if |
hostNetwork bool |
Use the host’s network namespace if true. Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). When hostNetwork is enabled, this will set the DNS policy to
|
podTargetLabels []string |
(Optional)
PodTargetLabels are appended to the |
tracingConfig PrometheusTracingConfig |
(Optional)
TracingConfig configures tracing in Prometheus. This is an experimental feature, it may change in any upcoming release in a breaking way. |
bodySizeLimit ByteSize |
(Optional)
BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. |
sampleLimit uint64 |
(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. |
targetLimit uint64 |
(Optional)
TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. |
labelLimit uint64 |
(Optional)
Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. |
labelNameLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. |
labelValueLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. |
keepDroppedTargets uint64 |
(Optional)
Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. |
reloadStrategy ReloadStrategyType |
(Optional)
Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint. |
maximumStartupDurationSeconds int32 |
(Optional)
Defines the maximum time that the |
scrapeClasses []ScrapeClass |
List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. This is an experimental feature, it may change in any upcoming release in a breaking way. |
serviceDiscoveryRole ServiceDiscoveryRole |
(Optional)
Defines the service discovery role used to discover targets from
If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role. |
tsdb TSDBSpec |
(Optional)
Defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. |
runtime RuntimeConfig |
(Optional)
RuntimeConfig configures the values for the Prometheus process behavior |
baseImage string |
Deprecated: use ‘spec.image’ instead. |
tag string |
Deprecated: use ‘spec.image’ instead. The image’s tag can be specified as part of the image name. |
sha string |
Deprecated: use ‘spec.image’ instead. The image’s digest can be specified as part of the image name. |
retention Duration |
How long to retain the Prometheus data. Default: “24h” if |
retentionSize ByteSize |
Maximum number of bytes used by the Prometheus data. |
disableCompaction bool |
When true, the Prometheus compaction is disabled.
When |
rules Rules |
Defines the configuration of the Prometheus rules’ engine. |
prometheusRulesExcludedFromEnforce []PrometheusRuleExcludeConfig |
(Optional)
Defines the list of PrometheusRule objects to which the namespace label
enforcement doesn’t apply.
This is only relevant when |
ruleSelector Kubernetes meta/v1.LabelSelector |
(Optional)
PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects. |
ruleNamespaceSelector Kubernetes meta/v1.LabelSelector |
(Optional)
Namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. |
query QuerySpec |
(Optional)
QuerySpec defines the configuration of the Promethus query service. |
alerting AlertingSpec |
(Optional)
Defines the settings related to Alertmanager. |
additionalAlertRelabelConfigs Kubernetes core/v1.SecretKeySelector |
(Optional)
AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs The user is responsible for making sure that the configurations are valid Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade. |
additionalAlertManagerConfigs Kubernetes core/v1.SecretKeySelector |
(Optional)
AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config The user is responsible for making sure that the configurations are valid Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. |
remoteRead []RemoteReadSpec |
(Optional)
Defines the list of remote read configurations. |
thanos ThanosSpec |
(Optional)
Defines the configuration of the optional Thanos sidecar. |
queryLogFile string |
queryLogFile specifies where the file to which PromQL queries are logged. If the filename has an empty path, e.g. ‘query.log’, The Prometheus Pods
will mount the file into an emptyDir volume at |
allowOverlappingBlocks bool |
AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. |
exemplars Exemplars |
(Optional)
Exemplars related settings that are runtime reloadable.
It requires to enable the |
evaluationInterval Duration |
Interval between rule evaluations. Default: “30s” |
ruleQueryOffset Duration |
(Optional)
Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. It requires Prometheus >= v2.53.0. |
enableAdminAPI bool |
Enables access to the Prometheus web admin API. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis |
PrometheusStatus
(Appears on:Prometheus, PrometheusAgent)
PrometheusStatus is the most recent observed status of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Field | Description |
---|---|
paused bool |
Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. |
replicas int32 |
Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). |
updatedReplicas int32 |
Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. |
availableReplicas int32 |
Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. |
unavailableReplicas int32 |
Total number of unavailable pods targeted by this Prometheus deployment. |
conditions []Condition |
(Optional)
The current state of the Prometheus deployment. |
shardStatuses []ShardStatus |
(Optional)
The list has one entry per shard. Each entry provides a summary of the shard status. |
shards int32 |
Shards is the most recently observed number of shards. |
selector string |
The selector used to match the pods targeted by this Prometheus resource. |
PrometheusTracingConfig
(Appears on:CommonPrometheusFields)
Field | Description |
---|---|
clientType string |
(Optional)
Client used to export the traces. Supported values are |
endpoint string |
Endpoint to send the traces to. Should be provided in format |
samplingFraction k8s.io/apimachinery/pkg/api/resource.Quantity |
(Optional)
Sets the probability a given trace will be sampled. Must be a float from 0 through 1. |
insecure bool |
(Optional)
If disabled, the client will use a secure connection. |
headers map[string]string |
(Optional)
Key-value pairs to be used as headers associated with gRPC or HTTP requests. |
compression string |
(Optional)
Compression key for supported compression types. The only supported value is |
timeout Duration |
(Optional)
Maximum time the exporter will wait for each batch export. |
tlsConfig TLSConfig |
(Optional)
TLS Config to use when sending traces. |
PrometheusWebSpec
(Appears on:CommonPrometheusFields)
PrometheusWebSpec defines the configuration of the Prometheus web server.
Field | Description |
---|---|
tlsConfig WebTLSConfig |
Defines the TLS parameters for HTTPS. |
httpConfig WebHTTPConfig |
Defines HTTP parameters for web server. |
pageTitle string |
(Optional)
The prometheus web page title. |
maxConnections int32 |
(Optional)
Defines the maximum number of simultaneous connections A zero value means that Prometheus doesn’t accept any incoming connection. |
ProxyConfig
(Appears on:AlertmanagerEndpoints, HTTPConfig, OAuth2, RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, HTTPConfig)
Field | Description |
---|---|
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
QuerySpec
(Appears on:PrometheusSpec)
QuerySpec defines the query command line flags when starting Prometheus.
Field | Description |
---|---|
lookbackDelta string |
(Optional)
The delta difference allowed for retrieving metrics during expression evaluations. |
maxConcurrency int32 |
(Optional)
Number of concurrent queries that can be run at once. |
maxSamples int32 |
(Optional)
Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. |
timeout Duration |
(Optional)
Maximum time a query may take before being aborted. |
QueueConfig
(Appears on:RemoteWriteSpec)
QueueConfig allows the tuning of remote write’s queue_config parameters. This object is referenced in the RemoteWriteSpec object.
Field | Description |
---|---|
capacity int |
Capacity is the number of samples to buffer per shard before we start dropping them. |
minShards int |
MinShards is the minimum number of shards, i.e. amount of concurrency. |
maxShards int |
MaxShards is the maximum number of shards, i.e. amount of concurrency. |
maxSamplesPerSend int |
MaxSamplesPerSend is the maximum number of samples per send. |
batchSendDeadline Duration |
(Optional)
BatchSendDeadline is the maximum time a sample will wait in buffer. |
maxRetries int |
MaxRetries is the maximum number of times to retry a batch on recoverable errors. |
minBackoff Duration |
(Optional)
MinBackoff is the initial retry delay. Gets doubled for every retry. |
maxBackoff Duration |
(Optional)
MaxBackoff is the maximum retry delay. |
retryOnRateLimit bool |
Retry upon receiving a 429 status code from the remote-write storage. This is an experimental feature, it may change in any upcoming release in a breaking way. |
sampleAgeLimit Duration |
(Optional)
SampleAgeLimit drops samples older than the limit. It requires Prometheus >= v2.50.0. |
RelabelConfig
(Appears on:AlertmanagerEndpoints, Endpoint, PodMetricsEndpoint, ProbeSpec, ProbeTargetIngress, ProbeTargetStaticConfig, RemoteWriteSpec, ScrapeClass, ScrapeConfigSpec)
RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
Field | Description |
---|---|
sourceLabels []LabelName |
(Optional)
The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. |
separator string |
Separator is the string between concatenated SourceLabels. |
targetLabel string |
Label to which the resulting string is written in a replacement. It is mandatory for Regex capture groups are available. |
regex string |
Regular expression against which the extracted value is matched. |
modulus uint64 |
Modulus to take of the hash of the source label values. Only applicable when the action is |
replacement string |
(Optional)
Replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. |
action string |
Action to perform based on the regex matching.
Default: “Replace” |
ReloadStrategyType
(string
alias)
(Appears on:CommonPrometheusFields)
Value | Description |
---|---|
"HTTP" |
HTTPReloadStrategyType reloads the configuration using the /-/reload HTTP endpoint. |
"ProcessSignal" |
ProcessSignalReloadStrategyType reloads the configuration by sending a SIGHUP signal to the process. |
RemoteReadSpec
(Appears on:PrometheusSpec)
RemoteReadSpec defines the configuration for Prometheus to read back samples from a remote endpoint.
Field | Description |
---|---|
url string |
The URL of the endpoint to query from. |
name string |
The name of the remote read queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. It requires Prometheus >= v2.15.0. |
requiredMatchers map[string]string |
(Optional)
An optional list of equality matchers which have to be present in a selector to query the remote read endpoint. |
remoteTimeout Duration |
(Optional)
Timeout for requests to the remote read endpoint. |
headers map[string]string |
(Optional)
Custom HTTP headers to be sent along with each remote read request. Be aware that headers that are set by Prometheus itself can’t be overwritten. Only valid in Prometheus versions 2.26.0 and newer. |
readRecent bool |
Whether reads should be made for queries for time ranges that the local storage should have complete data for. |
oauth2 OAuth2 |
(Optional)
OAuth2 configuration for the URL. It requires Prometheus >= v2.27.0. Cannot be set at the same time as |
basicAuth BasicAuth |
(Optional)
BasicAuth configuration for the URL. Cannot be set at the same time as |
bearerTokenFile string |
File from which to read the bearer token for the URL. Deprecated: this will be removed in a future release. Prefer using |
authorization Authorization |
(Optional)
Authorization section for the URL. It requires Prometheus >= v2.26.0. Cannot be set at the same time as |
bearerToken string |
Warning: this field shouldn’t be used because the token value appears
in clear-text. Prefer using Deprecated: this will be removed in a future release. |
tlsConfig TLSConfig |
(Optional)
TLS Config to use for the URL. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. It requires Prometheus >= v2.26.0. |
filterExternalLabels bool |
(Optional)
Whether to use the external labels as selectors for the remote read endpoint. It requires Prometheus >= v2.34.0. |
RemoteWriteMessageVersion
(string
alias)
(Appears on:CommonPrometheusFields, RemoteWriteSpec)
Value | Description |
---|---|
"V1.0" |
Remote Write message’s version 1.0. |
"V2.0" |
Remote Write message’s version 2.0. |
RemoteWriteSpec
(Appears on:CommonPrometheusFields)
RemoteWriteSpec defines the configuration to write samples from Prometheus to a remote endpoint.
Field | Description |
---|---|
url string |
The URL of the endpoint to send samples to. |
name string |
(Optional)
The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. It requires Prometheus >= v2.15.0. |
messageVersion RemoteWriteMessageVersion |
(Optional)
The Remote Write message’s version to use when writing to the endpoint.
When Before setting this field, consult with your remote storage provider what message version it supports. It requires Prometheus >= v2.54.0. |
sendExemplars bool |
(Optional)
Enables sending of exemplars over remote write. Note that
exemplar-storage itself must be enabled using the It requires Prometheus >= v2.27.0. |
sendNativeHistograms bool |
(Optional)
Enables sending of native histograms, also known as sparse histograms over remote write. It requires Prometheus >= v2.40.0. |
remoteTimeout Duration |
(Optional)
Timeout for requests to the remote write endpoint. |
headers map[string]string |
(Optional)
Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can’t be overwritten. It requires Prometheus >= v2.25.0. |
writeRelabelConfigs []RelabelConfig |
(Optional)
The list of remote write relabel configurations. |
oauth2 OAuth2 |
(Optional)
OAuth2 configuration for the URL. It requires Prometheus >= v2.27.0. Cannot be set at the same time as |
basicAuth BasicAuth |
(Optional)
BasicAuth configuration for the URL. Cannot be set at the same time as |
bearerTokenFile string |
File from which to read bearer token for the URL. Deprecated: this will be removed in a future release. Prefer using |
authorization Authorization |
(Optional)
Authorization section for the URL. It requires Prometheus >= v2.26.0. Cannot be set at the same time as |
sigv4 Sigv4 |
(Optional)
Sigv4 allows to configures AWS’s Signature Verification 4 for the URL. It requires Prometheus >= v2.26.0. Cannot be set at the same time as |
azureAd AzureAD |
(Optional)
AzureAD for the URL. It requires Prometheus >= v2.45.0. Cannot be set at the same time as |
bearerToken string |
Warning: this field shouldn’t be used because the token value appears
in clear-text. Prefer using Deprecated: this will be removed in a future release. |
tlsConfig TLSConfig |
(Optional)
TLS Config to use for the URL. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. It requires Prometheus >= v2.26.0. |
queueConfig QueueConfig |
(Optional)
QueueConfig allows tuning of the remote write queue parameters. |
metadataConfig MetadataConfig |
(Optional)
MetadataConfig configures the sending of series metadata to the remote storage. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
Rule
(Appears on:RuleGroup)
Rule describes an alerting or recording rule See Prometheus documentation: alerting or recording rule
Field | Description |
---|---|
record string |
Name of the time series to output to. Must be a valid metric name.
Only one of |
alert string |
Name of the alert. Must be a valid label value.
Only one of |
expr k8s.io/apimachinery/pkg/util/intstr.IntOrString |
PromQL expression to evaluate. |
for Duration |
(Optional)
Alerts are considered firing once they have been returned for this long. |
keep_firing_for NonEmptyDuration |
(Optional)
KeepFiringFor defines how long an alert will continue firing after the condition that triggered it has cleared. |
labels map[string]string |
Labels to add or overwrite. |
annotations map[string]string |
Annotations to add to each alert. Only valid for alerting rules. |
RuleGroup
(Appears on:PrometheusRuleSpec)
RuleGroup is a list of sequentially evaluated recording and alerting rules.
Field | Description |
---|---|
name string |
Name of the rule group. |
labels map[string]string |
(Optional)
Labels to add or overwrite before storing the result for its rules. The labels defined at the rule level take precedence. It requires Prometheus >= 3.0.0. The field is ignored for Thanos Ruler. |
interval Duration |
(Optional)
Interval determines how often rules in the group are evaluated. |
query_offset Duration |
(Optional)
Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. It requires Prometheus >= v2.53.0. It is not supported for ThanosRuler. |
rules []Rule |
(Optional)
List of alerting and recording rules. |
partial_response_strategy string |
PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response |
limit int |
(Optional)
Limit the number of alerts an alerting rule and series a recording rule can produce. Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24. |
Rules
(Appears on:PrometheusSpec)
Field | Description |
---|---|
alert RulesAlert |
Defines the parameters of the Prometheus rules’ engine. Any update to these parameters trigger a restart of the pods. |
RulesAlert
(Appears on:Rules)
Field | Description |
---|---|
forOutageTolerance string |
Max time to tolerate prometheus outage for restoring ‘for’ state of alert. |
forGracePeriod string |
Minimum duration between alert and restored ‘for’ state. This is maintained only for alerts with a configured ‘for’ time greater than the grace period. |
resendDelay string |
Minimum amount of time to wait before resending an alert to Alertmanager. |
RuntimeConfig
(Appears on:CommonPrometheusFields)
RuntimeConfig configures the values for the process behavior.
