API reference

This page is automatically generated with gen-crd-api-reference-docs.

Packages:

monitoring.coreos.com/v1

Resource Types:

Alertmanager

The Alertmanager custom resource definition (CRD) defines a desired Alertmanager setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.

For each Alertmanager resource, the Operator deploys a StatefulSet in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.

The resource defines via label and namespace selectors which AlertmanagerConfig objects should be associated to the deployed Alertmanager instances.

Field Description
apiVersion
string
monitoring.coreos.com/v1
kind
string
Alertmanager
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AlertmanagerSpec

Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status



podMetadata
EmbeddedObjectMetadata

PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.

The following items are reserved and cannot be overridden: * “alertmanager” label, set to the name of the Alertmanager instance. * “app.kubernetes.io/instance” label, set to the name of the Alertmanager instance. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “alertmanager”. * “app.kubernetes.io/version” label, set to the Alertmanager version. * “kubectl.kubernetes.io/default-container” annotation, set to “alertmanager”.

image
string

Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured.

imagePullPolicy
Kubernetes core/v1.PullPolicy

Image pull policy for the ‘alertmanager’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

version
string

Version the cluster should be on.

tag
string

Tag of Alertmanager container image to be deployed. Defaults to the value of version. Version is ignored if Tag is set. Deprecated: use ‘image’ instead. The image tag can be specified as part of the image URL.

sha
string

SHA of Alertmanager container image to be deployed. Defaults to the value of version. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ‘image’ instead. The image digest can be specified as part of the image URL.

baseImage
string

Base image that is used to deploy pods, without tag. Deprecated: use ‘image’ instead.

imagePullSecrets
[]Kubernetes core/v1.LocalObjectReference

An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

secrets
[]string

Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each Secret is added to the StatefulSet definition as a volume named secret-<secret-name>. The Secrets are mounted into /etc/alertmanager/secrets/<secret-name> in the ‘alertmanager’ container.

configMaps
[]string

ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each ConfigMap is added to the StatefulSet definition as a volume named configmap-<configmap-name>. The ConfigMaps are mounted into /etc/alertmanager/configmaps/<configmap-name> in the ‘alertmanager’ container.

configSecret
string

ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to alertmanager-<alertmanager-name>.

The Alertmanager configuration should be available under the alertmanager.yaml key. Additional keys from the original secret are copied to the generated secret and mounted into the /etc/alertmanager/config directory in the alertmanager container.

If either the secret or the alertmanager.yaml key is missing, the operator provisions a minimal Alertmanager configuration with one empty receiver (effectively dropping alert notifications).

logLevel
string

Log level for Alertmanager to be configured with.

logFormat
string

Log format for Alertmanager to be configured with.

replicas
int32

Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size.

retention
GoDuration

Time duration Alertmanager shall retain data for. Default is ‘120h’, and must match the regular expression [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).

storage
StorageSpec

Storage is the definition of how storage will be used by the Alertmanager instances.

volumes
[]Kubernetes core/v1.Volume

Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumeMounts
[]Kubernetes core/v1.VolumeMount

VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects.

persistentVolumeClaimRetentionPolicy
Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy
(Optional)

The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.

externalUrl
string

The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name.

routePrefix
string

The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.

paused
bool

If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions.

nodeSelector
map[string]string

Define which Nodes the Pods are scheduled on.

resources
Kubernetes core/v1.ResourceRequirements

Define resources requests and limits for single Pods.

affinity
Kubernetes core/v1.Affinity

If specified, the pod’s scheduling constraints.

tolerations
[]Kubernetes core/v1.Toleration

If specified, the pod’s tolerations.

topologySpreadConstraints
[]Kubernetes core/v1.TopologySpreadConstraint

If specified, the pod’s topology spread constraints.

securityContext
Kubernetes core/v1.PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

dnsPolicy
DNSPolicy
(Optional)

Defines the DNS policy for the pods.

dnsConfig
PodDNSConfig
(Optional)

Defines the DNS configuration for the pods.

serviceAccountName
string

ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.

listenLocal
bool

ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication.

containers
[]Kubernetes core/v1.Container

Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: alertmanager and config-reloader. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers
[]Kubernetes core/v1.Container

InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: init-config-reloader. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

priorityClassName
string

Priority class assigned to the Pods

additionalPeers
[]string

AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.

clusterAdvertiseAddress
string

ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 1 addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918

clusterGossipInterval
GoDuration

Interval between gossip attempts.

clusterLabel
string

Defines the identifier that uniquely identifies the Alertmanager cluster. You should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the .spec.additionalPeers field.

clusterPushpullInterval
GoDuration

Interval between pushpull attempts.

clusterPeerTimeout
GoDuration

Timeout for cluster peering.

portName
string

Port name used for the pods and governing service. Defaults to web.

forceEnableClusterMode
bool

ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.

alertmanagerConfigSelector
Kubernetes meta/v1.LabelSelector

AlertmanagerConfigs to be selected for to merge and configure Alertmanager with.

alertmanagerConfigNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.

alertmanagerConfigMatcherStrategy
AlertmanagerConfigMatcherStrategy

AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects process incoming alerts.

minReadySeconds
uint32
(Optional)

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

hostAliases
[]HostAlias

Pods’ hostAliases configuration

web
AlertmanagerWebSpec

Defines the web command line flags when starting Alertmanager.

alertmanagerConfiguration
AlertmanagerConfiguration
(Optional)

alertmanagerConfiguration specifies the configuration of Alertmanager.

If defined, it takes precedence over the configSecret field.

This is an experimental feature, it may change in any upcoming release in a breaking way.

automountServiceAccountToken
bool
(Optional)

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the service account has automountServiceAccountToken: true, set the field to false to opt out of automounting API credentials.

enableFeatures
[]string
(Optional)

Enable access to Alertmanager feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

It requires Alertmanager >= 0.27.0.

status
AlertmanagerStatus

Most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodMonitor

The PodMonitor custom resource definition (CRD) defines how Prometheus and PrometheusAgent can scrape metrics from a group of pods. Among other things, it allows to specify: * The pods to scrape via label selectors. * The container ports to scrape. * Authentication credentials to use. * Target and metric relabeling.

Prometheus and PrometheusAgent objects select PodMonitor objects using label and namespace selectors.

Field Description
apiVersion
string
monitoring.coreos.com/v1
kind
string
PodMonitor
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
PodMonitorSpec

Specification of desired Pod selection for target discovery by Prometheus.



jobLabel
string

The label to use to retrieve the job name from. jobLabel selects the label from the associated Kubernetes Pod object which will be used as the job label for all metrics.

For example if jobLabel is set to foo and the Kubernetes Pod object is labeled with foo: bar, then Prometheus adds the job="bar" label to all ingested metrics.

If the value of this field is empty, the job label of the metrics defaults to the namespace and name of the PodMonitor object (e.g. <namespace>/<name>).

podTargetLabels
[]string

podTargetLabels defines the labels which are transferred from the associated Kubernetes Pod object onto the ingested metrics.

podMetricsEndpoints
[]PodMetricsEndpoint
(Optional)

Defines how to scrape metrics from the selected pods.

selector
Kubernetes meta/v1.LabelSelector

Label selector to select the Kubernetes Pod objects to scrape metrics from.

selectorMechanism
SelectorMechanism
(Optional)

Mechanism used to select the endpoints to scrape. By default, the selection process relies on relabel configurations to filter the discovered targets. Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. Which strategy is best for your use case needs to be carefully evaluated.

It requires Prometheus >= v2.17.0.

namespaceSelector
NamespaceSelector

namespaceSelector defines in which namespace(s) Prometheus should discover the pods. By default, the pods are discovered in the same namespace as the PodMonitor object but it is possible to select pods across different/all namespaces.

sampleLimit
uint64
(Optional)

sampleLimit defines a per-scrape limit on the number of scraped samples that will be accepted.

targetLimit
uint64
(Optional)

targetLimit defines a limit on the number of scraped targets that will be accepted.

scrapeProtocols
[]ScrapeProtocol
(Optional)

scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

fallbackScrapeProtocol
ScrapeProtocol
(Optional)

The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.

It requires Prometheus >= v3.0.0.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

scrapeClassicHistograms
bool
(Optional)

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

nativeHistogramBucketLimit
uint64
(Optional)

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

attachMetadata
AttachMetadata
(Optional)

attachMetadata defines additional metadata which is added to the discovered targets.

It requires Prometheus >= v2.35.0.

scrapeClass
string
(Optional)

The scrape class to apply.

bodySizeLimit
ByteSize
(Optional)

When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus.

It requires Prometheus >= v2.28.0.

Probe

The Probe custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the blackbox exporter.

The Probe resource needs 2 pieces of information: * The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects. * The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, …) as Prometheus metrics.

Prometheus and PrometheusAgent objects select Probe objects using label and namespace selectors.

Field Description
apiVersion
string
monitoring.coreos.com/v1
kind
string
Probe
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ProbeSpec

Specification of desired Ingress selection for target discovery by Prometheus.



jobName
string

The job name assigned to scraped metrics by default.

prober
ProberSpec

Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty.

module
string

The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml

targets
ProbeTargets

Targets defines a set of static or dynamically discovered targets to probe.

interval
Duration

Interval at which targets are probed using the configured prober. If not specified Prometheus’ global scrape interval is used.

scrapeTimeout
Duration

Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used.

tlsConfig
SafeTLSConfig

TLS configuration to use when scraping the endpoint.

bearerTokenSecret
Kubernetes core/v1.SecretKeySelector

Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator.

basicAuth
BasicAuth

BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint

oauth2
OAuth2

OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.

metricRelabelings
[]RelabelConfig

MetricRelabelConfigs to apply to samples before ingestion.

authorization
SafeAuthorization

Authorization section for this endpoint

sampleLimit
uint64
(Optional)

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

targetLimit
uint64
(Optional)

TargetLimit defines a limit on the number of scraped targets that will be accepted.

scrapeProtocols
[]ScrapeProtocol
(Optional)

scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

fallbackScrapeProtocol
ScrapeProtocol
(Optional)

The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.

It requires Prometheus >= v3.0.0.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

scrapeClassicHistograms
bool
(Optional)

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

nativeHistogramBucketLimit
uint64
(Optional)

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

scrapeClass
string
(Optional)

The scrape class to apply.

Prometheus

The Prometheus custom resource definition (CRD) defines a desired Prometheus setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.

For each Prometheus resource, the Operator deploys one or several StatefulSet objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.

The resource defines via label and namespace selectors which ServiceMonitor, PodMonitor, Probe and PrometheusRule objects should be associated to the deployed Prometheus instances.

The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed.

Field Description
apiVersion
string
monitoring.coreos.com/v1
kind
string
Prometheus
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
PrometheusSpec

Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status



podMetadata
EmbeddedObjectMetadata

PodMetadata configures labels and annotations which are propagated to the Prometheus pods.

The following items are reserved and cannot be overridden: * “prometheus” label, set to the name of the Prometheus object. * “app.kubernetes.io/instance” label, set to the name of the Prometheus object. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “prometheus”. * “app.kubernetes.io/version” label, set to the Prometheus version. * “operator.prometheus.io/name” label, set to the name of the Prometheus object. * “operator.prometheus.io/shard” label, set to the shard number of the Prometheus object. * “kubectl.kubernetes.io/default-container” annotation, set to “prometheus”.

serviceMonitorSelector
Kubernetes meta/v1.LabelSelector

ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

serviceMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

podMonitorSelector
Kubernetes meta/v1.LabelSelector

PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

podMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

probeSelector
Kubernetes meta/v1.LabelSelector

Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

probeNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

scrapeConfigSelector
Kubernetes meta/v1.LabelSelector
(Optional)

ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

scrapeConfigNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

version
string

Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files.

If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released.

paused
bool

When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.

image
string
(Optional)

Container image name for Prometheus. If specified, it takes precedence over the spec.baseImage, spec.tag and spec.sha fields.

Specifying spec.version is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured.

If neither spec.image nor spec.baseImage are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released.

imagePullPolicy
Kubernetes core/v1.PullPolicy

Image pull policy for the ‘prometheus’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

imagePullSecrets
[]Kubernetes core/v1.LocalObjectReference

An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

replicas
int32
(Optional)

Number of replicas of each shard to deploy for a Prometheus deployment. spec.replicas multiplied by spec.shards is the total number of Pods created.

Default: 1

shards
int32
(Optional)

Number of shards to distribute scraped targets onto.

spec.replicas multiplied by spec.shards is the total number of Pods being created.

When not defined, the operator assumes only one shard.

Note that scaling down shards will not reshard data onto the remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. Alerting and recording rules

By default, the sharding is performed on: * The __address__ target’s metadata label for PodMonitor, ServiceMonitor and ScrapeConfig resources. * The __param_target__ label for Probe resources.

Users can define their own sharding implementation by setting the __tmp_hash label during the target discovery with relabeling configuration (either in the monitoring resources or via scrape class).

replicaExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the replica name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus_replica”

prometheusExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the Prometheus instance name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus”

logLevel
string

Log level for Prometheus and the config-reloader sidecar.

logFormat
string

Log format for Log level for Prometheus and the config-reloader sidecar.

scrapeInterval
Duration

Interval between consecutive scrapes.