Field | Description |
---|---|
goGC int32 |
(Optional)
The Go garbage collection target percentage. Lowering this number may increase the CPU usage. See: https://tip.golang.org/doc/gc-guide#GOGC |
SafeAuthorization
(Appears on:AlertmanagerEndpoints, Authorization, Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
SafeAuthorization specifies a subset of the Authorization struct, that is safe for use because it doesn’t provide access to the Prometheus container’s filesystem.
Field | Description |
---|---|
type string |
Defines the authentication type. The value is case-insensitive. “Basic” is not a supported value. Default: “Bearer” |
credentials Kubernetes core/v1.SecretKeySelector |
Selects a key of a Secret in the namespace that contains the credentials for authentication. |
SafeTLSConfig
(Appears on:HTTPConfig, OAuth2, PodMetricsEndpoint, ProbeSpec, TLSConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig)
SafeTLSConfig specifies safe TLS configuration parameters.
Field | Description |
---|---|
ca SecretOrConfigMap |
Certificate authority used when verifying server certificates. |
cert SecretOrConfigMap |
Client certificate to present when doing client-authentication. |
keySecret Kubernetes core/v1.SecretKeySelector |
Secret containing the client key file for the targets. |
serverName string |
(Optional)
Used to verify the hostname for the targets. |
insecureSkipVerify bool |
(Optional)
Disable target certificate validation. |
minVersion TLSVersion |
(Optional)
Minimum acceptable TLS version. It requires Prometheus >= v2.35.0. |
maxVersion TLSVersion |
(Optional)
Maximum acceptable TLS version. It requires Prometheus >= v2.41.0. |
ScrapeClass
(Appears on:CommonPrometheusFields)
Field | Description |
---|---|
name string |
Name of the scrape class. |
default bool |
(Optional)
Default indicates that the scrape applies to all scrape objects that don’t configure an explicit scrape class name. Only one scrape class can be set as the default. |
tlsConfig TLSConfig |
(Optional)
TLSConfig defines the TLS settings to use for the scrape. When the scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields. For now only the |
authorization Authorization |
(Optional)
Authorization section for the ScrapeClass. It will only apply if the scrape resource doesn’t specify any Authorization. |
relabelings []RelabelConfig |
(Optional)
Relabelings configures the relabeling rules to apply to all scrape targets. The Operator automatically adds relabelings for a few standard Kubernetes fields
like More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
metricRelabelings []RelabelConfig |
(Optional)
MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. Then the Operator adds namespace enforcement relabeling rule, specified in ‘.spec.enforcedNamespaceLabel’. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs |
attachMetadata AttachMetadata |
(Optional)
AttachMetadata configures additional metadata to the discovered targets. When the scrape object defines its own configuration, it takes precedence over the scrape class configuration. |
ScrapeProtocol
(string
alias)
(Appears on:CommonPrometheusFields, PodMonitorSpec, ProbeSpec, ServiceMonitorSpec, ScrapeConfigSpec)
ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.
Supported values are:
* OpenMetricsText0.0.1
* OpenMetricsText1.0.0
* PrometheusProto
* PrometheusText0.0.4
* PrometheusText1.0.0
Value | Description |
---|---|
"OpenMetricsText0.0.1" |
|
"OpenMetricsText1.0.0" |
|
"PrometheusProto" |
|
"PrometheusText0.0.4" |
|
"PrometheusText1.0.0" |
SecretOrConfigMap
(Appears on:AlertmanagerConfiguration, OAuth2, SafeTLSConfig, WebTLSConfig)
SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.
Field | Description |
---|---|
secret Kubernetes core/v1.SecretKeySelector |
Secret containing data to use for the targets. |
configMap Kubernetes core/v1.ConfigMapKeySelector |
ConfigMap containing data to use for the targets. |
SelectorMechanism
(string
alias)
(Appears on:PodMonitorSpec, ServiceMonitorSpec)
Value | Description |
---|---|
"RelabelConfig" |
|
"RoleSelector" |
ServiceDiscoveryRole
(string
alias)
(Appears on:CommonPrometheusFields)
Value | Description |
---|---|
"EndpointSlice" |
|
"Endpoints" |
ServiceMonitorSpec
(Appears on:ServiceMonitor)
ServiceMonitorSpec defines the specification parameters for a ServiceMonitor.
Field | Description |
---|---|
jobLabel string |
For example if If the value of this field is empty or if the label doesn’t exist for
the given Service, the |
targetLabels []string |
(Optional)
|
podTargetLabels []string |
(Optional)
|
endpoints []Endpoint |
List of endpoints part of this ServiceMonitor. Defines how to scrape metrics from Kubernetes Endpoints objects. In most cases, an Endpoints object is backed by a Kubernetes Service object with the same name and labels. |
selector Kubernetes meta/v1.LabelSelector |
Label selector to select the Kubernetes |
selectorMechanism SelectorMechanism |
(Optional)
Mechanism used to select the endpoints to scrape. By default, the selection process relies on relabel configurations to filter the discovered targets. Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. Which strategy is best for your use case needs to be carefully evaluated. It requires Prometheus >= v2.17.0. |
namespaceSelector NamespaceSelector |
|
sampleLimit uint64 |
(Optional)
|
scrapeProtocols []ScrapeProtocol |
(Optional)
If unset, Prometheus uses its default value. It requires Prometheus >= v2.49.0. |
fallbackScrapeProtocol ScrapeProtocol |
(Optional)
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. It requires Prometheus >= v3.0.0. |
targetLimit uint64 |
(Optional)
|
labelLimit uint64 |
(Optional)
Per-scrape limit on number of labels that will be accepted for a sample. It requires Prometheus >= v2.27.0. |
labelNameLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels name that will be accepted for a sample. It requires Prometheus >= v2.27.0. |
labelValueLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels value that will be accepted for a sample. It requires Prometheus >= v2.27.0. |
scrapeClassicHistograms bool |
(Optional)
Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. |
nativeHistogramBucketLimit uint64 |
(Optional)
If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0. |
nativeHistogramMinBucketFactor k8s.io/apimachinery/pkg/api/resource.Quantity |
(Optional)
If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0. |
keepDroppedTargets uint64 |
(Optional)
Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. |
attachMetadata AttachMetadata |
(Optional)
It requires Prometheus >= v2.37.0. |
scrapeClass string |
(Optional)
The scrape class to apply. |
bodySizeLimit ByteSize |
(Optional)
When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. It requires Prometheus >= v2.28.0. |
ShardStatus
(Appears on:PrometheusStatus)
Field | Description |
---|---|
shardID string |
Identifier of the shard. |
replicas int32 |
Total number of pods targeted by this shard. |
updatedReplicas int32 |
Total number of non-terminated pods targeted by this shard that have the desired spec. |
availableReplicas int32 |
Total number of available pods (ready for at least minReadySeconds) targeted by this shard. |
unavailableReplicas int32 |
Total number of unavailable pods targeted by this shard. |
Sigv4
(Appears on:AlertmanagerEndpoints, RemoteWriteSpec, SNSConfig, SNSConfig)
Sigv4 optionally configures AWS’s Signature Verification 4 signing process to sign requests.
Field | Description |
---|---|
region string |
Region is the AWS region. If blank, the region from the default credentials chain used. |
accessKey Kubernetes core/v1.SecretKeySelector |
(Optional)
AccessKey is the AWS API key. If not specified, the environment variable
|
secretKey Kubernetes core/v1.SecretKeySelector |
(Optional)
SecretKey is the AWS API secret. If not specified, the environment
variable |
profile string |
Profile is the named AWS profile used to authenticate. |
roleArn string |
RoleArn is the named AWS profile used to authenticate. |
StorageSpec
(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)
StorageSpec defines the configured storage for a group Prometheus servers. If no storage option is specified, then by default an EmptyDir will be used.
If multiple storage options are specified, priority will be given as follows: 1. emptyDir 2. ephemeral 3. volumeClaimTemplate
Field | Description |
---|---|
disableMountSubPath bool |
Deprecated: subPath usage will be removed in a future release. |
emptyDir Kubernetes core/v1.EmptyDirVolumeSource |
EmptyDirVolumeSource to be used by the StatefulSet.
If specified, it takes precedence over |
ephemeral Kubernetes core/v1.EphemeralVolumeSource |
EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes |
volumeClaimTemplate EmbeddedPersistentVolumeClaim |
Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. |
TLSConfig
(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, PrometheusTracingConfig, RemoteReadSpec, RemoteWriteSpec, ScrapeClass, ThanosRulerSpec, ThanosSpec)
TLSConfig extends the safe TLS configuration with file parameters.
Field | Description |
---|---|
ca SecretOrConfigMap |
Certificate authority used when verifying server certificates. |
cert SecretOrConfigMap |
Client certificate to present when doing client-authentication. |
keySecret Kubernetes core/v1.SecretKeySelector |
Secret containing the client key file for the targets. |
serverName string |
(Optional)
Used to verify the hostname for the targets. |
insecureSkipVerify bool |
(Optional)
Disable target certificate validation. |
minVersion TLSVersion |
(Optional)
Minimum acceptable TLS version. It requires Prometheus >= v2.35.0. |
maxVersion TLSVersion |
(Optional)
Maximum acceptable TLS version. It requires Prometheus >= v2.41.0. |
caFile string |
Path to the CA cert in the Prometheus container to use for the targets. |
certFile string |
Path to the client cert file in the Prometheus container for the targets. |
keyFile string |
Path to the client key file in the Prometheus container for the targets. |
TLSVersion
(string
alias)
(Appears on:SafeTLSConfig)
Value | Description |
---|---|
"TLS10" |
|
"TLS11" |
|
"TLS12" |
|
"TLS13" |
TSDBSpec
(Appears on:CommonPrometheusFields)
Field | Description |
---|---|
outOfOrderTimeWindow Duration |
(Optional)
Configures how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time. An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). This is an experimental feature, it may change in any upcoming release in a breaking way. It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. |
ThanosRulerSpec
(Appears on:ThanosRuler)
ThanosRulerSpec is a specification of the desired behavior of the ThanosRuler. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Field | Description |
---|---|
version string |
(Optional)
Version of Thanos to be deployed. |
podMetadata EmbeddedObjectMetadata |
(Optional)
PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. The following items are reserved and cannot be overridden: * “app.kubernetes.io/name” label, set to “thanos-ruler”. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/instance” label, set to the name of the ThanosRuler instance. * “thanos-ruler” label, set to the name of the ThanosRuler instance. * “kubectl.kubernetes.io/default-container” annotation, set to “thanos-ruler”. |
image string |
Thanos container image URL. |
imagePullPolicy Kubernetes core/v1.PullPolicy |
Image pull policy for the ‘thanos’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. |
imagePullSecrets []Kubernetes core/v1.LocalObjectReference |
(Optional)
An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod |
paused bool |
When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. |
replicas int32 |
(Optional)
Number of thanos ruler instances to deploy. |
nodeSelector map[string]string |
(Optional)
Define which Nodes the Pods are scheduled on. |
resources Kubernetes core/v1.ResourceRequirements |
Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set |
affinity Kubernetes core/v1.Affinity |
(Optional)
If specified, the pod’s scheduling constraints. |
tolerations []Kubernetes core/v1.Toleration |
(Optional)
If specified, the pod’s tolerations. |
topologySpreadConstraints []Kubernetes core/v1.TopologySpreadConstraint |
(Optional)
If specified, the pod’s topology spread constraints. |
securityContext Kubernetes core/v1.PodSecurityContext |
(Optional)
SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. |
dnsPolicy DNSPolicy |
(Optional)
Defines the DNS policy for the pods. |
dnsConfig PodDNSConfig |
(Optional)
Defines the DNS configuration for the pods. |
priorityClassName string |
Priority class assigned to the Pods |
serviceAccountName string |
ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods. |
storage StorageSpec |
(Optional)
Storage spec to specify how storage shall be used. |
volumes []Kubernetes core/v1.Volume |
(Optional)
Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. |
volumeMounts []Kubernetes core/v1.VolumeMount |
(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the ruler container, that are generated as a result of StorageSpec objects. |
objectStorageConfig Kubernetes core/v1.SecretKeySelector |
(Optional)
Configures object storage. The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage The operator performs no validation of the configuration.
|
objectStorageConfigFile string |
(Optional)
Configures the path of the object storage configuration file. The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage The operator performs no validation of the configuration file. This field takes precedence over |
listenLocal bool |
ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. |
queryEndpoints []string |
(Optional)
Configures the list of Thanos Query endpoints from which to query metrics. For Thanos >= v0.11.0, it is recommended to use
|
queryConfig Kubernetes core/v1.SecretKeySelector |
(Optional)
Configures the list of Thanos Query endpoints from which to query metrics. The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api It requires Thanos >= v0.11.0. The operator performs no validation of the configuration. This field takes precedence over |
alertmanagersUrl []string |
(Optional)
Configures the list of Alertmanager endpoints to send alerts to. For Thanos >= v0.10.0, it is recommended to use
|
alertmanagersConfig Kubernetes core/v1.SecretKeySelector |
(Optional)
Configures the list of Alertmanager endpoints to send alerts to. The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager. It requires Thanos >= v0.10.0. The operator performs no validation of the configuration. This field takes precedence over |
ruleSelector Kubernetes meta/v1.LabelSelector |
(Optional)
PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects. |
ruleNamespaceSelector Kubernetes meta/v1.LabelSelector |
(Optional)
Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. |
enforcedNamespaceLabel string |
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. |
excludedFromEnforcement []ObjectReference |
(Optional)
List of references to PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true. |
prometheusRulesExcludedFromEnforce []PrometheusRuleExcludeConfig |
(Optional)
PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair Deprecated: use excludedFromEnforcement instead. |
logLevel string |
Log level for ThanosRuler to be configured with. |
logFormat string |
Log format for ThanosRuler to be configured with. |
portName string |
Port name used for the pods and governing service.
Defaults to |
evaluationInterval Duration |
Interval between consecutive evaluations. |
retention Duration |
Time duration ThanosRuler shall retain data for. Default is ‘24h’,
and must match the regular expression |
containers []Kubernetes core/v1.Container |
(Optional)
Containers allows injecting additional containers or modifying operator generated
containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or
to change the behavior of an operator generated container. Containers described here modify
an operator generated container if they share the same name and modifications are done via a
strategic merge patch. The current container names are: |
initContainers []Kubernetes core/v1.Container |
(Optional)
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. |
tracingConfig Kubernetes core/v1.SecretKeySelector |
(Optional)
Configures tracing. The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration This is an experimental feature, it may change in any upcoming release in a breaking way. The operator performs no validation of the configuration.
|
tracingConfigFile string |
(Optional)
Configures the path of the tracing configuration file. The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration This is an experimental feature, it may change in any upcoming release in a breaking way. The operator performs no validation of the configuration file. This field takes precedence over |
labels map[string]string |
(Optional)
Configures the external label pairs of the ThanosRuler resource. A default replica label |
alertDropLabels []string |
(Optional)
Configures the label names which should be dropped in Thanos Ruler alerts. The replica label |
externalPrefix string |
The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. |
routePrefix string |
The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. |
grpcServerTlsConfig TLSConfig |
(Optional)
GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ‘–grpc-server-tls-*’ CLI args. |
alertQueryUrl string |
The external Query URL the Thanos Ruler will set in the ‘Source’ field of all alerts. Maps to the ‘–alert.query-url’ CLI arg. |
minReadySeconds uint32 |
(Optional)
Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. |
alertRelabelConfigs Kubernetes core/v1.SecretKeySelector |
(Optional)
Configures alert relabeling in Thanos Ruler. Alert relabel configuration must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs The operator performs no validation of the configuration.
|
alertRelabelConfigFile string |
(Optional)
Configures the path to the alert relabeling configuration file. Alert relabel configuration must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs The operator performs no validation of the configuration file. This field takes precedence over |
hostAliases []HostAlias |
Pods’ hostAliases configuration |
additionalArgs []Argument |
(Optional)
AdditionalArgs allows setting additional arguments for the ThanosRuler container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the ThanosRuler container which may cause issues if they are invalid or not supported by the given ThanosRuler version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged. |
web ThanosRulerWebSpec |
(Optional)
Defines the configuration of the ThanosRuler web server. |
ThanosRulerStatus
(Appears on:ThanosRuler)
ThanosRulerStatus is the most recent observed status of the ThanosRuler. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Field | Description |
---|---|
paused bool |
Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. |
replicas int32 |
Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). |
updatedReplicas int32 |
Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. |
availableReplicas int32 |
Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. |
unavailableReplicas int32 |
Total number of unavailable pods targeted by this ThanosRuler deployment. |
conditions []Condition |
(Optional)
The current state of the ThanosRuler object. |
ThanosRulerWebSpec
(Appears on:ThanosRulerSpec)
ThanosRulerWebSpec defines the configuration of the ThanosRuler web server.
Field | Description |
---|---|
tlsConfig WebTLSConfig |
Defines the TLS parameters for HTTPS. |
httpConfig WebHTTPConfig |
Defines HTTP parameters for web server. |
ThanosSpec
(Appears on:PrometheusSpec)
ThanosSpec defines the configuration of the Thanos sidecar.
Field | Description |
---|---|
image string |
(Optional)
Container image name for Thanos. If specified, it takes precedence over
the Specifying If neither |
version string |
(Optional)
Version of Thanos being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. If not specified, the operator assumes the latest upstream release of Thanos available at the time when the version of the operator was released. |
tag string |
(Optional)
Deprecated: use ‘image’ instead. The image’s tag can be specified as as part of the image name. |
sha string |
(Optional)
Deprecated: use ‘image’ instead. The image digest can be specified as part of the image name. |
baseImage string |
(Optional)
Deprecated: use ‘image’ instead. |
resources Kubernetes core/v1.ResourceRequirements |
Defines the resources requests and limits of the Thanos sidecar. |
objectStorageConfig Kubernetes core/v1.SecretKeySelector |
(Optional)
Defines the Thanos sidecar’s configuration to upload TSDB blocks to object storage. More info: https://thanos.io/tip/thanos/storage.md/ objectStorageConfigFile takes precedence over this field. |
objectStorageConfigFile string |
(Optional)
Defines the Thanos sidecar’s configuration file to upload TSDB blocks to object storage. More info: https://thanos.io/tip/thanos/storage.md/ This field takes precedence over objectStorageConfig. |
listenLocal bool |
Deprecated: use |
grpcListenLocal bool |
When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP’s address for the gRPC endpoints. It has no effect if |
httpListenLocal bool |
When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP’s address for the HTTP endpoints. It has no effect if |
tracingConfig Kubernetes core/v1.SecretKeySelector |
(Optional)
Defines the tracing configuration for the Thanos sidecar.
More info: https://thanos.io/tip/thanos/tracing.md/ This is an experimental feature, it may change in any upcoming release in a breaking way. |
tracingConfigFile string |
Defines the tracing configuration file for the Thanos sidecar. This field takes precedence over More info: https://thanos.io/tip/thanos/tracing.md/ This is an experimental feature, it may change in any upcoming release in a breaking way. |
grpcServerTlsConfig TLSConfig |
(Optional)
Configures the TLS parameters for the gRPC server providing the StoreAPI. Note: Currently only the |
logLevel string |
Log level for the Thanos sidecar. |
logFormat string |
Log format for the Thanos sidecar. |
minTime string |
Defines the start of time range limit served by the Thanos sidecar’s StoreAPI. The field’s value should be a constant time in RFC3339 format or a time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. |
blockSize Duration |
BlockDuration controls the size of TSDB blocks produced by Prometheus. The default value is 2h to match the upstream Prometheus defaults. WARNING: Changing the block duration can impact the performance and efficiency of the entire Prometheus/Thanos stack due to how it interacts with memory and Thanos compactors. It is recommended to keep this value set to a multiple of 120 times your longest scrape or rule interval. For example, 30s * 120 = 1h. |
readyTimeout Duration |
ReadyTimeout is the maximum time that the Thanos sidecar will wait for Prometheus to start. |
getConfigInterval Duration |
How often to retrieve the Prometheus configuration. |
getConfigTimeout Duration |
Maximum time to wait when retrieving the Prometheus configuration. |
volumeMounts []Kubernetes core/v1.VolumeMount |
(Optional)
VolumeMounts allows configuration of additional VolumeMounts for Thanos. VolumeMounts specified will be appended to other VolumeMounts in the ‘thanos-sidecar’ container. |
additionalArgs []Argument |
(Optional)
AdditionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. |
TopologySpreadConstraint
(Appears on:CommonPrometheusFields)
Field | Description |
---|---|
maxSkew int32 |
MaxSkew describes the degree to which pods may be unevenly distributed.
When |
topologyKey string |
TopologyKey is the key of node labels. Nodes that have a label with this key
and identical values are considered to be in the same topology.
We consider each |
whenUnsatisfiable Kubernetes core/v1.UnsatisfiableConstraintAction |
WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered “Unsatisfiable” for an incoming pod if and only if every possible node assignment for that pod would violate “MaxSkew” on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won’t make it more imbalanced. It’s a required field. |
labelSelector Kubernetes meta/v1.LabelSelector |
(Optional)
LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. |
minDomains int32 |
(Optional)
MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats “global minimum” as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won’t schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so “global minimum” is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. |
nodeAffinityPolicy Kubernetes core/v1.NodeInclusionPolicy |
(Optional)
NodeAffinityPolicy indicates how we will treat Pod’s nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. |
nodeTaintsPolicy Kubernetes core/v1.NodeInclusionPolicy |
(Optional)
NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. |
matchLabelKeys []string |
(Optional)
MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn’t set. Keys that don’t exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). |
additionalLabelSelectors AdditionalLabelSelectors |
(Optional)
Defines what Prometheus Operator managed labels should be added to labelSelector on the topologySpreadConstraint. |
TranslationStrategyOption
(string
alias)
(Appears on:OTLPConfig)
TranslationStrategyOption represents a translation strategy option for the OTLP endpoint.
Supported values are:
* NoUTF8EscapingWithSuffixes
* UnderscoreEscapingWithSuffixes
Value | Description |
---|---|
"NoUTF8EscapingWithSuffixes" |
|
"UnderscoreEscapingWithSuffixes" |
WebConfigFileFields
(Appears on:AlertmanagerWebSpec, PrometheusWebSpec, ThanosRulerWebSpec)
WebConfigFileFields defines the file content for –web.config.file flag.
Field | Description |
---|---|
tlsConfig WebTLSConfig |
Defines the TLS parameters for HTTPS. |
httpConfig WebHTTPConfig |
Defines HTTP parameters for web server. |
WebHTTPConfig
(Appears on:WebConfigFileFields)
WebHTTPConfig defines HTTP parameters for web server.
Field | Description |
---|---|
http2 bool |
Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered. |
headers WebHTTPHeaders |
List of headers that can be added to HTTP responses. |
WebHTTPHeaders
(Appears on:WebHTTPConfig)
WebHTTPHeaders defines the list of headers that can be added to HTTP responses.
Field | Description |
---|---|
contentSecurityPolicy string |
Set the Content-Security-Policy header to HTTP responses. Unset if blank. |
xFrameOptions string |
Set the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options |
xContentTypeOptions string |
Set the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options |
xXSSProtection string |
Set the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection |
strictTransportSecurity string |
Set the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same domain and subdomains over HTTPS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security |
WebTLSConfig
(Appears on:WebConfigFileFields)
WebTLSConfig defines the TLS parameters for HTTPS.
Field | Description |
---|---|
cert SecretOrConfigMap |
(Optional)
Secret or ConfigMap containing the TLS certificate for the web server. Either It is mutually exclusive with |
certFile string |
(Optional)
Path to the TLS certificate file in the container for the web server. Either It is mutually exclusive with |
keySecret Kubernetes core/v1.SecretKeySelector |
(Optional)
Secret containing the TLS private key for the web server. Either It is mutually exclusive with |
keyFile string |
(Optional)
Path to the TLS private key file in the container for the web server. If defined, either It is mutually exclusive with |
client_ca SecretOrConfigMap |
(Optional)
Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. It is mutually exclusive with |
clientCAFile string |
(Optional)
Path to the CA certificate file for client certificate authentication to the server. It is mutually exclusive with |
clientAuthType string |
(Optional)
The server policy for client TLS authentication. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType |
minVersion string |
(Optional)
Minimum TLS version that is acceptable. |
maxVersion string |
(Optional)
Maximum TLS version that is acceptable. |
cipherSuites []string |
(Optional)
List of supported cipher suites for TLS versions up to TLS 1.2. If not defined, the Go default cipher suites are used. Available cipher suites are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants |
preferServerCipherSuites bool |
(Optional)
Controls whether the server selects the client’s most preferred cipher suite, or the server’s most preferred cipher suite. If true then the server’s preference, as expressed in the order of elements in cipherSuites, is used. |
curvePreferences []string |
(Optional)
Elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID |
monitoring.coreos.com/v1alpha1
Resource Types:AlertmanagerConfig
AlertmanagerConfig configures the Prometheus Alertmanager, specifying how alerts should be grouped, inhibited and notified to external systems.
Field | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1alpha1
|
||||||||
kind string |
AlertmanagerConfig |
||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||
spec AlertmanagerConfigSpec |
|
PrometheusAgent
The PrometheusAgent
custom resource definition (CRD) defines a desired Prometheus Agent setup to run in a Kubernetes cluster.
The CRD is very similar to the Prometheus
CRD except for features which aren’t available in agent mode like rule evaluation, persistent storage and Thanos sidecar.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1alpha1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kind string |
PrometheusAgent |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
spec PrometheusAgentSpec |
Specification of the desired behavior of the Prometheus agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status PrometheusStatus |
Most recent observed status of the Prometheus cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
ScrapeConfig
ScrapeConfig defines a namespaced Prometheus scrape_config to be aggregated across multiple namespaces into the Prometheus configuration.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1alpha1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kind string |
ScrapeConfig |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
spec ScrapeConfigSpec |
|
AlertmanagerConfigSpec
(Appears on:AlertmanagerConfig)
AlertmanagerConfigSpec is a specification of the desired behavior of the
Alertmanager configuration.
By default, the Alertmanager configuration only applies to alerts for which
the namespace
label is equal to the namespace of the AlertmanagerConfig
resource (see the .spec.alertmanagerConfigMatcherStrategy
field of the
Alertmanager CRD).
Field | Description |
---|---|
route Route |
(Optional)
The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. |
receivers []Receiver |
(Optional)
List of receivers. |
inhibitRules []InhibitRule |
(Optional)
List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace. |
muteTimeIntervals []MuteTimeInterval |
(Optional)
List of MuteTimeInterval specifying when the routes should be muted. |
AttachMetadata
(Appears on:KubernetesSDConfig)
Field | Description |
---|---|
node bool |
(Optional)
Attaches node metadata to discovered targets.
When set to true, Prometheus must have the |
AzureSDConfig
(Appears on:ScrapeConfigSpec)
AzureSDConfig allow retrieving scrape targets from Azure VMs. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config
Field | Description |
---|---|
environment string |
(Optional)
The Azure environment. |
authenticationMethod string |
(Optional)
The authentication method, either
|
subscriptionID string |
The subscription ID. Always required. |
tenantID string |
(Optional)
Optional tenant ID. Only required with the OAuth authentication method. |
clientID string |
(Optional)
Optional client ID. Only required with the OAuth authentication method. |
clientSecret Kubernetes core/v1.SecretKeySelector |
(Optional)
Optional client secret. Only required with the OAuth authentication method. |
resourceGroup string |
(Optional)
Optional resource group name. Limits discovery to this resource group. |
refreshInterval Duration |
(Optional)
RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. |
port int |
(Optional)
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. |
ConsulSDConfig
(Appears on:ScrapeConfigSpec)
ConsulSDConfig defines a Consul service discovery configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config
Field | Description |
---|---|
server string |
Consul server address. A valid string consisting of a hostname or IP followed by an optional port number. |
pathPrefix string |
(Optional)
Prefix for URIs for when consul is behind an API gateway (reverse proxy). It requires Prometheus >= 2.45.0. |
tokenRef Kubernetes core/v1.SecretKeySelector |
(Optional)
Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent. |
datacenter string |
(Optional)
Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter. |
namespace string |
(Optional)
Namespaces are only supported in Consul Enterprise. It requires Prometheus >= 2.28.0. |
partition string |
(Optional)
Admin Partitions are only supported in Consul Enterprise. |
scheme string |
(Optional)
HTTP Scheme default “http” |
services []string |
(Optional)
A list of services for which targets are retrieved. If omitted, all services are scraped. |
tags []string |
(Optional)
An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.
Starting with Consul 1.14, it is recommended to use |
tagSeparator string |
(Optional)
The string by which Consul tags are joined into the tag label. If unset, Prometheus uses its default value. |
nodeMeta map[string]string |
(Optional)
Node metadata key/value pairs to filter nodes for a given service.
Starting with Consul 1.14, it is recommended to use |
filter string |
(Optional)
Filter expression used to filter the catalog results. See https://www.consul.io/api-docs/catalog#list-services It requires Prometheus >= 3.0.0. |
allowStale bool |
(Optional)
Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. If unset, Prometheus uses its default value. |
refreshInterval Duration |
(Optional)
The time after which the provided names are refreshed. On large setup it might be a good idea to increase this value because the catalog will change all the time. If unset, Prometheus uses its default value. |
basicAuth BasicAuth |
(Optional)
Optional BasicAuth information to authenticate against the Consul Server.