Default: “30s”

scrapeTimeout
Duration

Number of seconds to wait until a scrape request times out.

scrapeProtocols
[]ScrapeProtocol
(Optional)

The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

PrometheusText1.0.0 requires Prometheus >= v3.0.0.

externalLabels
map[string]string

The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by spec.replicaExternalLabelName and spec.prometheusExternalLabelName take precedence over this list.

enableRemoteWriteReceiver
bool

Enable Prometheus to be used as a receiver for the Prometheus remote write protocol.

WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver

It requires Prometheus >= v2.33.0.

enableOTLPReceiver
bool
(Optional)

Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.

Note that the OTLP receiver endpoint is automatically enabled if .spec.otlpConfig is defined.

It requires Prometheus >= v2.47.0.

remoteWriteReceiverMessageVersions
[]RemoteWriteMessageVersion
(Optional)

List of the protobuf message versions to accept when receiving the remote writes.

It requires Prometheus >= v2.54.0.

enableFeatures
[]EnableFeature
(Optional)

Enable access to Prometheus feature flags. By default, no features are enabled.

Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/

externalUrl
string

The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource).

routePrefix
string

The route prefix Prometheus registers HTTP handlers for.

This is useful when using spec.externalURL, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.

storage
StorageSpec

Storage defines the storage used by Prometheus.

volumes
[]Kubernetes core/v1.Volume

Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumeMounts
[]Kubernetes core/v1.VolumeMount

VolumeMounts allows the configuration of additional VolumeMounts.

VolumeMounts will be appended to other VolumeMounts in the ‘prometheus’ container, that are generated as a result of StorageSpec objects.

persistentVolumeClaimRetentionPolicy
Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy
(Optional)

The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.

web
PrometheusWebSpec

Defines the configuration of the Prometheus web server.

resources
Kubernetes core/v1.ResourceRequirements

Defines the resources requests and limits of the ‘prometheus’ container.

nodeSelector
map[string]string

Defines on which Nodes the Pods are scheduled.

serviceAccountName
string

ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.

automountServiceAccountToken
bool
(Optional)

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn’t set, the operator mounts the service account token by default.

Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container.

secrets
[]string

Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each Secret is added to the StatefulSet definition as a volume named secret-<secret-name>. The Secrets are mounted into /etc/prometheus/secrets/ in the ‘prometheus’ container.

configMaps
[]string

ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named configmap-<configmap-name>. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the ‘prometheus’ container.

affinity
Kubernetes core/v1.Affinity
(Optional)

Defines the Pods’ affinity scheduling rules if specified.

tolerations
[]Kubernetes core/v1.Toleration
(Optional)

Defines the Pods’ tolerations if specified.

topologySpreadConstraints
[]TopologySpreadConstraint
(Optional)

Defines the pod’s topology spread constraints if specified.

remoteWrite
[]RemoteWriteSpec
(Optional)

Defines the list of remote write configurations.

otlp
OTLPConfig
(Optional)

Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0.

securityContext
Kubernetes core/v1.PodSecurityContext
(Optional)

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

dnsPolicy
DNSPolicy
(Optional)

Defines the DNS policy for the pods.

dnsConfig
PodDNSConfig
(Optional)

Defines the DNS configuration for the pods.

listenLocal
bool

When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address.

containers
[]Kubernetes core/v1.Container
(Optional)

Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch.

The names of containers managed by the operator are: * prometheus * config-reloader * thanos-sidecar

Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers
[]Kubernetes core/v1.Container
(Optional)

InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch.

The names of init container name managed by the operator are: * init-config-reloader.

Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

additionalScrapeConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.

apiserverConfig
APIServerConfig
(Optional)

APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.

priorityClassName
string

Priority class assigned to the Pods.

portName
string

Port name used for the pods and governing service. Default: “web”

arbitraryFSAccessThroughSMs
ArbitraryFSAccessThroughSMsConfig

When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the ‘prometheus’ container. When a ServiceMonitor’s endpoint specifies a bearerTokenFile value (e.g. ‘/var/run/secrets/kubernetes.io/serviceaccount/token’), a malicious target can get access to the Prometheus service account’s token in the Prometheus’ scrape request. Setting spec.arbitraryFSAccessThroughSM to ‘true’ would prevent the attack. Users should instead provide the credentials using the spec.bearerTokenSecret field.

overrideHonorLabels
bool

When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to “exported_” for all targets created from ServiceMonitor, PodMonitor and ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies. In practice,overrideHonorLaels:true enforces honorLabels:false for all ServiceMonitor, PodMonitor and ScrapeConfig objects.

overrideHonorTimestamps
bool

When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies.

ignoreNamespaceSelectors
bool

When true, spec.namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object.

enforcedNamespaceLabel
string

When not empty, a label will be added to:

  1. All metrics scraped from ServiceMonitor, PodMonitor, Probe and ScrapeConfig objects.
  2. All metrics generated from recording rules defined in PrometheusRule objects.
  3. All alerts generated from alerting rules defined in PrometheusRule objects.
  4. All vector selectors of PromQL expressions defined in PrometheusRule objects.

The label will not added for objects referenced in spec.excludedFromEnforcement.

The label’s name is this field’s value. The label’s value is the namespace of the ServiceMonitor, PodMonitor, Probe, PrometheusRule or ScrapeConfig object.

enforcedSampleLimit
uint64
(Optional)

When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any spec.sampleLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.sampleLimit is greater than zero and less than spec.enforcedSampleLimit.

It is meant to be used by admins to keep the overall number of samples/series under a desired limit.

When both enforcedSampleLimit and sampleLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedSampleLimit is greater than the sampleLimit, the sampleLimit will be set to enforcedSampleLimit. * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.

enforcedTargetLimit
uint64
(Optional)

When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any spec.targetLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.targetLimit is greater than zero and less than spec.enforcedTargetLimit.

It is meant to be used by admins to to keep the overall number of targets under a desired limit.

When both enforcedTargetLimit and targetLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedTargetLimit is greater than the targetLimit, the targetLimit will be set to enforcedTargetLimit. * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.

enforcedLabelLimit
uint64
(Optional)

When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any spec.labelLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelLimit is greater than zero and less than spec.enforcedLabelLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelLimit and labelLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelLimit is greater than the labelLimit, the labelLimit will be set to enforcedLabelLimit. * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.

enforcedLabelNameLengthLimit
uint64
(Optional)

When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any spec.labelNameLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelNameLengthLimit is greater than zero and less than spec.enforcedLabelNameLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelNameLengthLimit and labelNameLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelNameLengthLimit is greater than the labelNameLengthLimit, the labelNameLengthLimit will be set to enforcedLabelNameLengthLimit. * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.

enforcedLabelValueLengthLimit
uint64
(Optional)

When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any spec.labelValueLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelValueLengthLimit is greater than zero and less than spec.enforcedLabelValueLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelValueLengthLimit and labelValueLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelValueLengthLimit is greater than the labelValueLengthLimit, the labelValueLengthLimit will be set to enforcedLabelValueLengthLimit. * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.

enforcedKeepDroppedTargets
uint64
(Optional)

When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets is greater than zero and less than spec.enforcedKeepDroppedTargets.

It requires Prometheus >= v2.47.0.

When both enforcedKeepDroppedTargets and keepDroppedTargets are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedKeepDroppedTargets is greater than the keepDroppedTargets, the keepDroppedTargets will be set to enforcedKeepDroppedTargets. * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.

enforcedBodySizeLimit
ByteSize

When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail.

It requires Prometheus >= v2.28.0.

When both enforcedBodySizeLimit and bodySizeLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedBodySizeLimit is greater than the bodySizeLimit, the bodySizeLimit will be set to enforcedBodySizeLimit. * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.

nameValidationScheme
NameValidationSchemeOptions
(Optional)

Specifies the validation scheme for metric and label names.

minReadySeconds
uint32
(Optional)

Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

hostAliases
[]HostAlias
(Optional)

Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified.

additionalArgs
[]Argument
(Optional)

AdditionalArgs allows setting additional arguments for the ‘prometheus’ container.

It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version.

In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.

walCompression
bool
(Optional)

Configures compression of the write-ahead log (WAL) using Snappy.

WAL compression is enabled by default for Prometheus >= 2.20.0

Requires Prometheus v2.11.0 and above.

excludedFromEnforcement
[]ObjectReference
(Optional)

List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin.

It is only applicable if spec.enforcedNamespaceLabel set to true.

hostNetwork
bool

Use the host’s network namespace if true.

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set to a different value).

podTargetLabels
[]string
(Optional)

PodTargetLabels are appended to the spec.podTargetLabels field of all PodMonitor and ServiceMonitor objects.

tracingConfig
PrometheusTracingConfig
(Optional)

TracingConfig configures tracing in Prometheus.

This is an experimental feature, it may change in any upcoming release in a breaking way.

bodySizeLimit
ByteSize
(Optional)

BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.

sampleLimit
uint64
(Optional)

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.

targetLimit
uint64
(Optional)

TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.

reloadStrategy
ReloadStrategyType
(Optional)

Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint.

maximumStartupDurationSeconds
int32
(Optional)

Defines the maximum time that the prometheus container’s startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).

scrapeClasses
[]ScrapeClass

List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

This is an experimental feature, it may change in any upcoming release in a breaking way.

serviceDiscoveryRole
ServiceDiscoveryRole
(Optional)

Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.

If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role.

tsdb
TSDBSpec
(Optional)

Defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

runtime
RuntimeConfig
(Optional)

RuntimeConfig configures the values for the Prometheus process behavior

baseImage
string

Deprecated: use ‘spec.image’ instead.

tag
string

Deprecated: use ‘spec.image’ instead. The image’s tag can be specified as part of the image name.

sha
string

Deprecated: use ‘spec.image’ instead. The image’s digest can be specified as part of the image name.

retention
Duration

How long to retain the Prometheus data.

Default: “24h” if spec.retention and spec.retentionSize are empty.

retentionSize
ByteSize

Maximum number of bytes used by the Prometheus data.

disableCompaction
bool

When true, the Prometheus compaction is disabled. When spec.thanos.objectStorageConfig or spec.objectStorageConfigFile are defined, the operator automatically disables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends).

rules
Rules

Defines the configuration of the Prometheus rules’ engine.

prometheusRulesExcludedFromEnforce
[]PrometheusRuleExcludeConfig
(Optional)

Defines the list of PrometheusRule objects to which the namespace label enforcement doesn’t apply. This is only relevant when spec.enforcedNamespaceLabel is set to true. Deprecated: use spec.excludedFromEnforcement instead.

ruleSelector
Kubernetes meta/v1.LabelSelector
(Optional)

PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects.

ruleNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

query
QuerySpec
(Optional)

QuerySpec defines the configuration of the Promethus query service.

alerting
AlertingSpec
(Optional)

Defines the settings related to Alertmanager.

additionalAlertRelabelConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation:

https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs

The user is responsible for making sure that the configurations are valid

Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.

additionalAlertManagerConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation:

https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config

The user is responsible for making sure that the configurations are valid

Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.

remoteRead
[]RemoteReadSpec
(Optional)

Defines the list of remote read configurations.

thanos
ThanosSpec
(Optional)

Defines the configuration of the optional Thanos sidecar.

queryLogFile
string

queryLogFile specifies where the file to which PromQL queries are logged.

If the filename has an empty path, e.g. ‘query.log’, The Prometheus Pods will mount the file into an emptyDir volume at /var/log/prometheus. If a full path is provided, e.g. ‘/var/log/prometheus/query.log’, you must mount a volume in the specified directory and it must be writable. This is because the prometheus container runs with a read-only root filesystem for security reasons. Alternatively, the location can be set to a standard I/O stream, e.g. /dev/stdout, to log query information to the default Prometheus log stream.

allowOverlappingBlocks
bool

AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus.

Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.

exemplars
Exemplars
(Optional)

Exemplars related settings that are runtime reloadable. It requires to enable the exemplar-storage feature flag to be effective.

evaluationInterval
Duration

Interval between rule evaluations. Default: “30s”

ruleQueryOffset
Duration
(Optional)

Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. It requires Prometheus >= v2.53.0.

enableAdminAPI
bool

Enables access to the Prometheus web admin API.

WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so.

For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis

status
PrometheusStatus

Most recent observed status of the Prometheus cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PrometheusRule

The PrometheusRule custom resource definition (CRD) defines alerting and recording rules to be evaluated by Prometheus or ThanosRuler objects.

Prometheus and ThanosRuler objects select PrometheusRule objects using label and namespace selectors.

Field Description
apiVersion
string
monitoring.coreos.com/v1
kind
string
PrometheusRule
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
PrometheusRuleSpec

Specification of desired alerting rule definitions for Prometheus.



groups
[]RuleGroup

Content of Prometheus rule file

ServiceMonitor

The ServiceMonitor custom resource definition (CRD) defines how Prometheus and PrometheusAgent can scrape metrics from a group of services. Among other things, it allows to specify: * The services to scrape via label selectors. * The container ports to scrape. * Authentication credentials to use. * Target and metric relabeling.

Prometheus and PrometheusAgent objects select ServiceMonitor objects using label and namespace selectors.

Field Description
apiVersion
string
monitoring.coreos.com/v1
kind
string
ServiceMonitor
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ServiceMonitorSpec

Specification of desired Service selection for target discovery by Prometheus.



jobLabel
string

jobLabel selects the label from the associated Kubernetes Service object which will be used as the job label for all metrics.

For example if jobLabel is set to foo and the Kubernetes Service object is labeled with foo: bar, then Prometheus adds the job="bar" label to all ingested metrics.

If the value of this field is empty or if the label doesn’t exist for the given Service, the job label of the metrics defaults to the name of the associated Kubernetes Service.

targetLabels
[]string
(Optional)

targetLabels defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

podTargetLabels
[]string
(Optional)

podTargetLabels defines the labels which are transferred from the associated Kubernetes Pod object onto the ingested metrics.

endpoints
[]Endpoint

List of endpoints part of this ServiceMonitor. Defines how to scrape metrics from Kubernetes Endpoints objects. In most cases, an Endpoints object is backed by a Kubernetes Service object with the same name and labels.

selector
Kubernetes meta/v1.LabelSelector

Label selector to select the Kubernetes Endpoints objects to scrape metrics from.

selectorMechanism
SelectorMechanism
(Optional)

Mechanism used to select the endpoints to scrape. By default, the selection process relies on relabel configurations to filter the discovered targets. Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. Which strategy is best for your use case needs to be carefully evaluated.

It requires Prometheus >= v2.17.0.

namespaceSelector
NamespaceSelector

namespaceSelector defines in which namespace(s) Prometheus should discover the services. By default, the services are discovered in the same namespace as the ServiceMonitor object but it is possible to select pods across different/all namespaces.

sampleLimit
uint64
(Optional)

sampleLimit defines a per-scrape limit on the number of scraped samples that will be accepted.

scrapeProtocols
[]ScrapeProtocol
(Optional)

scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

fallbackScrapeProtocol
ScrapeProtocol
(Optional)

The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.

It requires Prometheus >= v3.0.0.

targetLimit
uint64
(Optional)

targetLimit defines a limit on the number of scraped targets that will be accepted.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

scrapeClassicHistograms
bool
(Optional)

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

nativeHistogramBucketLimit
uint64
(Optional)

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

attachMetadata
AttachMetadata
(Optional)

attachMetadata defines additional metadata which is added to the discovered targets.

It requires Prometheus >= v2.37.0.

scrapeClass
string
(Optional)

The scrape class to apply.

bodySizeLimit
ByteSize
(Optional)

When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus.

It requires Prometheus >= v2.28.0.

ThanosRuler

The ThanosRuler custom resource definition (CRD) defines a desired Thanos Ruler setup to run in a Kubernetes cluster.

A ThanosRuler instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).

The resource defines via label and namespace selectors which PrometheusRule objects should be associated to the deployed Thanos Ruler instances.

Field Description
apiVersion
string
monitoring.coreos.com/v1
kind
string
ThanosRuler
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ThanosRulerSpec

Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status



version
string
(Optional)

Version of Thanos to be deployed.

podMetadata
EmbeddedObjectMetadata
(Optional)

PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.

The following items are reserved and cannot be overridden: * “app.kubernetes.io/name” label, set to “thanos-ruler”. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/instance” label, set to the name of the ThanosRuler instance. * “thanos-ruler” label, set to the name of the ThanosRuler instance. * “kubectl.kubernetes.io/default-container” annotation, set to “thanos-ruler”.

image
string

Thanos container image URL.

imagePullPolicy
Kubernetes core/v1.PullPolicy

Image pull policy for the ‘thanos’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

imagePullSecrets
[]Kubernetes core/v1.LocalObjectReference
(Optional)

An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

paused
bool

When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects.

replicas
int32
(Optional)

Number of thanos ruler instances to deploy.

nodeSelector
map[string]string
(Optional)

Define which Nodes the Pods are scheduled on.

resources
Kubernetes core/v1.ResourceRequirements

Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set

affinity
Kubernetes core/v1.Affinity
(Optional)

If specified, the pod’s scheduling constraints.

tolerations
[]Kubernetes core/v1.Toleration
(Optional)

If specified, the pod’s tolerations.

topologySpreadConstraints
[]Kubernetes core/v1.TopologySpreadConstraint
(Optional)

If specified, the pod’s topology spread constraints.

securityContext
Kubernetes core/v1.PodSecurityContext
(Optional)

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

dnsPolicy
DNSPolicy
(Optional)

Defines the DNS policy for the pods.

dnsConfig
PodDNSConfig
(Optional)

Defines the DNS configuration for the pods.

priorityClassName
string

Priority class assigned to the Pods

serviceAccountName
string

ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods.

storage
StorageSpec
(Optional)

Storage spec to specify how storage shall be used.

volumes
[]Kubernetes core/v1.Volume
(Optional)

Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumeMounts
[]Kubernetes core/v1.VolumeMount
(Optional)

VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the ruler container, that are generated as a result of StorageSpec objects.

objectStorageConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures object storage.

The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage

The operator performs no validation of the configuration.

objectStorageConfigFile takes precedence over this field.

objectStorageConfigFile
string
(Optional)

Configures the path of the object storage configuration file.

The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage

The operator performs no validation of the configuration file.

This field takes precedence over objectStorageConfig.

listenLocal
bool

ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP.

queryEndpoints
[]string
(Optional)

Configures the list of Thanos Query endpoints from which to query metrics.

For Thanos >= v0.11.0, it is recommended to use queryConfig instead.

queryConfig takes precedence over this field.

queryConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures the list of Thanos Query endpoints from which to query metrics.

The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api

It requires Thanos >= v0.11.0.

The operator performs no validation of the configuration.

This field takes precedence over queryEndpoints.

alertmanagersUrl
[]string
(Optional)

Configures the list of Alertmanager endpoints to send alerts to.

For Thanos >= v0.10.0, it is recommended to use alertmanagersConfig instead.

alertmanagersConfig takes precedence over this field.

alertmanagersConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures the list of Alertmanager endpoints to send alerts to.

The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager.

It requires Thanos >= v0.10.0.

The operator performs no validation of the configuration.

This field takes precedence over alertmanagersUrl.

ruleSelector
Kubernetes meta/v1.LabelSelector
(Optional)

PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects.

ruleNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used.

enforcedNamespaceLabel
string

EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.

excludedFromEnforcement
[]ObjectReference
(Optional)

List of references to PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true.

prometheusRulesExcludedFromEnforce
[]PrometheusRuleExcludeConfig
(Optional)

PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair Deprecated: use excludedFromEnforcement instead.

logLevel
string

Log level for ThanosRuler to be configured with.

logFormat
string

Log format for ThanosRuler to be configured with.

portName
string

Port name used for the pods and governing service. Defaults to web.

evaluationInterval
Duration

Interval between consecutive evaluations.

retention
Duration

Time duration ThanosRuler shall retain data for. Default is ‘24h’, and must match the regular expression [0-9]+(ms|s|m|h|d|w|y) (milliseconds seconds minutes hours days weeks years).

containers
[]Kubernetes core/v1.Container
(Optional)

Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: thanos-ruler and config-reloader. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers
[]Kubernetes core/v1.Container
(Optional)

InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

tracingConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures tracing.

The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration

This is an experimental feature, it may change in any upcoming release in a breaking way.

The operator performs no validation of the configuration.

tracingConfigFile takes precedence over this field.

tracingConfigFile
string
(Optional)

Configures the path of the tracing configuration file.

The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration

This is an experimental feature, it may change in any upcoming release in a breaking way.

The operator performs no validation of the configuration file.

This field takes precedence over tracingConfig.

labels
map[string]string
(Optional)

Configures the external label pairs of the ThanosRuler resource.

A default replica label thanos_ruler_replica will be always added as a label with the value of the pod’s name.

alertDropLabels
[]string
(Optional)

Configures the label names which should be dropped in Thanos Ruler alerts.

The replica label thanos_ruler_replica will always be dropped from the alerts.

externalPrefix
string

The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name.

routePrefix
string

The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path.

grpcServerTlsConfig
TLSConfig
(Optional)

GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ‘–grpc-server-tls-*’ CLI args.

alertQueryUrl
string

The external Query URL the Thanos Ruler will set in the ‘Source’ field of all alerts. Maps to the ‘–alert.query-url’ CLI arg.

minReadySeconds
uint32
(Optional)

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

alertRelabelConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures alert relabeling in Thanos Ruler.

Alert relabel configuration must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs

The operator performs no validation of the configuration.

alertRelabelConfigFile takes precedence over this field.

alertRelabelConfigFile
string
(Optional)

Configures the path to the alert relabeling configuration file.

Alert relabel configuration must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs

The operator performs no validation of the configuration file.

This field takes precedence over alertRelabelConfig.

hostAliases
[]HostAlias

Pods’ hostAliases configuration

additionalArgs
[]Argument
(Optional)

AdditionalArgs allows setting additional arguments for the ThanosRuler container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the ThanosRuler container which may cause issues if they are invalid or not supported by the given ThanosRuler version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged.

web
ThanosRulerWebSpec
(Optional)

Defines the configuration of the ThanosRuler web server.

status
ThanosRulerStatus

Most recent observed status of the ThanosRuler cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

APIServerConfig

(Appears on:CommonPrometheusFields)

APIServerConfig defines how the Prometheus server connects to the Kubernetes API server.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config

Field Description
host
string

Kubernetes API address consisting of a hostname or IP address followed by an optional port number.

basicAuth
BasicAuth
(Optional)

BasicAuth configuration for the API server.

Cannot be set at the same time as authorization, bearerToken, or bearerTokenFile.

bearerTokenFile
string

File to read bearer token for accessing apiserver.

Cannot be set at the same time as basicAuth, authorization, or bearerToken.

Deprecated: this will be removed in a future release. Prefer using authorization.

tlsConfig
TLSConfig
(Optional)

TLS Config to use for the API server.

authorization
Authorization
(Optional)

Authorization section for the API server.

Cannot be set at the same time as basicAuth, bearerToken, or bearerTokenFile.

bearerToken
string

Warning: this field shouldn’t be used because the token value appears in clear-text. Prefer using authorization.

Deprecated: this will be removed in a future release.

AdditionalLabelSelectors (string alias)

(Appears on:TopologySpreadConstraint)

Value Description

"OnResource"

Automatically add a label selector that will select all pods matching the same Prometheus/PrometheusAgent resource (irrespective of their shards).

"OnShard"

Automatically add a label selector that will select all pods matching the same shard.

AlertingSpec

(Appears on:PrometheusSpec)

AlertingSpec defines parameters for alerting configuration of Prometheus servers.

Field Description
alertmanagers
[]AlertmanagerEndpoints

Alertmanager endpoints where Prometheus should send alerts to.

AlertmanagerAPIVersion (string alias)

(Appears on:AlertmanagerEndpoints)

Value Description

"V1"

"V2"

AlertmanagerConfigMatcherStrategy

(Appears on:AlertmanagerSpec)

Field Description
type
AlertmanagerConfigMatcherStrategyType

AlertmanagerConfigMatcherStrategyType defines the strategy used by AlertmanagerConfig objects to match alerts in the routes and inhibition rules.

The default value is OnNamespace.

AlertmanagerConfigMatcherStrategyType (string alias)

(Appears on:AlertmanagerConfigMatcherStrategy)

Value Description

"None"

With None, the route and inhbition rules of an AlertmanagerConfig object process all incoming alerts.

"OnNamespace"

With OnNamespace, the route and inhibition rules of an AlertmanagerConfig object only process alerts that have a namespace label equal to the namespace of the object.

AlertmanagerConfiguration

(Appears on:AlertmanagerSpec)

AlertmanagerConfiguration defines the Alertmanager configuration.

Field Description
name
string

The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. It must be defined in the same namespace as the Alertmanager object. The operator will not enforce a namespace label for routes and inhibition rules.

global
AlertmanagerGlobalConfig
(Optional)

Defines the global parameters of the Alertmanager configuration.

templates
[]SecretOrConfigMap
(Optional)

Custom notification templates.

AlertmanagerEndpoints

(Appears on:AlertingSpec)

AlertmanagerEndpoints defines a selection of a single Endpoints object containing Alertmanager IPs to fire alerts against.

Field Description
namespace
string
(Optional)

Namespace of the Endpoints object.

If not set, the object will be discovered in the namespace of the Prometheus object.

name
string

Name of the Endpoints object in the namespace.

port
k8s.io/apimachinery/pkg/util/intstr.IntOrString

Port on which the Alertmanager API is exposed.

scheme
string

Scheme to use when firing alerts.

pathPrefix
string

Prefix for the HTTP path alerts are pushed to.

tlsConfig
TLSConfig
(Optional)

TLS Config to use for Alertmanager.

basicAuth
BasicAuth
(Optional)

BasicAuth configuration for Alertmanager.

Cannot be set at the same time as bearerTokenFile, authorization or sigv4.

bearerTokenFile
string

File to read bearer token for Alertmanager.

Cannot be set at the same time as basicAuth, authorization, or sigv4.

Deprecated: this will be removed in a future release. Prefer using authorization.

authorization
SafeAuthorization
(Optional)

Authorization section for Alertmanager.