More info: https://prometheus.io/docs/operating/configuration/#endpoints
Cannot be set at the same time as |
authorization SafeAuthorization |
(Optional)
Optional Authorization header configuration to authenticate against the Consul Server.
Cannot be set at the same time as |
oauth2 OAuth2 |
(Optional)
Optional OAuth2.0 configuration.
Cannot be set at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. If unset, Prometheus uses its default value. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. If unset, Prometheus uses its default value. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to connect to the Consul API. |
DNSRecordType
(string
alias)
(Appears on:DNSSDConfig)
Value | Description |
---|---|
"A" |
|
"AAAA" |
|
"MX" |
|
"NS" |
|
"SRV" |
DNSSDConfig
(Appears on:ScrapeConfigSpec)
DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. The DNS servers to be contacted are read from /etc/resolv.conf. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config
Field | Description |
---|---|
names []string |
A list of DNS domain names to be queried. |
refreshInterval Duration |
(Optional)
RefreshInterval configures the time after which the provided names are refreshed. If not set, Prometheus uses its default value. |
type DNSRecordType |
(Optional)
The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. If not set, Prometheus uses its default value. When set to NS, it requires Prometheus >= v2.49.0. When set to MX, it requires Prometheus >= v2.38.0 |
port int32 |
(Optional)
The port number used if the query type is not SRV Ignored for SRV records |
DayOfMonthRange
(Appears on:TimeInterval)
DayOfMonthRange is an inclusive range of days of the month beginning at 1
Field | Description |
---|---|
start int |
Start of the inclusive range |
end int |
End of the inclusive range |
DigitalOceanSDConfig
(Appears on:ScrapeConfigSpec)
DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean’s Droplets API. This service discovery uses the public IPv4 address by default, by that can be changed with relabeling See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config
Field | Description |
---|---|
authorization SafeAuthorization |
(Optional)
Authorization header configuration to authenticate against the DigitalOcean API.
Cannot be set at the same time as |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration.
Cannot be set at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration applying to the target HTTP endpoint. |
port int32 |
(Optional)
The port to scrape metrics from. |
refreshInterval Duration |
(Optional)
Refresh interval to re-read the instance list. |
DiscordConfig
(Appears on:Receiver)
DiscordConfig configures notifications via Discord. See https://prometheus.io/docs/alerting/latest/configuration/#discord_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiURL Kubernetes core/v1.SecretKeySelector |
The secret’s key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
title string |
(Optional)
The template of the message’s title. |
message string |
(Optional)
The template of the message’s body. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
DockerSDConfig
(Appears on:ScrapeConfigSpec)
Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. This SD discovers “containers” and will create a target for each network IP and port the container is configured to expose. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config
Field | Description |
---|---|
host string |
Address of the docker daemon |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration applying to the target HTTP endpoint. |
port int |
(Optional)
The port to scrape metrics from. |
hostNetworkingHost string |
(Optional)
The host to use if the container is in host networking mode. |
matchFirstNetwork bool |
(Optional)
Configure whether to match the first network if the container has multiple networks defined. If unset, Prometheus uses true by default. It requires Prometheus >= v2.54.1. |
filters Filters |
(Optional)
Optional filters to limit the discovery process to a subset of the available resources. |
refreshInterval Duration |
(Optional)
Time after which the container is refreshed. |
basicAuth BasicAuth |
(Optional)
BasicAuth information to use on every scrape request. |
authorization SafeAuthorization |
(Optional)
Authorization header configuration to authenticate against the Docker API.
Cannot be set at the same time as |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration.
Cannot be set at the same time as |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
DockerSwarmSDConfig
(Appears on:ScrapeConfigSpec)
DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config
Field | Description |
---|---|
host string |
Address of the Docker daemon |
role string |
Role of the targets to retrieve. Must be |
port int32 |
(Optional)
The port to scrape metrics from, when |
filters Filters |
(Optional)
Optional filters to limit the discovery process to a subset of available resources. The available filters are listed in the upstream documentation: Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList |
refreshInterval Duration |
(Optional)
The time after which the service discovery data is refreshed. |
basicAuth BasicAuth |
(Optional)
Optional HTTP basic authentication information. |
authorization SafeAuthorization |
(Optional)
Authorization header configuration to authenticate against the target HTTP endpoint. |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration.
Cannot be set at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to use on every scrape request |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
EC2SDConfig
(Appears on:ScrapeConfigSpec)
EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config
The EC2 service discovery requires AWS API keys or role ARN for authentication. BasicAuth, Authorization and OAuth2 fields are not present on purpose.
Field | Description |
---|---|
region string |
(Optional)
The AWS region. |
accessKey Kubernetes core/v1.SecretKeySelector |
(Optional)
AccessKey is the AWS API key. |
secretKey Kubernetes core/v1.SecretKeySelector |
(Optional)
SecretKey is the AWS API secret. |
roleARN string |
(Optional)
AWS Role ARN, an alternative to using AWS API keys. |
port int32 |
(Optional)
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. |
refreshInterval Duration |
(Optional)
RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. |
filters Filters |
(Optional)
Filters can be used optionally to filter the instance list by other criteria. Available filter criteria can be found here: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html It requires Prometheus >= v2.3.0 |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to connect to the AWS EC2 API. It requires Prometheus >= v2.41.0 |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. It requires Prometheus >= v2.41.0 |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. It requires Prometheus >= v2.41.0 |
EmailConfig
(Appears on:Receiver)
EmailConfig configures notifications via Email.
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
to string |
(Optional)
The email address to send notifications to. |
from string |
(Optional)
The sender address. |
hello string |
(Optional)
The hostname to identify to the SMTP server. |
smarthost string |
(Optional)
The SMTP host and port through which emails are sent. E.g. example.com:25 |
authUsername string |
(Optional)
The username to use for authentication. |
authPassword Kubernetes core/v1.SecretKeySelector |
The secret’s key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
authSecret Kubernetes core/v1.SecretKeySelector |
The secret’s key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
authIdentity string |
(Optional)
The identity to use for authentication. |
headers []KeyValue |
Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. |
html string |
(Optional)
The HTML body of the email notification. |
text string |
(Optional)
The text body of the email notification. |
requireTLS bool |
(Optional)
The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration |
EurekaSDConfig
(Appears on:ScrapeConfigSpec)
Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. Prometheus will periodically check the REST endpoint and create a target for every app instance. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config
Field | Description |
---|---|
server string |
The URL to connect to the Eureka server. |
basicAuth BasicAuth |
(Optional)
BasicAuth information to use on every scrape request. |
authorization SafeAuthorization |
(Optional)
Authorization header to use on every scrape request. |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration.
Cannot be set at the same time as |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration applying to the target HTTP endpoint. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
refreshInterval Duration |
(Optional)
Refresh interval to re-read the instance list. |
FileSDConfig
(Appears on:ScrapeConfigSpec)
FileSDConfig defines a Prometheus file service discovery configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config
Field | Description |
---|---|
files []SDFile |
List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the prometheus-operator project makes no guarantees about the working directory where the configuration file is stored. Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. |
refreshInterval Duration |
(Optional)
RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files. |
Filter
Filter name and value pairs to limit the discovery process to a subset of available resources.
Field | Description |
---|---|
name string |
Name of the Filter. |
values []string |
Value to filter on. |
Filters
([]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1.Filter
alias)
(Appears on:DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig)
GCESDConfig
(Appears on:ScrapeConfigSpec)
GCESDConfig configures scrape targets from GCP GCE instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config
The GCE service discovery will load the Google Cloud credentials from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
A pre-requisite for using GCESDConfig is that a Secret containing valid
Google Cloud credentials is mounted into the Prometheus or PrometheusAgent
pod via the .spec.secrets
field and that the GOOGLE_APPLICATION_CREDENTIALS
environment variable is set to /etc/prometheus/secrets/
Field | Description |
---|---|
project string |
The Google Cloud Project ID |
zone string |
The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs. |
filter string |
(Optional)
Filter can be used optionally to filter the instance list by other criteria Syntax of this filter is described in the filter query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list |
refreshInterval Duration |
(Optional)
RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. |
port int |
(Optional)
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. |
tagSeparator string |
(Optional)
The tag separator is used to separate the tags on concatenation |
HTTPConfig
(Appears on:DiscordConfig, MSTeamsConfig, OpsGenieConfig, PagerDutyConfig, PushoverConfig, SNSConfig, SlackConfig, TelegramConfig, VictorOpsConfig, WeChatConfig, WebexConfig, WebhookConfig)
HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config
Field | Description |
---|---|
authorization SafeAuthorization |
(Optional)
Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. |
basicAuth BasicAuth |
(Optional)
BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. |
oauth2 OAuth2 |
(Optional)
OAuth2 client credentials used to fetch a token for the targets. |
bearerTokenSecret Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration for the client. |
proxyURL string |
(Optional)
Optional proxy URL. If defined, this field takes precedence over |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
FollowRedirects specifies whether the client should follow HTTP 3xx redirects. |
HTTPSDConfig
(Appears on:ScrapeConfigSpec)
HTTPSDConfig defines a prometheus HTTP service discovery configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config
Field | Description |
---|---|
url string |
URL from which the targets are fetched. |
refreshInterval Duration |
(Optional)
RefreshInterval configures the refresh interval at which Prometheus will re-query the endpoint to update the target list. |
basicAuth BasicAuth |
(Optional)
BasicAuth information to authenticate against the target HTTP endpoint.
More info: https://prometheus.io/docs/operating/configuration/#endpoints
Cannot be set at the same time as |
authorization SafeAuthorization |
(Optional)
Authorization header configuration to authenticate against the target HTTP endpoint.
Cannot be set at the same time as |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint.
Cannot be set at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration applying to the target HTTP endpoint. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
HetznerSDConfig
(Appears on:ScrapeConfigSpec)
HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. This service discovery uses the public IPv4 address by default, but that can be changed with relabeling See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config
Field | Description |
---|---|
role string |
The Hetzner role of entities that should be discovered. |
basicAuth BasicAuth |
(Optional)
BasicAuth information to use on every scrape request, required when role is robot. Role hcloud does not support basic auth. |
authorization SafeAuthorization |
(Optional)
Authorization header configuration, required when role is hcloud. Role robot does not support bearer token authentication. |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration.
Cannot be used at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to use on every scrape request. |
port int |
(Optional)
The port to scrape metrics from. |
refreshInterval Duration |
(Optional)
The time after which the servers are refreshed. |
InhibitRule
(Appears on:AlertmanagerConfigSpec)
InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule
Field | Description |
---|---|
targetMatch []Matcher |
Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace. |
sourceMatch []Matcher |
Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace. |
equal []string |
Labels that must have an equal value in the source and target alert for the inhibition to take effect. |
IonosSDConfig
(Appears on:ScrapeConfigSpec)
IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config
Field | Description |
---|---|
datacenterID string |
The unique ID of the IONOS data center. |
port int32 |
(Optional)
Port to scrape the metrics from. |
refreshInterval Duration |
(Optional)
Refresh interval to re-read the list of resources. |
authorization SafeAuthorization |
Authorization` header configuration, required when using IONOS. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to use when connecting to the IONOS API. |
followRedirects bool |
(Optional)
Configure whether the HTTP requests should follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Configure whether to enable HTTP2. |
K8SSelectorConfig
(Appears on:KubernetesSDConfig)
K8SSelectorConfig is Kubernetes Selector Config
Field | Description |
---|---|
role KubernetesRole |
Role specifies the type of Kubernetes resource to limit the service discovery to. Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress. |
label string |
(Optional)
An optional label selector to limit the service discovery to resources with specific labels and label values.
e.g: |
field string |
(Optional)
An optional field selector to limit the service discovery to resources which have fields with specific values.
e.g: |
KeyValue
(Appears on:EmailConfig, OpsGenieConfig, PagerDutyConfig, VictorOpsConfig)
KeyValue defines a (key, value) tuple.
Field | Description |
---|---|
key string |
Key of the tuple. |
value string |
Value of the tuple. |
KubernetesRole
(string
alias)
(Appears on:K8SSelectorConfig, KubernetesSDConfig)
Value | Description |
---|---|
"Endpoints" |
|
"EndpointSlice" |
|
"Ingress" |
|
"Node" |
|
"Pod" |
|
"Service" |
KubernetesSDConfig
(Appears on:ScrapeConfigSpec)
KubernetesSDConfig allows retrieving scrape targets from Kubernetes’ REST API. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config
Field | Description |
---|---|
apiServer string |
(Optional)
The API server address consisting of a hostname or IP address followed by an optional port number. If left empty, Prometheus is assumed to run inside of the cluster. It will discover API servers automatically and use the pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. |
role KubernetesRole |
Role of the Kubernetes entities that should be discovered.
Role |
namespaces NamespaceDiscovery |
(Optional)
Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. |
attachMetadata AttachMetadata |
(Optional)
Optional metadata to attach to discovered targets.
It requires Prometheus >= v2.35.0 when using the |
selectors []K8SSelectorConfig |
(Optional)
Selector to select objects. It requires Prometheus >= v2.17.0 |
basicAuth BasicAuth |
(Optional)
BasicAuth information to use on every scrape request.
Cannot be set at the same time as |
authorization SafeAuthorization |
(Optional)
Authorization header to use on every scrape request.
Cannot be set at the same time as |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration.
Cannot be set at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to connect to the Kubernetes API. |
KumaSDConfig
(Appears on:ScrapeConfigSpec)
KumaSDConfig allow retrieving scrape targets from Kuma’s control plane. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config
Field | Description |
---|---|
server string |
Address of the Kuma Control Plane’s MADS xDS server. |
clientID string |
(Optional)
Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend. |
refreshInterval Duration |
(Optional)
The time to wait between polling update requests. |
fetchTimeout Duration |
(Optional)
The time after which the monitoring assignments are refreshed. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to use on every scrape request |
basicAuth BasicAuth |
(Optional)
BasicAuth information to use on every scrape request. |
authorization SafeAuthorization |
(Optional)
Authorization header to use on every scrape request. |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration.
Cannot be set at the same time as |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
LightSailSDConfig
(Appears on:ScrapeConfigSpec)
LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances.
See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config
TODO: Need to document that we will not be supporting the _file
fields.
Field | Description |
---|---|
region string |
(Optional)
The AWS region. |
accessKey Kubernetes core/v1.SecretKeySelector |
(Optional)
AccessKey is the AWS API key. |
secretKey Kubernetes core/v1.SecretKeySelector |
(Optional)
SecretKey is the AWS API secret. |
roleARN string |
(Optional)
AWS Role ARN, an alternative to using AWS API keys. |
endpoint string |
(Optional)
Custom endpoint to be used. |
refreshInterval Duration |
(Optional)
Refresh interval to re-read the list of instances. |
port int32 |
Port to scrape the metrics from. If using the public IP address, this must instead be specified in the relabeling rule. |
basicAuth BasicAuth |
(Optional)
Optional HTTP basic authentication information.