Cannot be set at the same time as basicAuth, bearerTokenFile or sigv4.

sigv4
Sigv4
(Optional)

Sigv4 allows to configures AWS’s Signature Verification 4 for the URL.

It requires Prometheus >= v2.48.0.

Cannot be set at the same time as basicAuth, bearerTokenFile or authorization.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

apiVersion
AlertmanagerAPIVersion
(Optional)

Version of the Alertmanager API that Prometheus uses to send alerts. It can be “V1” or “V2”. The field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported.

timeout
Duration
(Optional)

Timeout is a per-target Alertmanager timeout when pushing alerts.

enableHttp2
bool
(Optional)

Whether to enable HTTP2.

relabelings
[]RelabelConfig
(Optional)

Relabel configuration applied to the discovered Alertmanagers.

alertRelabelings
[]RelabelConfig
(Optional)

Relabeling configs applied before sending alerts to a specific Alertmanager. It requires Prometheus >= v2.51.0.

AlertmanagerGlobalConfig

(Appears on:AlertmanagerConfiguration)

AlertmanagerGlobalConfig configures parameters that are valid in all other configuration contexts. See https://prometheus.io/docs/alerting/latest/configuration/#configuration-file

Field Description
smtp
GlobalSMTPConfig
(Optional)

Configures global SMTP parameters.

resolveTimeout
Duration

ResolveTimeout is the default value used by alertmanager if the alert does not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. This has no impact on alerts from Prometheus, as they always include EndsAt.

httpConfig
HTTPConfig

HTTP client configuration.

slackApiUrl
Kubernetes core/v1.SecretKeySelector

The default Slack API URL.

opsGenieApiUrl
Kubernetes core/v1.SecretKeySelector

The default OpsGenie API URL.

opsGenieApiKey
Kubernetes core/v1.SecretKeySelector

The default OpsGenie API Key.

pagerdutyUrl
string

The default Pagerduty URL.

AlertmanagerSpec

(Appears on:Alertmanager)

AlertmanagerSpec is a specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Field Description
podMetadata
EmbeddedObjectMetadata

PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.

The following items are reserved and cannot be overridden: * “alertmanager” label, set to the name of the Alertmanager instance. * “app.kubernetes.io/instance” label, set to the name of the Alertmanager instance. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “alertmanager”. * “app.kubernetes.io/version” label, set to the Alertmanager version. * “kubectl.kubernetes.io/default-container” annotation, set to “alertmanager”.

image
string

Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured.

imagePullPolicy
Kubernetes core/v1.PullPolicy

Image pull policy for the ‘alertmanager’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

version
string

Version the cluster should be on.

tag
string

Tag of Alertmanager container image to be deployed. Defaults to the value of version. Version is ignored if Tag is set. Deprecated: use ‘image’ instead. The image tag can be specified as part of the image URL.

sha
string

SHA of Alertmanager container image to be deployed. Defaults to the value of version. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ‘image’ instead. The image digest can be specified as part of the image URL.

baseImage
string

Base image that is used to deploy pods, without tag. Deprecated: use ‘image’ instead.

imagePullSecrets
[]Kubernetes core/v1.LocalObjectReference

An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

secrets
[]string

Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each Secret is added to the StatefulSet definition as a volume named secret-<secret-name>. The Secrets are mounted into /etc/alertmanager/secrets/<secret-name> in the ‘alertmanager’ container.

configMaps
[]string

ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each ConfigMap is added to the StatefulSet definition as a volume named configmap-<configmap-name>. The ConfigMaps are mounted into /etc/alertmanager/configmaps/<configmap-name> in the ‘alertmanager’ container.

configSecret
string

ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to alertmanager-<alertmanager-name>.

The Alertmanager configuration should be available under the alertmanager.yaml key. Additional keys from the original secret are copied to the generated secret and mounted into the /etc/alertmanager/config directory in the alertmanager container.

If either the secret or the alertmanager.yaml key is missing, the operator provisions a minimal Alertmanager configuration with one empty receiver (effectively dropping alert notifications).

logLevel
string

Log level for Alertmanager to be configured with.

logFormat
string

Log format for Alertmanager to be configured with.

replicas
int32

Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size.

retention
GoDuration

Time duration Alertmanager shall retain data for. Default is ‘120h’, and must match the regular expression [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).

storage
StorageSpec

Storage is the definition of how storage will be used by the Alertmanager instances.

volumes
[]Kubernetes core/v1.Volume

Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumeMounts
[]Kubernetes core/v1.VolumeMount

VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects.

persistentVolumeClaimRetentionPolicy
Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy
(Optional)

The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.

externalUrl
string

The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name.

routePrefix
string

The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.

paused
bool

If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions.

nodeSelector
map[string]string

Define which Nodes the Pods are scheduled on.

resources
Kubernetes core/v1.ResourceRequirements

Define resources requests and limits for single Pods.

affinity
Kubernetes core/v1.Affinity

If specified, the pod’s scheduling constraints.

tolerations
[]Kubernetes core/v1.Toleration

If specified, the pod’s tolerations.

topologySpreadConstraints
[]Kubernetes core/v1.TopologySpreadConstraint

If specified, the pod’s topology spread constraints.

securityContext
Kubernetes core/v1.PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

dnsPolicy
DNSPolicy
(Optional)

Defines the DNS policy for the pods.

dnsConfig
PodDNSConfig
(Optional)

Defines the DNS configuration for the pods.

serviceAccountName
string

ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.

listenLocal
bool

ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication.

containers
[]Kubernetes core/v1.Container

Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: alertmanager and config-reloader. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers
[]Kubernetes core/v1.Container

InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: init-config-reloader. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

priorityClassName
string

Priority class assigned to the Pods

additionalPeers
[]string

AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.

clusterAdvertiseAddress
string

ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 1 addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918

clusterGossipInterval
GoDuration

Interval between gossip attempts.

clusterLabel
string

Defines the identifier that uniquely identifies the Alertmanager cluster. You should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the .spec.additionalPeers field.

clusterPushpullInterval
GoDuration

Interval between pushpull attempts.

clusterPeerTimeout
GoDuration

Timeout for cluster peering.

portName
string

Port name used for the pods and governing service. Defaults to web.

forceEnableClusterMode
bool

ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.

alertmanagerConfigSelector
Kubernetes meta/v1.LabelSelector

AlertmanagerConfigs to be selected for to merge and configure Alertmanager with.

alertmanagerConfigNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.

alertmanagerConfigMatcherStrategy
AlertmanagerConfigMatcherStrategy

AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects process incoming alerts.

minReadySeconds
uint32
(Optional)

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

hostAliases
[]HostAlias

Pods’ hostAliases configuration

web
AlertmanagerWebSpec

Defines the web command line flags when starting Alertmanager.

alertmanagerConfiguration
AlertmanagerConfiguration
(Optional)

alertmanagerConfiguration specifies the configuration of Alertmanager.

If defined, it takes precedence over the configSecret field.

This is an experimental feature, it may change in any upcoming release in a breaking way.

automountServiceAccountToken
bool
(Optional)

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the service account has automountServiceAccountToken: true, set the field to false to opt out of automounting API credentials.

enableFeatures
[]string
(Optional)

Enable access to Alertmanager feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

It requires Alertmanager >= 0.27.0.

AlertmanagerStatus

(Appears on:Alertmanager)

AlertmanagerStatus is the most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Field Description
paused
bool

Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.

replicas
int32

Total number of non-terminated pods targeted by this Alertmanager object (their labels match the selector).

updatedReplicas
int32

Total number of non-terminated pods targeted by this Alertmanager object that have the desired version spec.

availableReplicas
int32

Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster.

unavailableReplicas
int32

Total number of unavailable pods targeted by this Alertmanager object.

selector
string

The selector used to match the pods targeted by this Alertmanager object.

conditions
[]Condition
(Optional)

The current state of the Alertmanager object.

AlertmanagerWebSpec

(Appears on:AlertmanagerSpec)

AlertmanagerWebSpec defines the web command line flags when starting Alertmanager.

Field Description
tlsConfig
WebTLSConfig

Defines the TLS parameters for HTTPS.

httpConfig
WebHTTPConfig

Defines HTTP parameters for web server.

getConcurrency
uint32
(Optional)

Maximum number of GET requests processed concurrently. This corresponds to the Alertmanager’s --web.get-concurrency flag.

timeout
uint32
(Optional)

Timeout for HTTP requests. This corresponds to the Alertmanager’s --web.timeout flag.

ArbitraryFSAccessThroughSMsConfig

(Appears on:CommonPrometheusFields)

ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service monitor selected by the Prometheus instance is allowed to use arbitrary files on the file system of the Prometheus container. This is the case when e.g. a service monitor specifies a BearerTokenFile in an endpoint. A malicious user could create a service monitor selecting arbitrary secret files in the Prometheus container. Those secrets would then be sent with a scrape request by Prometheus to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.

Field Description
deny
bool

Argument

(Appears on:CommonPrometheusFields, ThanosRulerSpec, ThanosSpec)

Argument as part of the AdditionalArgs list.

Field Description
name
string

Name of the argument, e.g. “scrape.discovery-reload-interval”.

value
string

Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. –storage.tsdb.no-lockfile)

AttachMetadata

(Appears on:PodMonitorSpec, ScrapeClass, ServiceMonitorSpec)

Field Description
node
bool
(Optional)

When set to true, Prometheus attaches node metadata to the discovered targets.

The Prometheus service account must have the list and watch permissions on the Nodes objects.

Authorization

(Appears on:APIServerConfig, RemoteReadSpec, RemoteWriteSpec, ScrapeClass)

Field Description
type
string

Defines the authentication type. The value is case-insensitive.

“Basic” is not a supported value.

Default: “Bearer”

credentials
Kubernetes core/v1.SecretKeySelector

Selects a key of a Secret in the namespace that contains the credentials for authentication.

credentialsFile
string

File to read a secret from, mutually exclusive with credentials.

AuthorizationValidationError

AuthorizationValidationError is returned by Authorization.Validate() on semantically invalid configurations.

Field Description
err
string

AzureAD

(Appears on:RemoteWriteSpec)

AzureAD defines the configuration for remote write’s azuread parameters.

Field Description
cloud
string
(Optional)

The Azure Cloud. Options are ‘AzurePublic’, ‘AzureChina’, or ‘AzureGovernment’.

managedIdentity
ManagedIdentity
(Optional)

ManagedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as oauth or sdk.

oauth
AzureOAuth
(Optional)

OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as managedIdentity or sdk.

It requires Prometheus >= v2.48.0.

sdk
AzureSDK
(Optional)

SDK defines the Azure SDK config that is being used to authenticate. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as oauth or managedIdentity.

It requires Prometheus >= 2.52.0.

AzureOAuth

(Appears on:AzureAD)

AzureOAuth defines the Azure OAuth settings.

Field Description
clientId
string

clientID is the clientId of the Azure Active Directory application that is being used to authenticate.

clientSecret
Kubernetes core/v1.SecretKeySelector

clientSecret specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.

tenantId
string

tenantId is the tenant ID of the Azure Active Directory application that is being used to authenticate.

AzureSDK

(Appears on:AzureAD)

AzureSDK is used to store azure SDK config values.

Field Description
tenantId
string
(Optional)

tenantId is the tenant ID of the azure active directory application that is being used to authenticate.

BasicAuth

(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)

BasicAuth configures HTTP Basic Authentication settings.

Field Description
username
Kubernetes core/v1.SecretKeySelector

username specifies a key of a Secret containing the username for authentication.

password
Kubernetes core/v1.SecretKeySelector

password specifies a key of a Secret containing the password for authentication.

ByteSize (string alias)

(Appears on:CommonPrometheusFields, PodMonitorSpec, PrometheusSpec, ServiceMonitorSpec)

ByteSize is a valid memory size type based on powers-of-2, so 1KB is 1024B. Supported units: B, KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB Ex: 512MB.

CommonPrometheusFields

(Appears on:PrometheusSpec, PrometheusAgentSpec)

CommonPrometheusFields are the options available to both the Prometheus server and agent.

Field Description
podMetadata
EmbeddedObjectMetadata

PodMetadata configures labels and annotations which are propagated to the Prometheus pods.

The following items are reserved and cannot be overridden: * “prometheus” label, set to the name of the Prometheus object. * “app.kubernetes.io/instance” label, set to the name of the Prometheus object. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “prometheus”. * “app.kubernetes.io/version” label, set to the Prometheus version. * “operator.prometheus.io/name” label, set to the name of the Prometheus object. * “operator.prometheus.io/shard” label, set to the shard number of the Prometheus object. * “kubectl.kubernetes.io/default-container” annotation, set to “prometheus”.

serviceMonitorSelector
Kubernetes meta/v1.LabelSelector

ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

serviceMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

podMonitorSelector
Kubernetes meta/v1.LabelSelector

PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

podMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

probeSelector
Kubernetes meta/v1.LabelSelector

Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

probeNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

scrapeConfigSelector
Kubernetes meta/v1.LabelSelector
(Optional)

ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

scrapeConfigNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

version
string

Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files.

If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released.

paused
bool

When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.

image
string
(Optional)

Container image name for Prometheus. If specified, it takes precedence over the spec.baseImage, spec.tag and spec.sha fields.

Specifying spec.version is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured.

If neither spec.image nor spec.baseImage are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released.

imagePullPolicy
Kubernetes core/v1.PullPolicy

Image pull policy for the ‘prometheus’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

imagePullSecrets
[]Kubernetes core/v1.LocalObjectReference

An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

replicas
int32
(Optional)

Number of replicas of each shard to deploy for a Prometheus deployment. spec.replicas multiplied by spec.shards is the total number of Pods created.

Default: 1

shards
int32
(Optional)

Number of shards to distribute scraped targets onto.

spec.replicas multiplied by spec.shards is the total number of Pods being created.

When not defined, the operator assumes only one shard.

Note that scaling down shards will not reshard data onto the remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. Alerting and recording rules

By default, the sharding is performed on: * The __address__ target’s metadata label for PodMonitor, ServiceMonitor and ScrapeConfig resources. * The __param_target__ label for Probe resources.

Users can define their own sharding implementation by setting the __tmp_hash label during the target discovery with relabeling configuration (either in the monitoring resources or via scrape class).

replicaExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the replica name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus_replica”

prometheusExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the Prometheus instance name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus”

logLevel
string

Log level for Prometheus and the config-reloader sidecar.

logFormat
string

Log format for Log level for Prometheus and the config-reloader sidecar.

scrapeInterval
Duration

Interval between consecutive scrapes.

Default: “30s”

scrapeTimeout
Duration

Number of seconds to wait until a scrape request times out.

scrapeProtocols
[]ScrapeProtocol
(Optional)

The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

PrometheusText1.0.0 requires Prometheus >= v3.0.0.

externalLabels
map[string]string

The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by spec.replicaExternalLabelName and spec.prometheusExternalLabelName take precedence over this list.

enableRemoteWriteReceiver
bool

Enable Prometheus to be used as a receiver for the Prometheus remote write protocol.

WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver

It requires Prometheus >= v2.33.0.

enableOTLPReceiver
bool
(Optional)

Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.

Note that the OTLP receiver endpoint is automatically enabled if .spec.otlpConfig is defined.

It requires Prometheus >= v2.47.0.

remoteWriteReceiverMessageVersions
[]RemoteWriteMessageVersion
(Optional)

List of the protobuf message versions to accept when receiving the remote writes.

It requires Prometheus >= v2.54.0.

enableFeatures
[]EnableFeature
(Optional)

Enable access to Prometheus feature flags. By default, no features are enabled.

Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/

externalUrl
string

The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource).

routePrefix
string

The route prefix Prometheus registers HTTP handlers for.

This is useful when using spec.externalURL, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.

storage
StorageSpec

Storage defines the storage used by Prometheus.

volumes
[]Kubernetes core/v1.Volume

Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumeMounts
[]Kubernetes core/v1.VolumeMount

VolumeMounts allows the configuration of additional VolumeMounts.

VolumeMounts will be appended to other VolumeMounts in the ‘prometheus’ container, that are generated as a result of StorageSpec objects.

persistentVolumeClaimRetentionPolicy
Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy
(Optional)

The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.

web
PrometheusWebSpec

Defines the configuration of the Prometheus web server.

resources
Kubernetes core/v1.ResourceRequirements

Defines the resources requests and limits of the ‘prometheus’ container.

nodeSelector
map[string]string

Defines on which Nodes the Pods are scheduled.

serviceAccountName
string

ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.

automountServiceAccountToken
bool
(Optional)

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn’t set, the operator mounts the service account token by default.

Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container.

secrets
[]string

Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each Secret is added to the StatefulSet definition as a volume named secret-<secret-name>. The Secrets are mounted into /etc/prometheus/secrets/ in the ‘prometheus’ container.

configMaps
[]string

ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named configmap-<configmap-name>. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the ‘prometheus’ container.

affinity
Kubernetes core/v1.Affinity
(Optional)

Defines the Pods’ affinity scheduling rules if specified.

tolerations
[]Kubernetes core/v1.Toleration
(Optional)

Defines the Pods’ tolerations if specified.

topologySpreadConstraints
[]TopologySpreadConstraint
(Optional)

Defines the pod’s topology spread constraints if specified.

remoteWrite
[]RemoteWriteSpec
(Optional)

Defines the list of remote write configurations.

otlp
OTLPConfig
(Optional)

Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0.

securityContext
Kubernetes core/v1.PodSecurityContext
(Optional)

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

dnsPolicy
DNSPolicy
(Optional)

Defines the DNS policy for the pods.

dnsConfig
PodDNSConfig
(Optional)

Defines the DNS configuration for the pods.

listenLocal
bool

When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address.

containers
[]Kubernetes core/v1.Container
(Optional)

Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch.

The names of containers managed by the operator are: * prometheus * config-reloader * thanos-sidecar

Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers
[]Kubernetes core/v1.Container
(Optional)

InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch.

The names of init container name managed by the operator are: * init-config-reloader.

Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

additionalScrapeConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.

apiserverConfig
APIServerConfig
(Optional)

APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.

priorityClassName
string

Priority class assigned to the Pods.

portName
string

Port name used for the pods and governing service. Default: “web”

arbitraryFSAccessThroughSMs
ArbitraryFSAccessThroughSMsConfig

When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the ‘prometheus’ container. When a ServiceMonitor’s endpoint specifies a bearerTokenFile value (e.g. ‘/var/run/secrets/kubernetes.io/serviceaccount/token’), a malicious target can get access to the Prometheus service account’s token in the Prometheus’ scrape request. Setting spec.arbitraryFSAccessThroughSM to ‘true’ would prevent the attack. Users should instead provide the credentials using the spec.bearerTokenSecret field.

overrideHonorLabels
bool

When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to “exported_” for all targets created from ServiceMonitor, PodMonitor and ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies. In practice,overrideHonorLaels:true enforces honorLabels:false for all ServiceMonitor, PodMonitor and ScrapeConfig objects.

overrideHonorTimestamps
bool

When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies.

ignoreNamespaceSelectors
bool

When true, spec.namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object.

enforcedNamespaceLabel
string

When not empty, a label will be added to:

  1. All metrics scraped from ServiceMonitor, PodMonitor, Probe and ScrapeConfig objects.
  2. All metrics generated from recording rules defined in PrometheusRule objects.
  3. All alerts generated from alerting rules defined in PrometheusRule objects.
  4. All vector selectors of PromQL expressions defined in PrometheusRule objects.

The label will not added for objects referenced in spec.excludedFromEnforcement.

The label’s name is this field’s value. The label’s value is the namespace of the ServiceMonitor, PodMonitor, Probe, PrometheusRule or ScrapeConfig object.

enforcedSampleLimit
uint64
(Optional)

When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any spec.sampleLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.sampleLimit is greater than zero and less than spec.enforcedSampleLimit.

It is meant to be used by admins to keep the overall number of samples/series under a desired limit.

When both enforcedSampleLimit and sampleLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedSampleLimit is greater than the sampleLimit, the sampleLimit will be set to enforcedSampleLimit. * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.

enforcedTargetLimit
uint64
(Optional)

When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any spec.targetLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.targetLimit is greater than zero and less than spec.enforcedTargetLimit.

It is meant to be used by admins to to keep the overall number of targets under a desired limit.

When both enforcedTargetLimit and targetLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedTargetLimit is greater than the targetLimit, the targetLimit will be set to enforcedTargetLimit. * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.

enforcedLabelLimit
uint64
(Optional)

When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any spec.labelLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelLimit is greater than zero and less than spec.enforcedLabelLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelLimit and labelLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelLimit is greater than the labelLimit, the labelLimit will be set to enforcedLabelLimit. * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.

enforcedLabelNameLengthLimit
uint64
(Optional)

When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any spec.labelNameLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelNameLengthLimit is greater than zero and less than spec.enforcedLabelNameLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelNameLengthLimit and labelNameLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelNameLengthLimit is greater than the labelNameLengthLimit, the labelNameLengthLimit will be set to enforcedLabelNameLengthLimit. * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.

enforcedLabelValueLengthLimit
uint64
(Optional)

When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any spec.labelValueLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelValueLengthLimit is greater than zero and less than spec.enforcedLabelValueLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelValueLengthLimit and labelValueLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelValueLengthLimit is greater than the labelValueLengthLimit, the labelValueLengthLimit will be set to enforcedLabelValueLengthLimit. * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.

enforcedKeepDroppedTargets
uint64
(Optional)

When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets is greater than zero and less than spec.enforcedKeepDroppedTargets.

It requires Prometheus >= v2.47.0.

When both enforcedKeepDroppedTargets and keepDroppedTargets are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedKeepDroppedTargets is greater than the keepDroppedTargets, the keepDroppedTargets will be set to enforcedKeepDroppedTargets. * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.

enforcedBodySizeLimit
ByteSize

When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail.

It requires Prometheus >= v2.28.0.

When both enforcedBodySizeLimit and bodySizeLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedBodySizeLimit is greater than the bodySizeLimit, the bodySizeLimit will be set to enforcedBodySizeLimit. * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.

nameValidationScheme
NameValidationSchemeOptions
(Optional)

Specifies the validation scheme for metric and label names.

minReadySeconds
uint32
(Optional)

Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

hostAliases
[]HostAlias
(Optional)

Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified.

additionalArgs
[]Argument
(Optional)

AdditionalArgs allows setting additional arguments for the ‘prometheus’ container.

It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version.

In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.

walCompression
bool
(Optional)

Configures compression of the write-ahead log (WAL) using Snappy.

WAL compression is enabled by default for Prometheus >= 2.20.0

Requires Prometheus v2.11.0 and above.

excludedFromEnforcement
[]ObjectReference
(Optional)

List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin.

It is only applicable if spec.enforcedNamespaceLabel set to true.

hostNetwork
bool

Use the host’s network namespace if true.

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set to a different value).

podTargetLabels
[]string
(Optional)

PodTargetLabels are appended to the spec.podTargetLabels field of all PodMonitor and ServiceMonitor objects.

tracingConfig
PrometheusTracingConfig
(Optional)

TracingConfig configures tracing in Prometheus.

This is an experimental feature, it may change in any upcoming release in a breaking way.

bodySizeLimit
ByteSize
(Optional)

BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.

sampleLimit
uint64
(Optional)

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.

targetLimit
uint64
(Optional)

TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.

reloadStrategy
ReloadStrategyType
(Optional)

Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint.

maximumStartupDurationSeconds
int32
(Optional)

Defines the maximum time that the prometheus container’s startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).

scrapeClasses
[]ScrapeClass

List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

This is an experimental feature, it may change in any upcoming release in a breaking way.

serviceDiscoveryRole
ServiceDiscoveryRole
(Optional)

Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.

If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role.

tsdb
TSDBSpec
(Optional)

Defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

runtime
RuntimeConfig
(Optional)

RuntimeConfig configures the values for the Prometheus process behavior

Condition

(Appears on:AlertmanagerStatus, PrometheusStatus, ThanosRulerStatus)

Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource.

Field Description
type
ConditionType

Type of the condition being reported.

status
ConditionStatus

Status of the condition.

lastTransitionTime
Kubernetes meta/v1.Time

lastTransitionTime is the time of the last update to the current status property.

reason
string
(Optional)

Reason for the condition’s last transition.

message
string
(Optional)

Human-readable message indicating details for the condition’s last transition.

observedGeneration
int64

ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

ConditionStatus (string alias)

(Appears on:Condition)

Value Description

"Degraded"

"False"

"True"

"Unknown"

ConditionType (string alias)

(Appears on:Condition)

Value Description

"Available"

Available indicates whether enough pods are ready to provide the service. The possible status values for this condition type are: - True: all pods are running and ready, the service is fully available. - Degraded: some pods aren’t ready, the service is partially available. - False: no pods are running, the service is totally unavailable. - Unknown: the operator couldn’t determine the condition status.

"Reconciled"

Reconciled indicates whether the operator has reconciled the state of the underlying resources with the object’s spec. The possible status values for this condition type are: - True: the reconciliation was successful. - False: the reconciliation failed. - Unknown: the operator couldn’t determine the condition status.

CoreV1TopologySpreadConstraint

(Appears on:TopologySpreadConstraint)

Field Description
maxSkew
int32

MaxSkew describes the degree to which pods may be unevenly distributed. When whenUnsatisfiable=DoNotSchedule, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When whenUnsatisfiable=ScheduleAnyway, it is used to give higher precedence to topologies that satisfy it. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey
string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a “bucket”, and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is “kubernetes.io/hostname”, each Node is a domain of that topology. And, if TopologyKey is “topology.kubernetes.io/zone”, each zone is a domain of that topology. It’s a required field.

whenUnsatisfiable
Kubernetes core/v1.UnsatisfiableConstraintAction

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered “Unsatisfiable” for an incoming pod if and only if every possible node assignment for that pod would violate “MaxSkew” on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won’t make it more imbalanced. It’s a required field.

labelSelector
Kubernetes meta/v1.LabelSelector
(Optional)

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

minDomains
int32
(Optional)

MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats “global minimum” as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won’t schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.

For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so “global minimum” is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.

nodeAffinityPolicy
Kubernetes core/v1.NodeInclusionPolicy
(Optional)

NodeAffinityPolicy indicates how we will treat Pod’s nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.

If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.

nodeTaintsPolicy
Kubernetes core/v1.NodeInclusionPolicy
(Optional)

NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.