Cannot be set at the same time as |
authorization SafeAuthorization |
(Optional)
Optional |
oauth2 OAuth2 |
(Optional)
Optional OAuth2.0 configuration.
Cannot be set at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to connect to the Puppet DB. |
followRedirects bool |
(Optional)
Configure whether the HTTP requests should follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Configure whether to enable HTTP2. |
LinodeSDConfig
(Appears on:ScrapeConfigSpec)
LinodeSDConfig configurations allow retrieving scrape targets from Linode’s Linode APIv4. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config
Field | Description |
---|---|
region string |
(Optional)
Optional region to filter on. |
port int32 |
(Optional)
Default port to scrape metrics from. |
tagSeparator string |
(Optional)
The string by which Linode Instance tags are joined into the tag label. |
refreshInterval Duration |
(Optional)
Time after which the linode instances are refreshed. |
authorization SafeAuthorization |
(Optional)
Authorization header configuration. |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration.
Cannot be used at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration applying to the target HTTP endpoint. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
MSTeamsConfig
(Appears on:Receiver)
MSTeamsConfig configures notifications via Microsoft Teams. It requires Alertmanager >= 0.26.0.
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether to notify about resolved alerts. |
webhookUrl Kubernetes core/v1.SecretKeySelector |
MSTeams webhook URL. |
title string |
(Optional)
Message title template. |
summary string |
(Optional)
Message summary template. It requires Alertmanager >= 0.27.0. |
text string |
(Optional)
Message body template. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
MatchType
(string
alias)
(Appears on:Matcher)
MatchType is a comparison operator on a Matcher
Value | Description |
---|---|
"=" |
|
"!=" |
|
"!~" |
|
"=~" |
Matcher
(Appears on:InhibitRule, Route)
Matcher defines how to match on alert’s labels.
Field | Description |
---|---|
name string |
Label to match. |
value string |
(Optional)
Label value to match. |
matchType MatchType |
(Optional)
Match operation available with AlertManager >= v0.22.0 and takes precedence over Regex (deprecated) if non-empty. |
regex bool |
(Optional)
Whether to match on equality (false) or regular-expression (true).
Deprecated: for AlertManager >= v0.22.0, |
Month
(string
alias)
Month of the year
Value | Description |
---|---|
"april" |
|
"august" |
|
"december" |
|
"february" |
|
"january" |
|
"july" |
|
"june" |
|
"march" |
|
"may" |
|
"november" |
|
"october" |
|
"september" |
MonthRange
(string
alias)
(Appears on:TimeInterval)
MonthRange is an inclusive range of months of the year beginning in January Months can be specified by name (e.g ‘January’) by numerical month (e.g ‘1’) or as an inclusive range (e.g ‘January:March’, ‘1:3’, ‘1:March’)
MuteTimeInterval
(Appears on:AlertmanagerConfigSpec)
MuteTimeInterval specifies the periods in time when notifications will be muted
Field | Description |
---|---|
name string |
Name of the time interval |
timeIntervals []TimeInterval |
TimeIntervals is a list of TimeInterval |
NamespaceDiscovery
(Appears on:KubernetesSDConfig)
NamespaceDiscovery is the configuration for discovering Kubernetes namespaces.
Field | Description |
---|---|
ownNamespace bool |
(Optional)
Includes the namespace in which the Prometheus pod runs to the list of watched namespaces. |
names []string |
(Optional)
List of namespaces where to watch for resources.
If empty and |
NomadSDConfig
(Appears on:ScrapeConfigSpec)
NomadSDConfig configurations allow retrieving scrape targets from Nomad’s Service API. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config
Field | Description |
---|---|
allowStale bool |
(Optional)
The information to access the Nomad API. It is to be defined as the Nomad documentation requires. |
namespace string |
(Optional) |
refreshInterval Duration |
(Optional) |
region string |
(Optional) |
server string |
|
tagSeparator string |
(Optional) |
basicAuth BasicAuth |
(Optional)
BasicAuth information to use on every scrape request. |
authorization SafeAuthorization |
(Optional)
Authorization header to use on every scrape request. |
oauth2 OAuth2 |
(Optional)
Optional OAuth 2.0 configuration.
Cannot be set at the same time as |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration applying to the target HTTP endpoint. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
OVHCloudSDConfig
(Appears on:ScrapeConfigSpec)
OVHCloudSDConfig configurations allow retrieving scrape targets from OVHcloud’s dedicated servers and VPS using their API. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ovhcloud_sd_config
Field | Description |
---|---|
applicationKey string |
Access key to use. https://api.ovh.com. |
applicationSecret Kubernetes core/v1.SecretKeySelector |
|
consumerKey Kubernetes core/v1.SecretKeySelector |
|
service OVHService |
Service of the targets to retrieve. Must be |
endpoint string |
(Optional)
Custom endpoint to be used. |
refreshInterval Duration |
(Optional)
Refresh interval to re-read the resources list. |
OVHService
(string
alias)
(Appears on:OVHCloudSDConfig)
Service of the targets to retrieve. Must be VPS
or DedicatedServer
.
Value | Description |
---|---|
"DedicatedServer" |
|
"VPS" |
OpenStackSDConfig
(Appears on:ScrapeConfigSpec)
OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config
Field | Description |
---|---|
role string |
The OpenStack role of entities that should be discovered. |
region string |
The OpenStack Region. |
identityEndpoint string |
(Optional)
IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. |
username string |
(Optional)
Username is required if using Identity V2 API. Consult with your provider’s control panel to discover your account’s username. In Identity V3, either userid or a combination of username and domainId or domainName are needed |
userid string |
(Optional)
UserID |
password Kubernetes core/v1.SecretKeySelector |
(Optional)
Password for the Identity V2 and V3 APIs. Consult with your provider’s control panel to discover your account’s preferred method of authentication. |
domainName string |
(Optional)
At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. |
domainID string |
(Optional)
DomainID |
projectName string |
(Optional)
The ProjectId and ProjectName fields are optional for the Identity V2 API. Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider’s authentication policies will determine how these fields influence authentication. |
projectID string |
(Optional)
ProjectID |
applicationCredentialName string |
(Optional)
The ApplicationCredentialID or ApplicationCredentialName fields are required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. |
applicationCredentialId string |
(Optional)
ApplicationCredentialID |
applicationCredentialSecret Kubernetes core/v1.SecretKeySelector |
(Optional)
The applicationCredentialSecret field is required if using an application credential to authenticate. |
allTenants bool |
(Optional)
Whether the service discovery should list all instances for all projects. It is only relevant for the ‘instance’ role and usually requires admin permissions. |
refreshInterval Duration |
(Optional)
Refresh interval to re-read the instance list. |
port int |
(Optional)
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. |
availability string |
(Optional)
Availability of the endpoint to connect to. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration applying to the target HTTP endpoint. |
OpsGenieConfig
(Appears on:Receiver)
OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiKey Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
apiURL string |
(Optional)
The URL to send OpsGenie API requests to. |
message string |
(Optional)
Alert text limited to 130 characters. |
description string |
(Optional)
Description of the incident. |
source string |
(Optional)
Backlink to the sender of the notification. |
tags string |
(Optional)
Comma separated list of tags attached to the notifications. |
note string |
(Optional)
Additional alert note. |
priority string |
(Optional)
Priority level of alert. Possible values are P1, P2, P3, P4, and P5. |
updateAlerts bool |
(Optional)
Whether to update message and description of the alert in OpsGenie if it already exists By default, the alert is never updated in OpsGenie, the new message only appears in activity log. |
details []KeyValue |
(Optional)
A set of arbitrary key/value pairs that provide further detail about the incident. |
responders []OpsGenieConfigResponder |
(Optional)
List of responders responsible for notifications. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
entity string |
(Optional)
Optional field that can be used to specify which domain alert is related to. |
actions string |
(Optional)
Comma separated list of actions that will be available for the alert. |
OpsGenieConfigResponder
(Appears on:OpsGenieConfig)
OpsGenieConfigResponder defines a responder to an incident.
One of id
, name
or username
has to be defined.
Field | Description |
---|---|
id string |
(Optional)
ID of the responder. |
name string |
(Optional)
Name of the responder. |
username string |
(Optional)
Username of the responder. |
type string |
Type of responder. |
PagerDutyConfig
(Appears on:Receiver)
PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
routingKey Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the PagerDuty integration key (when using
Events API v2). Either this field or |
serviceKey Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the PagerDuty service key (when using
integration type “Prometheus”). Either this field or |
url string |
(Optional)
The URL to send requests to. |
client string |
(Optional)
Client identification. |
clientURL string |
(Optional)
Backlink to the sender of notification. |
description string |
(Optional)
Description of the incident. |
severity string |
(Optional)
Severity of the incident. |
class string |
(Optional)
The class/type of the event. |
group string |
(Optional)
A cluster or grouping of sources. |
component string |
(Optional)
The part or component of the affected system that is broken. |
details []KeyValue |
(Optional)
Arbitrary key/value pairs that provide further detail about the incident. |
pagerDutyImageConfigs []PagerDutyImageConfig |
(Optional)
A list of image details to attach that provide further detail about an incident. |
pagerDutyLinkConfigs []PagerDutyLinkConfig |
(Optional)
A list of link details to attach that provide further detail about an incident. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
source string |
(Optional)
Unique location of the affected system. |
PagerDutyImageConfig
(Appears on:PagerDutyConfig)
PagerDutyImageConfig attaches images to an incident
Field | Description |
---|---|
src string |
(Optional)
Src of the image being attached to the incident |
href string |
(Optional)
Optional URL; makes the image a clickable link. |
alt string |
(Optional)
Alt is the optional alternative text for the image. |
PagerDutyLinkConfig
(Appears on:PagerDutyConfig)
PagerDutyLinkConfig attaches text links to an incident
Field | Description |
---|---|
href string |
(Optional)
Href is the URL of the link to be attached |
alt string |
(Optional)
Text that describes the purpose of the link, and can be used as the link’s text. |
ParsedRange
ParsedRange is an integer representation of a range
Field | Description |
---|---|
start int |
Start is the beginning of the range |
end int |
End of the range |
PrometheusAgentSpec
(Appears on:PrometheusAgent)
PrometheusAgentSpec is a specification of the desired behavior of the Prometheus agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Field | Description |
---|---|
mode string |
(Optional)
Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). For now this field has no effect. (Alpha) Using this field requires the |
podMetadata EmbeddedObjectMetadata |
PodMetadata configures labels and annotations which are propagated to the Prometheus pods. The following items are reserved and cannot be overridden: * “prometheus” label, set to the name of the Prometheus object. * “app.kubernetes.io/instance” label, set to the name of the Prometheus object. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “prometheus”. * “app.kubernetes.io/version” label, set to the Prometheus version. * “operator.prometheus.io/name” label, set to the name of the Prometheus object. * “operator.prometheus.io/shard” label, set to the shard number of the Prometheus object. * “kubectl.kubernetes.io/default-container” annotation, set to “prometheus”. |
serviceMonitorSelector Kubernetes meta/v1.LabelSelector |
ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If |
serviceMonitorNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. |
podMonitorSelector Kubernetes meta/v1.LabelSelector |
PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If |
podMonitorNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. |
probeSelector Kubernetes meta/v1.LabelSelector |
Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If |
probeNamespaceSelector Kubernetes meta/v1.LabelSelector |
Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. |
scrapeConfigSelector Kubernetes meta/v1.LabelSelector |
(Optional)
ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If Note that the ScrapeConfig custom resource definition is currently at Alpha level. |
scrapeConfigNamespaceSelector Kubernetes meta/v1.LabelSelector |
(Optional)
Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. Note that the ScrapeConfig custom resource definition is currently at Alpha level. |
version string |
Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. |
paused bool |
When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. |
image string |
(Optional)
Container image name for Prometheus. If specified, it takes precedence
over the Specifying If neither |
imagePullPolicy Kubernetes core/v1.PullPolicy |
Image pull policy for the ‘prometheus’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. |
imagePullSecrets []Kubernetes core/v1.LocalObjectReference |
An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod |
replicas int32 |
(Optional)
Number of replicas of each shard to deploy for a Prometheus deployment.
Default: 1 |
shards int32 |
(Optional)
Number of shards to distribute scraped targets onto.
When not defined, the operator assumes only one shard. Note that scaling down shards will not reshard data onto the remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. Alerting and recording rules By default, the sharding is performed on:
* The Users can define their own sharding implementation by setting the
|
replicaExternalLabelName string |
(Optional)
Name of Prometheus external label used to denote the replica name.
The external label will not be added when the field is set to the
empty string ( Default: “prometheus_replica” |
prometheusExternalLabelName string |
(Optional)
Name of Prometheus external label used to denote the Prometheus instance
name. The external label will not be added when the field is set to
the empty string ( Default: “prometheus” |
logLevel string |
Log level for Prometheus and the config-reloader sidecar. |
logFormat string |
Log format for Log level for Prometheus and the config-reloader sidecar. |
scrapeInterval Duration |
Interval between consecutive scrapes. Default: “30s” |
scrapeTimeout Duration |
Number of seconds to wait until a scrape request times out. |
scrapeProtocols []ScrapeProtocol |
(Optional)
The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). If unset, Prometheus uses its default value. It requires Prometheus >= v2.49.0.
|
externalLabels map[string]string |
The labels to add to any time series or alerts when communicating with
external systems (federation, remote storage, Alertmanager).
Labels defined by |
enableRemoteWriteReceiver bool |
Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver It requires Prometheus >= v2.33.0. |
enableOTLPReceiver bool |
(Optional)
Enable Prometheus to be used as a receiver for the OTLP Metrics protocol. Note that the OTLP receiver endpoint is automatically enabled if It requires Prometheus >= v2.47.0. |
remoteWriteReceiverMessageVersions []RemoteWriteMessageVersion |
(Optional)
List of the protobuf message versions to accept when receiving the remote writes. It requires Prometheus >= v2.54.0. |
enableFeatures []EnableFeature |
(Optional)
Enable access to Prometheus feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ |
externalUrl string |
The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource). |
routePrefix string |
The route prefix Prometheus registers HTTP handlers for. This is useful when using |
storage StorageSpec |
Storage defines the storage used by Prometheus. |
volumes []Kubernetes core/v1.Volume |
Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. |
volumeMounts []Kubernetes core/v1.VolumeMount |
VolumeMounts allows the configuration of additional VolumeMounts. VolumeMounts will be appended to other VolumeMounts in the ‘prometheus’ container, that are generated as a result of StorageSpec objects. |
persistentVolumeClaimRetentionPolicy Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy |
(Optional)
The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate. |
web PrometheusWebSpec |
Defines the configuration of the Prometheus web server. |
resources Kubernetes core/v1.ResourceRequirements |
Defines the resources requests and limits of the ‘prometheus’ container. |
nodeSelector map[string]string |
Defines on which Nodes the Pods are scheduled. |
serviceAccountName string |
ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. |
automountServiceAccountToken bool |
(Optional)
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn’t set, the operator mounts the service account token by default. Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container. |
secrets []string |
Secrets is a list of Secrets in the same namespace as the Prometheus
object, which shall be mounted into the Prometheus Pods.