If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.

matchLabelKeys
[]string
(Optional)

MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn’t set. Keys that don’t exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.

This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).

DNSPolicy (string alias)

(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)

DNSPolicy specifies the DNS policy for the pod.

Value Description

"ClusterFirst"

DNSClusterFirst indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.

"ClusterFirstWithHostNet"

DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.

"Default"

DNSDefault indicates that the pod should use the default (as determined by kubelet) DNS settings.

"None"

DNSNone indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.

Duration (string alias)

(Appears on:AlertmanagerEndpoints, AlertmanagerGlobalConfig, CommonPrometheusFields, Endpoint, MetadataConfig, PodMetricsEndpoint, ProbeSpec, PrometheusSpec, PrometheusTracingConfig, QuerySpec, QueueConfig, RemoteReadSpec, RemoteWriteSpec, Rule, RuleGroup, TSDBSpec, ThanosRulerSpec, ThanosSpec, AzureSDConfig, ConsulSDConfig, DNSSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, FileSDConfig, GCESDConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OVHCloudSDConfig, OpenStackSDConfig, PuppetDBSDConfig, PushoverConfig, ScalewaySDConfig, ScrapeConfigSpec, PushoverConfig)

Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. Supported units: y, w, d, h, m, s, ms Examples: 30s, 1m, 1h20m15s, 15d

EmbeddedObjectMetadata

(Appears on:AlertmanagerSpec, CommonPrometheusFields, EmbeddedPersistentVolumeClaim, ThanosRulerSpec)

EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included.

Field Description
name
string
(Optional)

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

labels
map[string]string
(Optional)

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

annotations
map[string]string
(Optional)

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

EmbeddedPersistentVolumeClaim

(Appears on:StorageSpec)

EmbeddedPersistentVolumeClaim is an embedded version of k8s.io/api/core/v1.PersistentVolumeClaim. It contains TypeMeta and a reduced ObjectMeta.

Field Description
metadata
EmbeddedObjectMetadata

EmbeddedMetadata contains metadata relevant to an EmbeddedResource.

spec
Kubernetes core/v1.PersistentVolumeClaimSpec
(Optional)

Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims



accessModes
[]Kubernetes core/v1.PersistentVolumeAccessMode
(Optional)

accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1

selector
Kubernetes meta/v1.LabelSelector
(Optional)

selector is a label query over volumes to consider for binding.

resources
Kubernetes core/v1.VolumeResourceRequirements
(Optional)

resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources

volumeName
string
(Optional)

volumeName is the binding reference to the PersistentVolume backing this claim.

storageClassName
string
(Optional)

storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1

volumeMode
Kubernetes core/v1.PersistentVolumeMode
(Optional)

volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.

dataSource
Kubernetes core/v1.TypedLocalObjectReference
(Optional)

dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.

dataSourceRef
Kubernetes core/v1.TypedObjectReference
(Optional)

dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn’t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn’t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.

volumeAttributesClassName
string
(Optional)

volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it’s not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).

status
Kubernetes core/v1.PersistentVolumeClaimStatus
(Optional)

Deprecated: this field is never set.

EnableFeature (string alias)

(Appears on:CommonPrometheusFields)

Endpoint

(Appears on:ServiceMonitorSpec)

Endpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.

Field Description
port
string

Name of the Service port which this endpoint refers to.

It takes precedence over targetPort.

targetPort
k8s.io/apimachinery/pkg/util/intstr.IntOrString
(Optional)

Name or number of the target port of the Pod object behind the Service. The port must be specified with the container’s port property.

path
string

HTTP path from which to scrape for metrics.

If empty, Prometheus uses the default value (e.g. /metrics).

scheme
string

HTTP scheme to use for scraping.

http and https are the expected values unless you rewrite the __scheme__ label via relabeling.

If empty, Prometheus uses the default value http.

params
map[string][]string

params define optional HTTP URL parameters.

interval
Duration

Interval at which Prometheus scrapes the metrics from the target.

If empty, Prometheus uses the global scrape interval.

scrapeTimeout
Duration

Timeout after which Prometheus considers the scrape to be failed.

If empty, Prometheus uses the global scrape timeout unless it is less than the target’s scrape interval value in which the latter is used.

tlsConfig
TLSConfig
(Optional)

TLS configuration to use when scraping the target.

bearerTokenFile
string

File to read bearer token for scraping the target.

Deprecated: use authorization instead.

bearerTokenSecret
Kubernetes core/v1.SecretKeySelector
(Optional)

bearerTokenSecret specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator.

Deprecated: use authorization instead.

authorization
SafeAuthorization
(Optional)

authorization configures the Authorization header credentials to use when scraping the target.

Cannot be set at the same time as basicAuth, or oauth2.

honorLabels
bool

When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.

honorTimestamps
bool
(Optional)

honorTimestamps controls whether Prometheus preserves the timestamps when exposed by the target.

trackTimestampsStaleness
bool
(Optional)

trackTimestampsStaleness defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if honorTimestamps is false.

It requires Prometheus >= v2.48.0.

basicAuth
BasicAuth
(Optional)

basicAuth configures the Basic Authentication credentials to use when scraping the target.

Cannot be set at the same time as authorization, or oauth2.

oauth2
OAuth2
(Optional)

oauth2 configures the OAuth2 settings to use when scraping the target.

It requires Prometheus >= 2.27.0.

Cannot be set at the same time as authorization, or basicAuth.

metricRelabelings
[]RelabelConfig
(Optional)

metricRelabelings configures the relabeling rules to apply to the samples before ingestion.

relabelings
[]RelabelConfig
(Optional)

relabelings configures the relabeling rules to apply the target’s metadata labels.

The Operator automatically adds relabelings for a few standard Kubernetes fields.

The original scrape job’s name is available via the __tmp_prometheus_job_name label.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

proxyUrl
string
(Optional)

proxyURL configures the HTTP Proxy URL (e.g. “http://proxyserver:2195”) to go through when scraping the target.

followRedirects
bool
(Optional)

followRedirects defines whether the scrape requests should follow HTTP 3xx redirects.

enableHttp2
bool
(Optional)

enableHttp2 can be used to disable HTTP2 when scraping the target.

filterRunning
bool
(Optional)

When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery.

If unset, the filtering is enabled.

More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase

Exemplars

(Appears on:PrometheusSpec)

Field Description
maxSize
int64
(Optional)

Maximum number of exemplars stored in memory for all series.

exemplar-storage itself must be enabled using the spec.enableFeature option for exemplars to be scraped in the first place.

If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage.

GlobalSMTPConfig

(Appears on:AlertmanagerGlobalConfig)

GlobalSMTPConfig configures global SMTP parameters. See https://prometheus.io/docs/alerting/latest/configuration/#configuration-file

Field Description
from
string
(Optional)

The default SMTP From header field.

smartHost
HostPort
(Optional)

The default SMTP smarthost used for sending emails.

hello
string
(Optional)

The default hostname to identify to the SMTP server.

authUsername
string
(Optional)

SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn’t authenticate to the SMTP server.

authPassword
Kubernetes core/v1.SecretKeySelector
(Optional)

SMTP Auth using LOGIN and PLAIN.

authIdentity
string
(Optional)

SMTP Auth using PLAIN

authSecret
Kubernetes core/v1.SecretKeySelector
(Optional)

SMTP Auth using CRAM-MD5.

requireTLS
bool
(Optional)

The default SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.

GoDuration (string alias)

(Appears on:AlertmanagerSpec)

GoDuration is a valid time duration that can be parsed by Go’s time.ParseDuration() function. Supported units: h, m, s, ms Examples: 45ms, 30s, 1m, 1h20m15s

HTTPConfig

(Appears on:AlertmanagerGlobalConfig)

HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config

Field Description
authorization
SafeAuthorization
(Optional)

Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.

basicAuth
BasicAuth
(Optional)

BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.

oauth2
OAuth2
(Optional)

OAuth2 client credentials used to fetch a token for the targets.

bearerTokenSecret
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the Alertmanager object and accessible by the Prometheus Operator.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration for the client.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

FollowRedirects specifies whether the client should follow HTTP 3xx redirects.

HostAlias

(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.

Field Description
ip
string

IP address of the host file entry.

hostnames
[]string

Hostnames for the above IP address.

HostPort

(Appears on:GlobalSMTPConfig)

HostPort represents a “host:port” network address.

Field Description
host
string

Defines the host’s address, it can be a DNS name or a literal IP address.

port
string

Defines the host’s port, it can be a literal port number or a port name.

LabelName (string alias)

(Appears on:RelabelConfig)

LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.

ManagedIdentity

(Appears on:AzureAD)

ManagedIdentity defines the Azure User-assigned Managed identity.

Field Description
clientId
string

The client id

MetadataConfig

(Appears on:RemoteWriteSpec)

MetadataConfig configures the sending of series metadata to the remote storage.

Field Description
send
bool

Defines whether metric metadata is sent to the remote storage or not.

sendInterval
Duration

Defines how frequently metric metadata is sent to the remote storage.

NameValidationSchemeOptions (string alias)

(Appears on:CommonPrometheusFields)

Specifies the validation scheme for metric and label names. Supported values are: * UTF8NameValidationScheme for UTF-8 support. * LegacyNameValidationScheme for letters, numbers, colons, and underscores.

Note that LegacyNameValidationScheme cannot be used along with the OpenTelemetry NoUTF8EscapingWithSuffixes translation strategy (if enabled).

Value Description

"Legacy"

"UTF8"

NamespaceSelector

(Appears on:PodMonitorSpec, ProbeTargetIngress, ServiceMonitorSpec)

NamespaceSelector is a selector for selecting either all namespaces or a list of namespaces. If any is true, it takes precedence over matchNames. If matchNames is empty and any is false, it means that the objects are selected from the current namespace.

Field Description
any
bool

Boolean describing whether all namespaces are selected in contrast to a list restricting them.

matchNames
[]string

List of namespace names to select from.

NativeHistogramConfig

(Appears on:PodMonitorSpec, ProbeSpec, ServiceMonitorSpec, ScrapeConfigSpec)

NativeHistogramConfig extends the native histogram configuration settings.

Field Description
scrapeClassicHistograms
bool
(Optional)

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

nativeHistogramBucketLimit
uint64
(Optional)

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

NonEmptyDuration (string alias)

(Appears on:Rule)

NonEmptyDuration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. Compared to Duration, NonEmptyDuration enforces a minimum length of 1. Supported units: y, w, d, h, m, s, ms Examples: 30s, 1m, 1h20m15s, 15d

OAuth2

(Appears on:Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)

OAuth2 configures OAuth2 settings.

Field Description
clientId
SecretOrConfigMap

clientId specifies a key of a Secret or ConfigMap containing the OAuth2 client’s ID.

clientSecret
Kubernetes core/v1.SecretKeySelector

clientSecret specifies a key of a Secret containing the OAuth2 client’s secret.

tokenUrl
string

tokenURL configures the URL to fetch the token from.

scopes
[]string

scopes defines the OAuth2 scopes used for the token request.

endpointParams
map[string]string
(Optional)

endpointParams configures the HTTP parameters to append to the token URL.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

OAuth2ValidationError

Field Description
err
string

OTLPConfig

(Appears on:CommonPrometheusFields)

OTLPConfig is the configuration for writing to the OTLP endpoint.

Field Description
promoteResourceAttributes
[]string
(Optional)

List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none.

translationStrategy
TranslationStrategyOption
(Optional)

Configures how the OTLP receiver endpoint translates the incoming metrics. If unset, Prometheus uses its default value.

It requires Prometheus >= v3.0.0.

ObjectReference

(Appears on:CommonPrometheusFields, ThanosRulerSpec)

ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.

Field Description
group
string
(Optional)

Group of the referent. When not specified, it defaults to monitoring.coreos.com

resource
string

Resource of the referent.

namespace
string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

name
string
(Optional)

Name of the referent. When not set, all resources in the namespace are matched.

PodDNSConfig

(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)

PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.

Field Description
nameservers
[]string

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy.

searches
[]string

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy.

options
[]PodDNSConfigOption

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Resolution options given in Options will override those that appear in the base DNSPolicy.

PodDNSConfigOption

(Appears on:PodDNSConfig)

PodDNSConfigOption defines DNS resolver options of a pod.

Field Description
name
string

Name is required and must be unique.

value
string

Value is optional.

PodMetricsEndpoint

(Appears on:PodMonitorSpec)

PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.

Field Description
port
string
(Optional)

The Pod port name which exposes the endpoint.

It takes precedence over the portNumber and targetPort fields.

portNumber
int32
(Optional)

The Pod port number which exposes the endpoint.

targetPort
k8s.io/apimachinery/pkg/util/intstr.IntOrString

Name or number of the target port of the Pod object behind the Service, the port must be specified with container port property.

Deprecated: use ‘port’ or ‘portNumber’ instead.

path
string

HTTP path from which to scrape for metrics.

If empty, Prometheus uses the default value (e.g. /metrics).

scheme
string

HTTP scheme to use for scraping.

http and https are the expected values unless you rewrite the __scheme__ label via relabeling.

If empty, Prometheus uses the default value http.

params
map[string][]string

params define optional HTTP URL parameters.

interval
Duration

Interval at which Prometheus scrapes the metrics from the target.