Each Secret is added to the StatefulSet definition as a volume named |
configMaps []string |
ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus
object, which shall be mounted into the Prometheus Pods.
Each ConfigMap is added to the StatefulSet definition as a volume named |
affinity Kubernetes core/v1.Affinity |
(Optional)
Defines the Pods’ affinity scheduling rules if specified. |
tolerations []Kubernetes core/v1.Toleration |
(Optional)
Defines the Pods’ tolerations if specified. |
topologySpreadConstraints []TopologySpreadConstraint |
(Optional)
Defines the pod’s topology spread constraints if specified. |
remoteWrite []RemoteWriteSpec |
(Optional)
Defines the list of remote write configurations. |
otlp OTLPConfig |
(Optional)
Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. |
securityContext Kubernetes core/v1.PodSecurityContext |
(Optional)
SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. |
dnsPolicy DNSPolicy |
(Optional)
Defines the DNS policy for the pods. |
dnsConfig PodDNSConfig |
(Optional)
Defines the DNS configuration for the pods. |
listenLocal bool |
When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address. |
containers []Kubernetes core/v1.Container |
(Optional)
Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The names of containers managed by the operator are:
* Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. |
initContainers []Kubernetes core/v1.Container |
(Optional)
InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The names of init container name managed by the operator are:
* Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. |
additionalScrapeConfigs Kubernetes core/v1.SecretKeySelector |
(Optional)
AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade. |
apiserverConfig APIServerConfig |
(Optional)
APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. |
priorityClassName string |
Priority class assigned to the Pods. |
portName string |
Port name used for the pods and governing service. Default: “web” |
arbitraryFSAccessThroughSMs ArbitraryFSAccessThroughSMsConfig |
When true, ServiceMonitor, PodMonitor and Probe object are forbidden to
reference arbitrary files on the file system of the ‘prometheus’
container.
When a ServiceMonitor’s endpoint specifies a |
overrideHonorLabels bool |
When true, Prometheus resolves label conflicts by renaming the labels in the scraped data
to “exported_” for all targets created from ServiceMonitor, PodMonitor and
ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.
In practice, |
overrideHonorTimestamps bool |
When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies. |
ignoreNamespaceSelectors bool |
When true, |
enforcedNamespaceLabel string |
When not empty, a label will be added to:
The label will not added for objects referenced in The label’s name is this field’s value.
The label’s value is the namespace of the |
enforcedSampleLimit uint64 |
(Optional)
When defined, enforcedSampleLimit specifies a global limit on the number
of scraped samples that will be accepted. This overrides any
It is meant to be used by admins to keep the overall number of samples/series under a desired limit. When both |
enforcedTargetLimit uint64 |
(Optional)
When defined, enforcedTargetLimit specifies a global limit on the number
of scraped targets. The value overrides any It is meant to be used by admins to to keep the overall number of targets under a desired limit. When both |
enforcedLabelLimit uint64 |
(Optional)
When defined, enforcedLabelLimit specifies a global limit on the number
of labels per sample. The value overrides any It requires Prometheus >= v2.27.0. When both |
enforcedLabelNameLengthLimit uint64 |
(Optional)
When defined, enforcedLabelNameLengthLimit specifies a global limit on the length
of labels name per sample. The value overrides any It requires Prometheus >= v2.27.0. When both |
enforcedLabelValueLengthLimit uint64 |
(Optional)
When not null, enforcedLabelValueLengthLimit defines a global limit on the length
of labels value per sample. The value overrides any It requires Prometheus >= v2.27.0. When both |
enforcedKeepDroppedTargets uint64 |
(Optional)
When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets
dropped by relabeling that will be kept in memory. The value overrides
any It requires Prometheus >= v2.47.0. When both |
enforcedBodySizeLimit ByteSize |
When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. It requires Prometheus >= v2.28.0. When both |
nameValidationScheme NameValidationSchemeOptions |
(Optional)
Specifies the validation scheme for metric and label names. |
minReadySeconds uint32 |
(Optional)
Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. |
hostAliases []HostAlias |
(Optional)
Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified. |
additionalArgs []Argument |
(Optional)
AdditionalArgs allows setting additional arguments for the ‘prometheus’ container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. |
walCompression bool |
(Optional)
Configures compression of the write-ahead log (WAL) using Snappy. WAL compression is enabled by default for Prometheus >= 2.20.0 Requires Prometheus v2.11.0 and above. |
excludedFromEnforcement []ObjectReference |
(Optional)
List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. It is only applicable if |
hostNetwork bool |
Use the host’s network namespace if true. Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). When hostNetwork is enabled, this will set the DNS policy to
|
podTargetLabels []string |
(Optional)
PodTargetLabels are appended to the |
tracingConfig PrometheusTracingConfig |
(Optional)
TracingConfig configures tracing in Prometheus. This is an experimental feature, it may change in any upcoming release in a breaking way. |
bodySizeLimit ByteSize |
(Optional)
BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. |
sampleLimit uint64 |
(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. |
targetLimit uint64 |
(Optional)
TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. |
labelLimit uint64 |
(Optional)
Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. |
labelNameLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. |
labelValueLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. |
keepDroppedTargets uint64 |
(Optional)
Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. |
reloadStrategy ReloadStrategyType |
(Optional)
Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint. |
maximumStartupDurationSeconds int32 |
(Optional)
Defines the maximum time that the |
scrapeClasses []ScrapeClass |
List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. This is an experimental feature, it may change in any upcoming release in a breaking way. |
serviceDiscoveryRole ServiceDiscoveryRole |
(Optional)
Defines the service discovery role used to discover targets from
If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role. |
tsdb TSDBSpec |
(Optional)
Defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. |
runtime RuntimeConfig |
(Optional)
RuntimeConfig configures the values for the Prometheus process behavior |
PuppetDBSDConfig
(Appears on:ScrapeConfigSpec)
PuppetDBSDConfig configurations allow retrieving scrape targets from PuppetDB resources. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#puppetdb_sd_config
Field | Description |
---|---|
url string |
The URL of the PuppetDB root query endpoint. |
query string |
Puppet Query Language (PQL) query. Only resources are supported. https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html |
includeParameters bool |
(Optional)
Whether to include the parameters as meta labels. Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure that you don’t have secrets exposed as parameters if you enable this. |
refreshInterval Duration |
(Optional)
Refresh interval to re-read the list of resources. |
port int32 |
Port to scrape the metrics from. |
basicAuth BasicAuth |
(Optional)
Optional HTTP basic authentication information.
Cannot be set at the same time as |
authorization SafeAuthorization |
(Optional)
Optional |
oauth2 OAuth2 |
(Optional)
Optional OAuth2.0 configuration.
Cannot be set at the same time as |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to connect to the Puppet DB. |
followRedirects bool |
(Optional)
Configure whether the HTTP requests should follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Configure whether to enable HTTP2. |
PushoverConfig
(Appears on:Receiver)
PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
userKey Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the recipient user’s user key.
The secret needs to be in the same namespace as the AlertmanagerConfig
object and accessible by the Prometheus Operator.
Either |
userKeyFile string |
(Optional)
The user key file that contains the recipient user’s user key.
Either |
token Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the registered application’s API token, see https://pushover.net/apps.
The secret needs to be in the same namespace as the AlertmanagerConfig
object and accessible by the Prometheus Operator.
Either |
tokenFile string |
(Optional)
The token file that contains the registered application’s API token, see https://pushover.net/apps.
Either |
title string |
(Optional)
Notification title. |
message string |
(Optional)
Notification message. |
url string |
(Optional)
A supplementary URL shown alongside the message. |
urlTitle string |
(Optional)
A title for supplementary URL, otherwise just the URL is shown |
ttl Duration |
(Optional)
The time to live definition for the alert notification |
device string |
(Optional)
The name of a device to send the notification to |
sound string |
(Optional)
The name of one of the sounds supported by device clients to override the user’s default sound choice |
priority string |
(Optional)
Priority, see https://pushover.net/api#priority |
retry string |
(Optional)
How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. |
expire string |
(Optional)
How long your notification will continue to be retried for, unless the user acknowledges the notification. |
html bool |
(Optional)
Whether notification message is HTML or plain text. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
Receiver
(Appears on:AlertmanagerConfigSpec)
Receiver defines one or more notification integrations.
Field | Description |
---|---|
name string |
Name of the receiver. Must be unique across all items from the list. |
opsgenieConfigs []OpsGenieConfig |
List of OpsGenie configurations. |
pagerdutyConfigs []PagerDutyConfig |
List of PagerDuty configurations. |
discordConfigs []DiscordConfig |
(Optional)
List of Discord configurations. |
slackConfigs []SlackConfig |
List of Slack configurations. |
webhookConfigs []WebhookConfig |
List of webhook configurations. |
wechatConfigs []WeChatConfig |
List of WeChat configurations. |
emailConfigs []EmailConfig |
List of Email configurations. |
victoropsConfigs []VictorOpsConfig |
List of VictorOps configurations. |
pushoverConfigs []PushoverConfig |
List of Pushover configurations. |
snsConfigs []SNSConfig |
List of SNS configurations |
telegramConfigs []TelegramConfig |
List of Telegram configurations. |
webexConfigs []WebexConfig |
List of Webex configurations. |
msteamsConfigs []MSTeamsConfig |
List of MSTeams configurations. It requires Alertmanager >= 0.26.0. |
Route
(Appears on:AlertmanagerConfigSpec)
Route defines a node in the routing tree.
Field | Description |
---|---|
receiver string |
(Optional)
Name of the receiver for this route. If not empty, it should be listed in
the |
groupBy []string |
(Optional)
List of labels to group by. Labels must not be repeated (unique list). Special label “…” (aggregate by all possible labels), if provided, must be the only element in the list. |
groupWait string |
(Optional)
How long to wait before sending the initial notification.
Must match the regular expression |
groupInterval string |
(Optional)
How long to wait before sending an updated notification.
Must match the regular expression |
repeatInterval string |
(Optional)
How long to wait before repeating the last notification.
Must match the regular expression |
matchers []Matcher |
(Optional)
List of matchers that the alert’s labels should match. For the first
level route, the operator removes any existing equality and regexp
matcher on the |
continue bool |
(Optional)
Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. |
routes []k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON |
Child routes. |
muteTimeIntervals []string |
(Optional)
Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn’t support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can’t validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched, |
activeTimeIntervals []string |
(Optional)
ActiveTimeIntervals is a list of MuteTimeInterval names when this route should be active. |
SDFile
(string
alias)
(Appears on:FileSDConfig)
SDFile represents a file used for service discovery
SNSConfig
(Appears on:Receiver)
SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiURL string |
(Optional)
The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used. |
sigv4 Sigv4 |
(Optional)
Configures AWS’s Signature Verification 4 signing process to sign requests. |
topicARN string |
(Optional)
SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don’t specify this value, you must specify a value for the PhoneNumber or TargetARN. |
subject string |
(Optional)
Subject line when the message is delivered to email endpoints. |
phoneNumber string |
(Optional)
Phone number if message is delivered via SMS in E.164 format. If you don’t specify this value, you must specify a value for the TopicARN or TargetARN. |
targetARN string |
(Optional)
The mobile platform endpoint ARN if message is delivered via mobile notifications. If you don’t specify this value, you must specify a value for the topic_arn or PhoneNumber. |
message string |
(Optional)
The message content of the SNS notification. |
attributes map[string]string |
(Optional)
SNS message attributes. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
ScalewayRole
(string
alias)
(Appears on:ScalewaySDConfig)
Role of the targets to retrieve. Must be Instance
or Baremetal
.
Value | Description |
---|---|
"Baremetal" |
|
"Instance" |
ScalewaySDConfig
(Appears on:ScrapeConfigSpec)
ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services.
See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config
TODO: Need to document that we will not be supporting the _file
fields.
Field | Description |
---|---|
accessKey string |
Access key to use. https://console.scaleway.com/project/credentials |
secretKey Kubernetes core/v1.SecretKeySelector |
Secret key to use when listing targets. |
projectID string |
Project ID of the targets. |
role ScalewayRole |
Service of the targets to retrieve. Must be |
port int32 |
(Optional)
The port to scrape metrics from. |
apiURL string |
(Optional)
API URL to use when doing the server listing requests. |
zone string |
(Optional)
Zone is the availability zone of your targets (e.g. fr-par-1). |
nameFilter string |
(Optional)
NameFilter specify a name filter (works as a LIKE) to apply on the server listing request. |
tagsFilter []string |
(Optional)
TagsFilter specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request. |
refreshInterval Duration |
(Optional)
Refresh interval to re-read the list of instances. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to use on every scrape request |
ScrapeConfigSpec
(Appears on:ScrapeConfig)
ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration.
Field | Description |
---|---|
jobName string |
(Optional)
The value of the The |
staticConfigs []StaticConfig |
(Optional)
StaticConfigs defines a list of static targets with a common label set. |
fileSDConfigs []FileSDConfig |
(Optional)
FileSDConfigs defines a list of file service discovery configurations. |
httpSDConfigs []HTTPSDConfig |
(Optional)
HTTPSDConfigs defines a list of HTTP service discovery configurations. |
kubernetesSDConfigs []KubernetesSDConfig |
(Optional)
KubernetesSDConfigs defines a list of Kubernetes service discovery configurations. |
consulSDConfigs []ConsulSDConfig |
(Optional)
ConsulSDConfigs defines a list of Consul service discovery configurations. |
dnsSDConfigs []DNSSDConfig |
(Optional)
DNSSDConfigs defines a list of DNS service discovery configurations. |
ec2SDConfigs []EC2SDConfig |
(Optional)
EC2SDConfigs defines a list of EC2 service discovery configurations. |
azureSDConfigs []AzureSDConfig |
(Optional)
AzureSDConfigs defines a list of Azure service discovery configurations. |
gceSDConfigs []GCESDConfig |
(Optional)
GCESDConfigs defines a list of GCE service discovery configurations. |
openstackSDConfigs []OpenStackSDConfig |
(Optional)
OpenStackSDConfigs defines a list of OpenStack service discovery configurations. |
digitalOceanSDConfigs []DigitalOceanSDConfig |
(Optional)
DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations. |
kumaSDConfigs []KumaSDConfig |
(Optional)
KumaSDConfigs defines a list of Kuma service discovery configurations. |
eurekaSDConfigs []EurekaSDConfig |
(Optional)
EurekaSDConfigs defines a list of Eureka service discovery configurations. |
dockerSDConfigs []DockerSDConfig |
(Optional)
DockerSDConfigs defines a list of Docker service discovery configurations. |
linodeSDConfigs []LinodeSDConfig |
(Optional)
LinodeSDConfigs defines a list of Linode service discovery configurations. |
hetznerSDConfigs []HetznerSDConfig |
(Optional)
HetznerSDConfigs defines a list of Hetzner service discovery configurations. |
nomadSDConfigs []NomadSDConfig |
(Optional)
NomadSDConfigs defines a list of Nomad service discovery configurations. |
dockerSwarmSDConfigs []DockerSwarmSDConfig |
(Optional)
DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations. |
puppetDBSDConfigs []PuppetDBSDConfig |
(Optional)
PuppetDBSDConfigs defines a list of PuppetDB service discovery configurations. |
lightSailSDConfigs []LightSailSDConfig |
(Optional)
LightsailSDConfigs defines a list of Lightsail service discovery configurations. |
ovhcloudSDConfigs []OVHCloudSDConfig |
(Optional)
OVHCloudSDConfigs defines a list of OVHcloud service discovery configurations. |
scalewaySDConfigs []ScalewaySDConfig |
(Optional)
ScalewaySDConfigs defines a list of Scaleway instances and baremetal service discovery configurations. |
ionosSDConfigs []IonosSDConfig |
(Optional)
IonosSDConfigs defines a list of IONOS service discovery configurations. |
relabelings []RelabelConfig |
(Optional)
RelabelConfigs defines how to rewrite the target’s labels before scraping.
Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
The original scrape job’s name is available via the |
metricsPath string |
(Optional)
MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics). |
scrapeInterval Duration |
(Optional)
ScrapeInterval is the interval between consecutive scrapes. |
scrapeTimeout Duration |
(Optional)
ScrapeTimeout is the number of seconds to wait until a scrape request times out. |
scrapeProtocols []ScrapeProtocol |
(Optional)
The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). If unset, Prometheus uses its default value. It requires Prometheus >= v2.49.0. |
fallbackScrapeProtocol ScrapeProtocol |
(Optional)
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. It requires Prometheus >= v3.0.0. |
honorTimestamps bool |
(Optional)
HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. |
trackTimestampsStaleness bool |
(Optional)
TrackTimestampsStaleness whether Prometheus tracks staleness of
the metrics that have an explicit timestamp present in scraped data.
Has no effect if |
honorLabels bool |
(Optional)
HonorLabels chooses the metric’s labels on collisions with target labels. |
params map[string][]string |
(Optional)
Optional HTTP URL parameters |
scheme string |
(Optional)
Configures the protocol scheme used for requests. If empty, Prometheus uses HTTP by default. |
enableCompression bool |
(Optional)
When false, Prometheus will request uncompressed response from the scraped target. It requires Prometheus >= v2.49.0. If unset, Prometheus uses true by default. |
enableHTTP2 bool |
(Optional)
Whether to enable HTTP2. |
basicAuth BasicAuth |
(Optional)
BasicAuth information to use on every scrape request. |
authorization SafeAuthorization |
(Optional)
Authorization header to use on every scrape request. |
oauth2 OAuth2 |
(Optional)
OAuth2 configuration to use on every scrape request. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration to use on every scrape request |
sampleLimit uint64 |
(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. |
targetLimit uint64 |
(Optional)
TargetLimit defines a limit on the number of scraped targets that will be accepted. |
labelLimit uint64 |
(Optional)
Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. |
labelNameLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. |
labelValueLengthLimit uint64 |
(Optional)
Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. |
scrapeClassicHistograms bool |
(Optional)
Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. |
nativeHistogramBucketLimit uint64 |
(Optional)
If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0. |
nativeHistogramMinBucketFactor k8s.io/apimachinery/pkg/api/resource.Quantity |
(Optional)
If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0. |
keepDroppedTargets uint64 |
(Optional)
Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. |
metricRelabelings []RelabelConfig |
(Optional)
MetricRelabelConfigs to apply to samples before ingestion. |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
scrapeClass string |
(Optional)
The scrape class to apply. |
SlackAction
(Appears on:SlackConfig)
SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.
Field | Description |
---|---|
type string |
|
text string |
|
url string |
(Optional) |
style string |
(Optional) |
name string |
(Optional) |
value string |
(Optional) |
confirm SlackConfirmationField |
(Optional) |
SlackConfig
(Appears on:Receiver)
SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiURL Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
channel string |
(Optional)
The channel or user to send notifications to. |
username string |
(Optional) |
color string |
(Optional) |
title string |
(Optional) |
titleLink string |
(Optional) |
pretext string |
(Optional) |
text string |
(Optional) |
fields []SlackField |
(Optional)
A list of Slack fields that are sent with each notification. |
shortFields bool |
(Optional) |
footer string |
(Optional) |
fallback string |
(Optional) |
callbackId string |
(Optional) |
iconEmoji string |
(Optional) |
iconURL string |
(Optional) |
imageURL string |
(Optional) |
thumbURL string |
(Optional) |
linkNames bool |
(Optional) |
mrkdwnIn []string |
(Optional) |
actions []SlackAction |
(Optional)
A list of Slack actions that are sent with each notification. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
SlackConfirmationField
(Appears on:SlackAction)
SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.
Field | Description |
---|---|
text string |
|
title string |
(Optional) |
okText string |
(Optional) |
dismissText string |
(Optional) |
SlackField
(Appears on:SlackConfig)
SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.
Field | Description |
---|---|
title string |
|
value string |
|
short bool |
(Optional) |
StaticConfig
(Appears on:ScrapeConfigSpec)
StaticConfig defines a Prometheus static configuration. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
Field | Description |
---|---|
targets []Target |
List of targets for this static configuration. |
labels map[string]string |
(Optional)
Labels assigned to all metrics scraped from the targets. |
Target
(string
alias)
(Appears on:StaticConfig)
Target represents a target for Prometheus to scrape kubebuilder:validation:MinLength:=1
TelegramConfig
(Appears on:Receiver)
TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether to notify about resolved alerts. |
apiURL string |
(Optional)
The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used. |
botToken Kubernetes core/v1.SecretKeySelector |
(Optional)
Telegram bot token. It is mutually exclusive with Either |
botTokenFile string |
(Optional)
File to read the Telegram bot token from. It is mutually exclusive with It requires Alertmanager >= v0.26.0. |
chatID int64 |
The Telegram chat ID. |
messageThreadID int64 |
(Optional)
The Telegram Group Topic ID. It requires Alertmanager >= 0.26.0. |
message string |
(Optional)
Message template |
disableNotifications bool |
(Optional)
Disable telegram notifications |
parseMode string |
(Optional)
Parse mode for telegram message |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
Time
(string
alias)
(Appears on:TimeRange)
Time defines a time in 24hr format
TimeInterval
(Appears on:MuteTimeInterval)
TimeInterval describes intervals of time
Field | Description |
---|---|
times []TimeRange |
(Optional)
Times is a list of TimeRange |
weekdays []WeekdayRange |
(Optional)
Weekdays is a list of WeekdayRange |
daysOfMonth []DayOfMonthRange |
(Optional)
DaysOfMonth is a list of DayOfMonthRange |
months []MonthRange |
(Optional)
Months is a list of MonthRange |
years []YearRange |
(Optional)
Years is a list of YearRange |
TimeRange
(Appears on:TimeInterval)
TimeRange defines a start and end time in 24hr format
Field | Description |
---|---|
startTime Time |
StartTime is the start time in 24hr format. |
endTime Time |
EndTime is the end time in 24hr format. |
URL
(string
alias)
(Appears on:WebexConfig)
URL represents a valid URL
VictorOpsConfig
(Appears on:Receiver)
VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiKey Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
apiUrl string |
(Optional)
The VictorOps API URL. |
routingKey string |
(Optional)
A key used to map the alert to a team. |
messageType string |
(Optional)
Describes the behavior of the alert (CRITICAL, WARNING, INFO). |
entityDisplayName string |
(Optional)
Contains summary of the alerted problem. |
stateMessage string |
(Optional)
Contains long explanation of the alerted problem. |
monitoringTool string |
(Optional)
The monitoring tool the state message is from. |
customFields []KeyValue |
(Optional)
Additional custom fields for notification. |
httpConfig HTTPConfig |
(Optional)
The HTTP client’s configuration. |
WeChatConfig
(Appears on:Receiver)
WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiSecret Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
apiURL string |
(Optional)
The WeChat API URL. |
corpID string |
(Optional)
The corp id for authentication. |
agentID string |
(Optional) |
toUser string |
(Optional) |
toParty string |
(Optional) |
toTag string |
(Optional) |
message string |
API request data as defined by the WeChat API. |
messageType string |
(Optional) |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
WebexConfig
(Appears on:Receiver)
WebexConfig configures notification via Cisco Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether to notify about resolved alerts. |
apiURL URL |
(Optional)
The Webex Teams API URL i.e. https://webexapis.com/v1/messages Provide if different from the default API URL. |
httpConfig HTTPConfig |
(Optional)
The HTTP client’s configuration.
You must supply the bot token via the |
message string |
(Optional)
Message template |
roomID string |
ID of the Webex Teams room where to send the messages. |
WebhookConfig
(Appears on:Receiver)
WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
url string |
(Optional)
The URL to send HTTP POST requests to. |
urlSecret Kubernetes core/v1.SecretKeySelector |
(Optional)
The secret’s key that contains the webhook URL to send HTTP requests to.
|
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
maxAlerts int32 |
(Optional)
Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. |
Weekday
(string
alias)
Weekday is day of the week
Value | Description |
---|---|
"friday" |
|
"monday" |
|
"saturday" |
|
"sunday" |
|
"thursday" |
|
"tuesday" |
|
"wednesday" |
WeekdayRange
(string
alias)
(Appears on:TimeInterval)
WeekdayRange is an inclusive range of days of the week beginning on Sunday Days can be specified by name (e.g ‘Sunday’) or as an inclusive range (e.g ‘Monday:Friday’)
YearRange
(string
alias)
(Appears on:TimeInterval)
YearRange is an inclusive range of years
monitoring.coreos.com/v1beta1
Resource Types:AlertmanagerConfig
The AlertmanagerConfig
custom resource definition (CRD) defines how Alertmanager
objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.
Alertmanager
objects select AlertmanagerConfig
objects using label and namespace selectors.
Field | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
apiVersion string |
monitoring.coreos.com/v1beta1
|
||||||||
kind string |
AlertmanagerConfig |
||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||
spec AlertmanagerConfigSpec |
|
AlertmanagerConfigSpec
(Appears on:AlertmanagerConfig)
AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration.
By definition, the Alertmanager configuration only applies to alerts for which
the namespace
label is equal to the namespace of the AlertmanagerConfig resource.
Field | Description |
---|---|
route Route |
(Optional)
The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. |
receivers []Receiver |
(Optional)
List of receivers. |
inhibitRules []InhibitRule |
(Optional)
List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace. |
timeIntervals []TimeInterval |
(Optional)
List of TimeInterval specifying when the routes should be muted or active. |
DayOfMonthRange
(Appears on:TimePeriod)
DayOfMonthRange is an inclusive range of days of the month beginning at 1
Field | Description |
---|---|
start int |
Start of the inclusive range |
end int |
End of the inclusive range |
DiscordConfig
(Appears on:Receiver)
DiscordConfig configures notifications via Discord. See https://prometheus.io/docs/alerting/latest/configuration/#discord_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiURL Kubernetes core/v1.SecretKeySelector |
The secret’s key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
title string |
(Optional)
The template of the message’s title. |
message string |
(Optional)
The template of the message’s body. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
EmailConfig
(Appears on:Receiver)
EmailConfig configures notifications via Email.
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
to string |
(Optional)
The email address to send notifications to. |
from string |
(Optional)
The sender address. |
hello string |
(Optional)
The hostname to identify to the SMTP server. |
smarthost string |
(Optional)
The SMTP host and port through which emails are sent. E.g. example.com:25 |
authUsername string |
(Optional)
The username to use for authentication. |
authPassword SecretKeySelector |
The secret’s key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
authSecret SecretKeySelector |
The secret’s key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
authIdentity string |
(Optional)
The identity to use for authentication. |
headers []KeyValue |
Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. |
html string |
(Optional)
The HTML body of the email notification. |
text string |
(Optional)
The text body of the email notification. |
requireTLS bool |
(Optional)
The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration |
HTTPConfig
(Appears on:DiscordConfig, MSTeamsConfig, OpsGenieConfig, PagerDutyConfig, PushoverConfig, SNSConfig, SlackConfig, TelegramConfig, VictorOpsConfig, WeChatConfig, WebexConfig, WebhookConfig)
HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config
Field | Description |
---|---|
authorization SafeAuthorization |
(Optional)
Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. |
basicAuth BasicAuth |
(Optional)
BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. |
oauth2 OAuth2 |
(Optional)
OAuth2 client credentials used to fetch a token for the targets. |
bearerTokenSecret SecretKeySelector |
(Optional)
The secret’s key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
tlsConfig SafeTLSConfig |
(Optional)
TLS configuration for the client. |
proxyURL string |
(Optional)
Optional proxy URL. If defined, this field takes precedence over |
proxyUrl string |
(Optional)
|
noProxy string |
(Optional)
It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyFromEnvironment bool |
(Optional)
Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
proxyConnectHeader map[string][]k8s.io/api/core/v1.SecretKeySelector |
(Optional)
ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. |
followRedirects bool |
(Optional)
FollowRedirects specifies whether the client should follow HTTP 3xx redirects. |
InhibitRule
(Appears on:AlertmanagerConfigSpec)
InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule
Field | Description |
---|---|
targetMatch []Matcher |
Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace. |
sourceMatch []Matcher |
Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace. |
equal []string |
Labels that must have an equal value in the source and target alert for the inhibition to take effect. |
KeyValue
(Appears on:EmailConfig, OpsGenieConfig, PagerDutyConfig, VictorOpsConfig)
KeyValue defines a (key, value) tuple.
Field | Description |
---|---|
key string |
Key of the tuple. |
value string |
Value of the tuple. |
MSTeamsConfig
(Appears on:Receiver)
MSTeamsConfig configures notifications via Microsoft Teams. It requires Alertmanager >= 0.26.0.
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether to notify about resolved alerts. |
webhookUrl Kubernetes core/v1.SecretKeySelector |
MSTeams webhook URL. |
title string |
(Optional)
Message title template. |
summary string |
(Optional)
Message summary template. It requires Alertmanager >= 0.27.0. |
text string |
(Optional)
Message body template. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
MatchType
(string
alias)
(Appears on:Matcher)
MatchType is a comparison operator on a Matcher
Value | Description |
---|---|
"=" |
|
"!=" |
|
"!~" |
|
"=~" |
Matcher
(Appears on:InhibitRule, Route)
Matcher defines how to match on alert’s labels.
Field | Description |
---|---|
name string |
Label to match. |
value string |
(Optional)
Label value to match. |
matchType MatchType |
Match operator, one of |
Month
(string
alias)
Month of the year
Value | Description |
---|---|
"april" |
|
"august" |
|
"december" |
|
"february" |
|
"january" |
|
"july" |
|
"june" |
|
"march" |
|
"may" |
|
"november" |
|
"october" |
|
"september" |
MonthRange
(string
alias)
(Appears on:TimePeriod)
MonthRange is an inclusive range of months of the year beginning in January Months can be specified by name (e.g ‘January’) by numerical month (e.g ‘1’) or as an inclusive range (e.g ‘January:March’, ‘1:3’, ‘1:March’)
OpsGenieConfig
(Appears on:Receiver)
OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiKey SecretKeySelector |
(Optional)
The secret’s key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
apiURL string |
(Optional)
The URL to send OpsGenie API requests to. |
message string |
(Optional)
Alert text limited to 130 characters. |
description string |
(Optional)
Description of the incident. |
source string |
(Optional)
Backlink to the sender of the notification. |
tags string |
(Optional)
Comma separated list of tags attached to the notifications. |
note string |
(Optional)
Additional alert note. |
priority string |
(Optional)
Priority level of alert. Possible values are P1, P2, P3, P4, and P5. |
details []KeyValue |
(Optional)
A set of arbitrary key/value pairs that provide further detail about the incident. |
responders []OpsGenieConfigResponder |
(Optional)
List of responders responsible for notifications. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
entity string |
(Optional)
Optional field that can be used to specify which domain alert is related to. |
actions string |
(Optional)
Comma separated list of actions that will be available for the alert. |
OpsGenieConfigResponder
(Appears on:OpsGenieConfig)
OpsGenieConfigResponder defines a responder to an incident.
One of id
, name
or username
has to be defined.
Field | Description |
---|---|
id string |
(Optional)
ID of the responder. |
name string |
(Optional)
Name of the responder. |
username string |
(Optional)
Username of the responder. |
type string |
Type of responder. |
PagerDutyConfig
(Appears on:Receiver)
PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
routingKey SecretKeySelector |
(Optional)
The secret’s key that contains the PagerDuty integration key (when using
Events API v2). Either this field or |
serviceKey SecretKeySelector |
(Optional)
The secret’s key that contains the PagerDuty service key (when using
integration type “Prometheus”). Either this field or |
url string |
(Optional)
The URL to send requests to. |
client string |
(Optional)
Client identification. |
clientURL string |
(Optional)
Backlink to the sender of notification. |
description string |
(Optional)
Description of the incident. |
severity string |
(Optional)
Severity of the incident. |
class string |
(Optional)
The class/type of the event. |
group string |
(Optional)
A cluster or grouping of sources. |
component string |
(Optional)
The part or component of the affected system that is broken. |
details []KeyValue |
(Optional)
Arbitrary key/value pairs that provide further detail about the incident. |
pagerDutyImageConfigs []PagerDutyImageConfig |
(Optional)
A list of image details to attach that provide further detail about an incident. |
pagerDutyLinkConfigs []PagerDutyLinkConfig |
(Optional)
A list of link details to attach that provide further detail about an incident. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
source string |
(Optional)
Unique location of the affected system. |
PagerDutyImageConfig
(Appears on:PagerDutyConfig)
PagerDutyImageConfig attaches images to an incident
Field | Description |
---|---|
src string |
(Optional)
Src of the image being attached to the incident |
href string |
(Optional)
Optional URL; makes the image a clickable link. |
alt string |
(Optional)
Alt is the optional alternative text for the image. |
PagerDutyLinkConfig
(Appears on:PagerDutyConfig)
PagerDutyLinkConfig attaches text links to an incident
Field | Description |
---|---|
href string |
(Optional)
Href is the URL of the link to be attached |
alt string |
(Optional)
Text that describes the purpose of the link, and can be used as the link’s text. |
ParsedRange
ParsedRange is an integer representation of a range
Field | Description |
---|---|
start int |
Start is the beginning of the range |
end int |
End of the range |
PushoverConfig
(Appears on:Receiver)
PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
userKey SecretKeySelector |
(Optional)
The secret’s key that contains the recipient user’s user key.
The secret needs to be in the same namespace as the AlertmanagerConfig
object and accessible by the Prometheus Operator.
Either |
userKeyFile string |
(Optional)
The user key file that contains the recipient user’s user key.
Either |
token SecretKeySelector |
(Optional)
The secret’s key that contains the registered application’s API token, see https://pushover.net/apps.
The secret needs to be in the same namespace as the AlertmanagerConfig
object and accessible by the Prometheus Operator.
Either |
tokenFile string |
(Optional)
The token file that contains the registered application’s API token, see https://pushover.net/apps.
Either |
title string |
(Optional)
Notification title. |
message string |
(Optional)
Notification message. |
url string |
(Optional)
A supplementary URL shown alongside the message. |
urlTitle string |
(Optional)
A title for supplementary URL, otherwise just the URL is shown |
ttl Duration |
(Optional)
The time to live definition for the alert notification |
device string |
(Optional)
The name of a device to send the notification to |
sound string |
(Optional)
The name of one of the sounds supported by device clients to override the user’s default sound choice |
priority string |
(Optional)
Priority, see https://pushover.net/api#priority |
retry string |
(Optional)
How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. |
expire string |
(Optional)
How long your notification will continue to be retried for, unless the user acknowledges the notification. |
html bool |
(Optional)
Whether notification message is HTML or plain text. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
Receiver
(Appears on:AlertmanagerConfigSpec)
Receiver defines one or more notification integrations.
Field | Description |
---|---|
name string |
Name of the receiver. Must be unique across all items from the list. |
opsgenieConfigs []OpsGenieConfig |
List of OpsGenie configurations. |
pagerdutyConfigs []PagerDutyConfig |
List of PagerDuty configurations. |
discordConfigs []DiscordConfig |
List of Slack configurations. |
slackConfigs []SlackConfig |
List of Slack configurations. |
webhookConfigs []WebhookConfig |
List of webhook configurations. |
wechatConfigs []WeChatConfig |
List of WeChat configurations. |
emailConfigs []EmailConfig |
List of Email configurations. |
victoropsConfigs []VictorOpsConfig |
List of VictorOps configurations. |
pushoverConfigs []PushoverConfig |
List of Pushover configurations. |
snsConfigs []SNSConfig |
List of SNS configurations |
telegramConfigs []TelegramConfig |
List of Telegram configurations. |
webexConfigs []WebexConfig |
List of Webex configurations. |
msteamsConfigs []MSTeamsConfig |
List of MSTeams configurations. It requires Alertmanager >= 0.26.0. |
Route
(Appears on:AlertmanagerConfigSpec)
Route defines a node in the routing tree.
Field | Description |
---|---|
receiver string |
(Optional)
Name of the receiver for this route. If not empty, it should be listed in
the |
groupBy []string |
(Optional)
List of labels to group by. Labels must not be repeated (unique list). Special label “…” (aggregate by all possible labels), if provided, must be the only element in the list. |
groupWait string |
(Optional)
How long to wait before sending the initial notification.
Must match the regular expression |
groupInterval string |
(Optional)
How long to wait before sending an updated notification.
Must match the regular expression |
repeatInterval string |
(Optional)
How long to wait before repeating the last notification.
Must match the regular expression |
matchers []Matcher |
(Optional)
List of matchers that the alert’s labels should match. For the first
level route, the operator removes any existing equality and regexp
matcher on the |
continue bool |
(Optional)
Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. |
routes []k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON |
Child routes. |
muteTimeIntervals []string |
(Optional)
Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn’t support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can’t validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of TimeInterval names that will mute this route when matched. |
activeTimeIntervals []string |
(Optional)
ActiveTimeIntervals is a list of TimeInterval names when this route should be active. |
SNSConfig
(Appears on:Receiver)
SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiURL string |
(Optional)
The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used. |
sigv4 Sigv4 |
(Optional)
Configures AWS’s Signature Verification 4 signing process to sign requests. |
topicARN string |
(Optional)
SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don’t specify this value, you must specify a value for the PhoneNumber or TargetARN. |
subject string |
(Optional)
Subject line when the message is delivered to email endpoints. |
phoneNumber string |
(Optional)
Phone number if message is delivered via SMS in E.164 format. If you don’t specify this value, you must specify a value for the TopicARN or TargetARN. |
targetARN string |
(Optional)
The mobile platform endpoint ARN if message is delivered via mobile notifications. If you don’t specify this value, you must specify a value for the topic_arn or PhoneNumber. |
message string |
(Optional)
The message content of the SNS notification. |
attributes map[string]string |
(Optional)
SNS message attributes. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
SecretKeySelector
(Appears on:EmailConfig, HTTPConfig, OpsGenieConfig, PagerDutyConfig, PushoverConfig, SlackConfig, TelegramConfig, VictorOpsConfig, WeChatConfig, WebhookConfig)
SecretKeySelector selects a key of a Secret.
Field | Description |
---|---|
name string |
The name of the secret in the object’s namespace to select from. |
key string |
The key of the secret to select from. Must be a valid secret key. |
SlackAction
(Appears on:SlackConfig)
SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.
Field | Description |
---|---|
type string |
|
text string |
|
url string |
(Optional) |
style string |
(Optional) |
name string |
(Optional) |
value string |
(Optional) |
confirm SlackConfirmationField |
(Optional) |
SlackConfig
(Appears on:Receiver)
SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiURL SecretKeySelector |
(Optional)
The secret’s key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
channel string |
(Optional)
The channel or user to send notifications to. |
username string |
(Optional) |
color string |
(Optional) |
title string |
(Optional) |
titleLink string |
(Optional) |
pretext string |
(Optional) |
text string |
(Optional) |
fields []SlackField |
(Optional)
A list of Slack fields that are sent with each notification. |
shortFields bool |
(Optional) |
footer string |
(Optional) |
fallback string |
(Optional) |
callbackId string |
(Optional) |
iconEmoji string |
(Optional) |
iconURL string |
(Optional) |
imageURL string |
(Optional) |
thumbURL string |
(Optional) |
linkNames bool |
(Optional) |
mrkdwnIn []string |
(Optional) |
actions []SlackAction |
(Optional)
A list of Slack actions that are sent with each notification. |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
SlackConfirmationField
(Appears on:SlackAction)
SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.
Field | Description |
---|---|
text string |
|
title string |
(Optional) |
okText string |
(Optional) |
dismissText string |
(Optional) |
SlackField
(Appears on:SlackConfig)
SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.
Field | Description |
---|---|
title string |
|
value string |
|
short bool |
(Optional) |
TelegramConfig
(Appears on:Receiver)
TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether to notify about resolved alerts. |
apiURL string |
(Optional)
The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used. |
botToken SecretKeySelector |
(Optional)
Telegram bot token. It is mutually exclusive with Either |
botTokenFile string |
(Optional)
File to read the Telegram bot token from. It is mutually exclusive with It requires Alertmanager >= v0.26.0. |
chatID int64 |
The Telegram chat ID. |
messageThreadID int64 |
(Optional)
The Telegram Group Topic ID. It requires Alertmanager >= 0.26.0. |
message string |
(Optional)
Message template |
disableNotifications bool |
(Optional)
Disable telegram notifications |
parseMode string |
(Optional)
Parse mode for telegram message |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
Time
(string
alias)
(Appears on:TimeRange)
Time defines a time in 24hr format
TimeInterval
(Appears on:AlertmanagerConfigSpec)
TimeInterval specifies the periods in time when notifications will be muted or active.
Field | Description |
---|---|
name string |
Name of the time interval. |
timeIntervals []TimePeriod |
TimeIntervals is a list of TimePeriod. |
TimePeriod
(Appears on:TimeInterval)
TimePeriod describes periods of time.
Field | Description |
---|---|
times []TimeRange |
(Optional)
Times is a list of TimeRange |
weekdays []WeekdayRange |
(Optional)
Weekdays is a list of WeekdayRange |
daysOfMonth []DayOfMonthRange |
(Optional)
DaysOfMonth is a list of DayOfMonthRange |
months []MonthRange |
(Optional)
Months is a list of MonthRange |
years []YearRange |
(Optional)
Years is a list of YearRange |
TimeRange
(Appears on:TimePeriod)
TimeRange defines a start and end time in 24hr format
Field | Description |
---|---|
startTime Time |
StartTime is the start time in 24hr format. |
endTime Time |
EndTime is the end time in 24hr format. |
URL
(string
alias)
(Appears on:WebexConfig)
URL represents a valid URL
VictorOpsConfig
(Appears on:Receiver)
VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiKey SecretKeySelector |
(Optional)
The secret’s key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
apiUrl string |
(Optional)
The VictorOps API URL. |
routingKey string |
(Optional)
A key used to map the alert to a team. |
messageType string |
(Optional)
Describes the behavior of the alert (CRITICAL, WARNING, INFO). |
entityDisplayName string |
(Optional)
Contains summary of the alerted problem. |
stateMessage string |
(Optional)
Contains long explanation of the alerted problem. |
monitoringTool string |
(Optional)
The monitoring tool the state message is from. |
customFields []KeyValue |
(Optional)
Additional custom fields for notification. |
httpConfig HTTPConfig |
(Optional)
The HTTP client’s configuration. |
WeChatConfig
(Appears on:Receiver)
WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
apiSecret SecretKeySelector |
(Optional)
The secret’s key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |
apiURL string |
(Optional)
The WeChat API URL. |
corpID string |
(Optional)
The corp id for authentication. |
agentID string |
(Optional) |
toUser string |
(Optional) |
toParty string |
(Optional) |
toTag string |
(Optional) |
message string |
API request data as defined by the WeChat API. |
messageType string |
(Optional) |
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
WebexConfig
(Appears on:Receiver)
WebexConfig configures notification via Cisco Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether to notify about resolved alerts. |
apiURL URL |
(Optional)
The Webex Teams API URL i.e. https://webexapis.com/v1/messages |
httpConfig HTTPConfig |
The HTTP client’s configuration.
You must use this configuration to supply the bot token as part of the HTTP |
message string |
(Optional)
Message template |
roomID string |
ID of the Webex Teams room where to send the messages. |
WebhookConfig
(Appears on:Receiver)
WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config
Field | Description |
---|---|
sendResolved bool |
(Optional)
Whether or not to notify about resolved alerts. |
url string |
(Optional)
The URL to send HTTP POST requests to. |
urlSecret SecretKeySelector |
(Optional)
The secret’s key that contains the webhook URL to send HTTP requests to.
|
httpConfig HTTPConfig |
(Optional)
HTTP client configuration. |
maxAlerts int32 |
(Optional)
Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. |
Weekday
(string
alias)
Weekday is day of the week
Value | Description |
---|---|
"friday" |
|
"monday" |
|
"saturday" |
|
"sunday" |
|
"thursday" |
|
"tuesday" |
|
"wednesday" |
WeekdayRange
(string
alias)
(Appears on:TimePeriod)
WeekdayRange is an inclusive range of days of the week beginning on Sunday Days can be specified by name (e.g ‘Sunday’) or as an inclusive range (e.g ‘Monday:Friday’)
YearRange
(string
alias)
(Appears on:TimePeriod)
YearRange is an inclusive range of years