If empty, Prometheus uses the global scrape interval.

scrapeTimeout
Duration

Timeout after which Prometheus considers the scrape to be failed.

If empty, Prometheus uses the global scrape timeout unless it is less than the target’s scrape interval value in which the latter is used.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to use when scraping the target.

bearerTokenSecret
Kubernetes core/v1.SecretKeySelector
(Optional)

bearerTokenSecret specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator.

Deprecated: use authorization instead.

honorLabels
bool

When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.

honorTimestamps
bool
(Optional)

honorTimestamps controls whether Prometheus preserves the timestamps when exposed by the target.

trackTimestampsStaleness
bool
(Optional)

trackTimestampsStaleness defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if honorTimestamps is false.

It requires Prometheus >= v2.48.0.

basicAuth
BasicAuth
(Optional)

basicAuth configures the Basic Authentication credentials to use when scraping the target.

Cannot be set at the same time as authorization, or oauth2.

oauth2
OAuth2
(Optional)

oauth2 configures the OAuth2 settings to use when scraping the target.

It requires Prometheus >= 2.27.0.

Cannot be set at the same time as authorization, or basicAuth.

authorization
SafeAuthorization
(Optional)

authorization configures the Authorization header credentials to use when scraping the target.

Cannot be set at the same time as basicAuth, or oauth2.

metricRelabelings
[]RelabelConfig
(Optional)

metricRelabelings configures the relabeling rules to apply to the samples before ingestion.

relabelings
[]RelabelConfig
(Optional)

relabelings configures the relabeling rules to apply the target’s metadata labels.

The Operator automatically adds relabelings for a few standard Kubernetes fields.

The original scrape job’s name is available via the __tmp_prometheus_job_name label.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

proxyUrl
string
(Optional)

proxyURL configures the HTTP Proxy URL (e.g. “http://proxyserver:2195”) to go through when scraping the target.

followRedirects
bool
(Optional)

followRedirects defines whether the scrape requests should follow HTTP 3xx redirects.

enableHttp2
bool
(Optional)

enableHttp2 can be used to disable HTTP2 when scraping the target.

filterRunning
bool
(Optional)

When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery.

If unset, the filtering is enabled.

More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase

PodMonitorSpec

(Appears on:PodMonitor)

PodMonitorSpec contains specification parameters for a PodMonitor.

Field Description
jobLabel
string

The label to use to retrieve the job name from. jobLabel selects the label from the associated Kubernetes Pod object which will be used as the job label for all metrics.

For example if jobLabel is set to foo and the Kubernetes Pod object is labeled with foo: bar, then Prometheus adds the job="bar" label to all ingested metrics.

If the value of this field is empty, the job label of the metrics defaults to the namespace and name of the PodMonitor object (e.g. <namespace>/<name>).

podTargetLabels
[]string

podTargetLabels defines the labels which are transferred from the associated Kubernetes Pod object onto the ingested metrics.

podMetricsEndpoints
[]PodMetricsEndpoint
(Optional)

Defines how to scrape metrics from the selected pods.

selector
Kubernetes meta/v1.LabelSelector

Label selector to select the Kubernetes Pod objects to scrape metrics from.

selectorMechanism
SelectorMechanism
(Optional)

Mechanism used to select the endpoints to scrape. By default, the selection process relies on relabel configurations to filter the discovered targets. Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. Which strategy is best for your use case needs to be carefully evaluated.

It requires Prometheus >= v2.17.0.

namespaceSelector
NamespaceSelector

namespaceSelector defines in which namespace(s) Prometheus should discover the pods. By default, the pods are discovered in the same namespace as the PodMonitor object but it is possible to select pods across different/all namespaces.

sampleLimit
uint64
(Optional)

sampleLimit defines a per-scrape limit on the number of scraped samples that will be accepted.

targetLimit
uint64
(Optional)

targetLimit defines a limit on the number of scraped targets that will be accepted.

scrapeProtocols
[]ScrapeProtocol
(Optional)

scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

fallbackScrapeProtocol
ScrapeProtocol
(Optional)

The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.

It requires Prometheus >= v3.0.0.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

scrapeClassicHistograms
bool
(Optional)

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

nativeHistogramBucketLimit
uint64
(Optional)

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

attachMetadata
AttachMetadata
(Optional)

attachMetadata defines additional metadata which is added to the discovered targets.

It requires Prometheus >= v2.35.0.

scrapeClass
string
(Optional)

The scrape class to apply.

bodySizeLimit
ByteSize
(Optional)

When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus.

It requires Prometheus >= v2.28.0.

ProbeSpec

(Appears on:Probe)

ProbeSpec contains specification parameters for a Probe.

Field Description
jobName
string

The job name assigned to scraped metrics by default.

prober
ProberSpec

Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty.

module
string

The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml

targets
ProbeTargets

Targets defines a set of static or dynamically discovered targets to probe.

interval
Duration

Interval at which targets are probed using the configured prober. If not specified Prometheus’ global scrape interval is used.

scrapeTimeout
Duration

Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used.

tlsConfig
SafeTLSConfig

TLS configuration to use when scraping the endpoint.

bearerTokenSecret
Kubernetes core/v1.SecretKeySelector

Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator.

basicAuth
BasicAuth

BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint

oauth2
OAuth2

OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.

metricRelabelings
[]RelabelConfig

MetricRelabelConfigs to apply to samples before ingestion.

authorization
SafeAuthorization

Authorization section for this endpoint

sampleLimit
uint64
(Optional)

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

targetLimit
uint64
(Optional)

TargetLimit defines a limit on the number of scraped targets that will be accepted.

scrapeProtocols
[]ScrapeProtocol
(Optional)

scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

fallbackScrapeProtocol
ScrapeProtocol
(Optional)

The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.

It requires Prometheus >= v3.0.0.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

scrapeClassicHistograms
bool
(Optional)

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

nativeHistogramBucketLimit
uint64
(Optional)

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

scrapeClass
string
(Optional)

The scrape class to apply.

ProbeTargetIngress

(Appears on:ProbeTargets)

ProbeTargetIngress defines the set of Ingress objects considered for probing. The operator configures a target for each host/path combination of each ingress object.

Field Description
selector
Kubernetes meta/v1.LabelSelector

Selector to select the Ingress objects.

namespaceSelector
NamespaceSelector

From which namespaces to select Ingress objects.

relabelingConfigs
[]RelabelConfig

RelabelConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the __tmp_prometheus_ingress_address label. It can be used to customize the probed URL. The original scrape job’s name is available via the __tmp_prometheus_job_name label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

ProbeTargetStaticConfig

(Appears on:ProbeTargets)

ProbeTargetStaticConfig defines the set of static targets considered for probing.

Field Description
static
[]string

The list of hosts to probe.

labels
map[string]string

Labels assigned to all metrics scraped from the targets.

relabelingConfigs
[]RelabelConfig

RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

ProbeTargets

(Appears on:ProbeSpec)

ProbeTargets defines how to discover the probed targets. One of the staticConfig or ingress must be defined. If both are defined, staticConfig takes precedence.

Field Description
staticConfig
ProbeTargetStaticConfig

staticConfig defines the static list of targets to probe and the relabeling configuration. If ingress is also defined, staticConfig takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.

ingress
ProbeTargetIngress

ingress defines the Ingress objects to probe and the relabeling configuration. If staticConfig is also defined, staticConfig takes precedence.

ProbeTargetsValidationError

ProbeTargetsValidationError is returned by ProbeTargets.Validate() on semantically invalid configurations.

Field Description
err
string

ProberSpec

(Appears on:ProbeSpec)

ProberSpec contains specification parameters for the Prober used for probing.

Field Description
url
string

Mandatory URL of the prober.

scheme
string

HTTP scheme to use for scraping. http and https are the expected values unless you rewrite the __scheme__ label via relabeling. If empty, Prometheus uses the default value http.

path
string

Path to collect metrics from. Defaults to /probe.

proxyUrl
string

Optional ProxyURL.

PrometheusRuleExcludeConfig

(Appears on:PrometheusSpec, ThanosRulerSpec)

PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics.

Field Description
ruleNamespace
string

Namespace of the excluded PrometheusRule object.

ruleName
string

Name of the excluded PrometheusRule object.

PrometheusRuleSpec

(Appears on:PrometheusRule)

PrometheusRuleSpec contains specification parameters for a Rule.

Field Description
groups
[]RuleGroup

Content of Prometheus rule file

PrometheusSpec

(Appears on:Prometheus)

PrometheusSpec is a specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Field Description
podMetadata
EmbeddedObjectMetadata

PodMetadata configures labels and annotations which are propagated to the Prometheus pods.

The following items are reserved and cannot be overridden: * “prometheus” label, set to the name of the Prometheus object. * “app.kubernetes.io/instance” label, set to the name of the Prometheus object. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “prometheus”. * “app.kubernetes.io/version” label, set to the Prometheus version. * “operator.prometheus.io/name” label, set to the name of the Prometheus object. * “operator.prometheus.io/shard” label, set to the shard number of the Prometheus object. * “kubectl.kubernetes.io/default-container” annotation, set to “prometheus”.

serviceMonitorSelector
Kubernetes meta/v1.LabelSelector

ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

serviceMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

podMonitorSelector
Kubernetes meta/v1.LabelSelector

PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

podMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

probeSelector
Kubernetes meta/v1.LabelSelector

Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

probeNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

scrapeConfigSelector
Kubernetes meta/v1.LabelSelector
(Optional)

ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

scrapeConfigNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

version
string

Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files.

If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released.

paused
bool

When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.

image
string
(Optional)

Container image name for Prometheus. If specified, it takes precedence over the spec.baseImage, spec.tag and spec.sha fields.

Specifying spec.version is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured.

If neither spec.image nor spec.baseImage are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released.

imagePullPolicy
Kubernetes core/v1.PullPolicy

Image pull policy for the ‘prometheus’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

imagePullSecrets
[]Kubernetes core/v1.LocalObjectReference

An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

replicas
int32
(Optional)

Number of replicas of each shard to deploy for a Prometheus deployment. spec.replicas multiplied by spec.shards is the total number of Pods created.

Default: 1

shards
int32
(Optional)

Number of shards to distribute scraped targets onto.

spec.replicas multiplied by spec.shards is the total number of Pods being created.

When not defined, the operator assumes only one shard.

Note that scaling down shards will not reshard data onto the remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. Alerting and recording rules

By default, the sharding is performed on: * The __address__ target’s metadata label for PodMonitor, ServiceMonitor and ScrapeConfig resources. * The __param_target__ label for Probe resources.

Users can define their own sharding implementation by setting the __tmp_hash label during the target discovery with relabeling configuration (either in the monitoring resources or via scrape class).

replicaExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the replica name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus_replica”

prometheusExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the Prometheus instance name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus”

logLevel
string

Log level for Prometheus and the config-reloader sidecar.

logFormat
string

Log format for Log level for Prometheus and the config-reloader sidecar.

scrapeInterval
Duration

Interval between consecutive scrapes.

Default: “30s”

scrapeTimeout
Duration

Number of seconds to wait until a scrape request times out.

scrapeProtocols
[]ScrapeProtocol
(Optional)

The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

PrometheusText1.0.0 requires Prometheus >= v3.0.0.

externalLabels
map[string]string

The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by spec.replicaExternalLabelName and spec.prometheusExternalLabelName take precedence over this list.

enableRemoteWriteReceiver
bool

Enable Prometheus to be used as a receiver for the Prometheus remote write protocol.

WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver

It requires Prometheus >= v2.33.0.

enableOTLPReceiver
bool
(Optional)

Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.

Note that the OTLP receiver endpoint is automatically enabled if .spec.otlpConfig is defined.

It requires Prometheus >= v2.47.0.

remoteWriteReceiverMessageVersions
[]RemoteWriteMessageVersion
(Optional)

List of the protobuf message versions to accept when receiving the remote writes.

It requires Prometheus >= v2.54.0.

enableFeatures
[]EnableFeature
(Optional)

Enable access to Prometheus feature flags. By default, no features are enabled.

Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/

externalUrl
string

The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource).

routePrefix
string

The route prefix Prometheus registers HTTP handlers for.

This is useful when using spec.externalURL, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.

storage
StorageSpec

Storage defines the storage used by Prometheus.

volumes
[]Kubernetes core/v1.Volume

Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumeMounts
[]Kubernetes core/v1.VolumeMount

VolumeMounts allows the configuration of additional VolumeMounts.

VolumeMounts will be appended to other VolumeMounts in the ‘prometheus’ container, that are generated as a result of StorageSpec objects.

persistentVolumeClaimRetentionPolicy
Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy
(Optional)

The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.

web
PrometheusWebSpec

Defines the configuration of the Prometheus web server.

resources
Kubernetes core/v1.ResourceRequirements

Defines the resources requests and limits of the ‘prometheus’ container.

nodeSelector
map[string]string

Defines on which Nodes the Pods are scheduled.

serviceAccountName
string

ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.

automountServiceAccountToken
bool
(Optional)

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn’t set, the operator mounts the service account token by default.

Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container.

secrets
[]string

Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each Secret is added to the StatefulSet definition as a volume named secret-<secret-name>. The Secrets are mounted into /etc/prometheus/secrets/ in the ‘prometheus’ container.

configMaps
[]string

ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named configmap-<configmap-name>. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the ‘prometheus’ container.

affinity
Kubernetes core/v1.Affinity
(Optional)

Defines the Pods’ affinity scheduling rules if specified.

tolerations
[]Kubernetes core/v1.Toleration
(Optional)

Defines the Pods’ tolerations if specified.

topologySpreadConstraints
[]TopologySpreadConstraint
(Optional)

Defines the pod’s topology spread constraints if specified.

remoteWrite
[]RemoteWriteSpec
(Optional)

Defines the list of remote write configurations.

otlp
OTLPConfig
(Optional)

Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0.

securityContext
Kubernetes core/v1.PodSecurityContext
(Optional)

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

dnsPolicy
DNSPolicy
(Optional)

Defines the DNS policy for the pods.

dnsConfig
PodDNSConfig
(Optional)

Defines the DNS configuration for the pods.

listenLocal
bool

When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address.

containers
[]Kubernetes core/v1.Container
(Optional)

Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch.

The names of containers managed by the operator are: * prometheus * config-reloader * thanos-sidecar

Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers
[]Kubernetes core/v1.Container
(Optional)

InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch.

The names of init container name managed by the operator are: * init-config-reloader.

Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

additionalScrapeConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.

apiserverConfig
APIServerConfig
(Optional)

APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.

priorityClassName
string

Priority class assigned to the Pods.

portName
string

Port name used for the pods and governing service. Default: “web”

arbitraryFSAccessThroughSMs
ArbitraryFSAccessThroughSMsConfig

When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the ‘prometheus’ container. When a ServiceMonitor’s endpoint specifies a bearerTokenFile value (e.g. ‘/var/run/secrets/kubernetes.io/serviceaccount/token’), a malicious target can get access to the Prometheus service account’s token in the Prometheus’ scrape request. Setting spec.arbitraryFSAccessThroughSM to ‘true’ would prevent the attack. Users should instead provide the credentials using the spec.bearerTokenSecret field.

overrideHonorLabels
bool

When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to “exported_” for all targets created from ServiceMonitor, PodMonitor and ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies. In practice,overrideHonorLaels:true enforces honorLabels:false for all ServiceMonitor, PodMonitor and ScrapeConfig objects.

overrideHonorTimestamps
bool

When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies.

ignoreNamespaceSelectors
bool

When true, spec.namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object.

enforcedNamespaceLabel
string

When not empty, a label will be added to:

  1. All metrics scraped from ServiceMonitor, PodMonitor, Probe and ScrapeConfig objects.
  2. All metrics generated from recording rules defined in PrometheusRule objects.
  3. All alerts generated from alerting rules defined in PrometheusRule objects.
  4. All vector selectors of PromQL expressions defined in PrometheusRule objects.

The label will not added for objects referenced in spec.excludedFromEnforcement.

The label’s name is this field’s value. The label’s value is the namespace of the ServiceMonitor, PodMonitor, Probe, PrometheusRule or ScrapeConfig object.

enforcedSampleLimit
uint64
(Optional)

When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any spec.sampleLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.sampleLimit is greater than zero and less than spec.enforcedSampleLimit.

It is meant to be used by admins to keep the overall number of samples/series under a desired limit.

When both enforcedSampleLimit and sampleLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedSampleLimit is greater than the sampleLimit, the sampleLimit will be set to enforcedSampleLimit. * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.

enforcedTargetLimit
uint64
(Optional)

When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any spec.targetLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.targetLimit is greater than zero and less than spec.enforcedTargetLimit.

It is meant to be used by admins to to keep the overall number of targets under a desired limit.

When both enforcedTargetLimit and targetLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedTargetLimit is greater than the targetLimit, the targetLimit will be set to enforcedTargetLimit. * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.

enforcedLabelLimit
uint64
(Optional)

When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any spec.labelLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelLimit is greater than zero and less than spec.enforcedLabelLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelLimit and labelLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelLimit is greater than the labelLimit, the labelLimit will be set to enforcedLabelLimit. * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.

enforcedLabelNameLengthLimit
uint64
(Optional)

When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any spec.labelNameLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelNameLengthLimit is greater than zero and less than spec.enforcedLabelNameLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelNameLengthLimit and labelNameLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelNameLengthLimit is greater than the labelNameLengthLimit, the labelNameLengthLimit will be set to enforcedLabelNameLengthLimit. * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.

enforcedLabelValueLengthLimit
uint64
(Optional)

When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any spec.labelValueLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelValueLengthLimit is greater than zero and less than spec.enforcedLabelValueLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelValueLengthLimit and labelValueLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelValueLengthLimit is greater than the labelValueLengthLimit, the labelValueLengthLimit will be set to enforcedLabelValueLengthLimit. * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.

enforcedKeepDroppedTargets
uint64
(Optional)

When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets is greater than zero and less than spec.enforcedKeepDroppedTargets.

It requires Prometheus >= v2.47.0.

When both enforcedKeepDroppedTargets and keepDroppedTargets are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedKeepDroppedTargets is greater than the keepDroppedTargets, the keepDroppedTargets will be set to enforcedKeepDroppedTargets. * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.

enforcedBodySizeLimit
ByteSize

When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail.

It requires Prometheus >= v2.28.0.

When both enforcedBodySizeLimit and bodySizeLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedBodySizeLimit is greater than the bodySizeLimit, the bodySizeLimit will be set to enforcedBodySizeLimit. * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.

nameValidationScheme
NameValidationSchemeOptions
(Optional)

Specifies the validation scheme for metric and label names.

minReadySeconds
uint32
(Optional)

Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

hostAliases
[]HostAlias
(Optional)

Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified.

additionalArgs
[]Argument
(Optional)

AdditionalArgs allows setting additional arguments for the ‘prometheus’ container.

It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version.

In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.

walCompression
bool
(Optional)

Configures compression of the write-ahead log (WAL) using Snappy.

WAL compression is enabled by default for Prometheus >= 2.20.0

Requires Prometheus v2.11.0 and above.

excludedFromEnforcement
[]ObjectReference
(Optional)

List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin.

It is only applicable if spec.enforcedNamespaceLabel set to true.

hostNetwork
bool

Use the host’s network namespace if true.

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set to a different value).

podTargetLabels
[]string
(Optional)

PodTargetLabels are appended to the spec.podTargetLabels field of all PodMonitor and ServiceMonitor objects.

tracingConfig
PrometheusTracingConfig
(Optional)

TracingConfig configures tracing in Prometheus.

This is an experimental feature, it may change in any upcoming release in a breaking way.

bodySizeLimit
ByteSize
(Optional)

BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.

sampleLimit
uint64
(Optional)

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.

targetLimit
uint64
(Optional)

TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.

reloadStrategy
ReloadStrategyType
(Optional)

Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint.

maximumStartupDurationSeconds
int32
(Optional)

Defines the maximum time that the prometheus container’s startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).

scrapeClasses
[]ScrapeClass

List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

This is an experimental feature, it may change in any upcoming release in a breaking way.

serviceDiscoveryRole
ServiceDiscoveryRole
(Optional)

Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.

If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role.

tsdb
TSDBSpec
(Optional)

Defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

runtime
RuntimeConfig
(Optional)

RuntimeConfig configures the values for the Prometheus process behavior

baseImage
string

Deprecated: use ‘spec.image’ instead.

tag
string

Deprecated: use ‘spec.image’ instead. The image’s tag can be specified as part of the image name.

sha
string

Deprecated: use ‘spec.image’ instead. The image’s digest can be specified as part of the image name.

retention
Duration

How long to retain the Prometheus data.

Default: “24h” if spec.retention and spec.retentionSize are empty.

retentionSize
ByteSize

Maximum number of bytes used by the Prometheus data.

disableCompaction
bool

When true, the Prometheus compaction is disabled. When spec.thanos.objectStorageConfig or spec.objectStorageConfigFile are defined, the operator automatically disables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends).

rules
Rules

Defines the configuration of the Prometheus rules’ engine.

prometheusRulesExcludedFromEnforce
[]PrometheusRuleExcludeConfig
(Optional)

Defines the list of PrometheusRule objects to which the namespace label enforcement doesn’t apply. This is only relevant when spec.enforcedNamespaceLabel is set to true. Deprecated: use spec.excludedFromEnforcement instead.

ruleSelector
Kubernetes meta/v1.LabelSelector
(Optional)

PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects.

ruleNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

query
QuerySpec
(Optional)

QuerySpec defines the configuration of the Promethus query service.

alerting
AlertingSpec
(Optional)

Defines the settings related to Alertmanager.

additionalAlertRelabelConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation:

https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs

The user is responsible for making sure that the configurations are valid

Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.

additionalAlertManagerConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation:

https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config

The user is responsible for making sure that the configurations are valid

Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.

remoteRead
[]RemoteReadSpec
(Optional)

Defines the list of remote read configurations.

thanos
ThanosSpec
(Optional)

Defines the configuration of the optional Thanos sidecar.

queryLogFile
string

queryLogFile specifies where the file to which PromQL queries are logged.

If the filename has an empty path, e.g. ‘query.log’, The Prometheus Pods will mount the file into an emptyDir volume at /var/log/prometheus. If a full path is provided, e.g. ‘/var/log/prometheus/query.log’, you must mount a volume in the specified directory and it must be writable. This is because the prometheus container runs with a read-only root filesystem for security reasons. Alternatively, the location can be set to a standard I/O stream, e.g. /dev/stdout, to log query information to the default Prometheus log stream.

allowOverlappingBlocks
bool

AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus.

Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.

exemplars
Exemplars
(Optional)

Exemplars related settings that are runtime reloadable. It requires to enable the exemplar-storage feature flag to be effective.

evaluationInterval
Duration

Interval between rule evaluations. Default: “30s”

ruleQueryOffset
Duration
(Optional)

Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. It requires Prometheus >= v2.53.0.

enableAdminAPI
bool

Enables access to the Prometheus web admin API.

WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so.

For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis

PrometheusStatus

(Appears on:Prometheus, PrometheusAgent)

PrometheusStatus is the most recent observed status of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Field Description
paused
bool

Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.

replicas
int32

Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector).

updatedReplicas
int32

Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec.

availableReplicas
int32

Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment.

unavailableReplicas
int32

Total number of unavailable pods targeted by this Prometheus deployment.

conditions
[]Condition
(Optional)

The current state of the Prometheus deployment.

shardStatuses
[]ShardStatus
(Optional)

The list has one entry per shard. Each entry provides a summary of the shard status.

shards
int32

Shards is the most recently observed number of shards.

selector
string

The selector used to match the pods targeted by this Prometheus resource.

PrometheusTracingConfig

(Appears on:CommonPrometheusFields)

Field Description
clientType
string
(Optional)

Client used to export the traces. Supported values are http or grpc.

endpoint
string

Endpoint to send the traces to. Should be provided in format :.

samplingFraction
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

Sets the probability a given trace will be sampled. Must be a float from 0 through 1.

insecure
bool
(Optional)

If disabled, the client will use a secure connection.

headers
map[string]string
(Optional)

Key-value pairs to be used as headers associated with gRPC or HTTP requests.

compression
string
(Optional)

Compression key for supported compression types. The only supported value is gzip.

timeout
Duration
(Optional)

Maximum time the exporter will wait for each batch export.

tlsConfig
TLSConfig
(Optional)

TLS Config to use when sending traces.

PrometheusWebSpec

(Appears on:CommonPrometheusFields)

PrometheusWebSpec defines the configuration of the Prometheus web server.

Field Description
tlsConfig
WebTLSConfig

Defines the TLS parameters for HTTPS.

httpConfig
WebHTTPConfig

Defines HTTP parameters for web server.

pageTitle
string
(Optional)

The prometheus web page title.

maxConnections
int32
(Optional)

Defines the maximum number of simultaneous connections A zero value means that Prometheus doesn’t accept any incoming connection.

ProxyConfig

(Appears on:AlertmanagerEndpoints, HTTPConfig, OAuth2, RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, HTTPConfig)

Field Description
proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

QuerySpec

(Appears on:PrometheusSpec)

QuerySpec defines the query command line flags when starting Prometheus.

Field Description
lookbackDelta
string
(Optional)

The delta difference allowed for retrieving metrics during expression evaluations.

maxConcurrency
int32
(Optional)

Number of concurrent queries that can be run at once.

maxSamples
int32
(Optional)

Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return.

timeout
Duration
(Optional)

Maximum time a query may take before being aborted.

QueueConfig

(Appears on:RemoteWriteSpec)

QueueConfig allows the tuning of remote write’s queue_config parameters. This object is referenced in the RemoteWriteSpec object.

Field Description
capacity
int

Capacity is the number of samples to buffer per shard before we start dropping them.

minShards
int

MinShards is the minimum number of shards, i.e. amount of concurrency.

maxShards
int

MaxShards is the maximum number of shards, i.e. amount of concurrency.

maxSamplesPerSend
int

MaxSamplesPerSend is the maximum number of samples per send.

batchSendDeadline
Duration
(Optional)

BatchSendDeadline is the maximum time a sample will wait in buffer.

maxRetries
int

MaxRetries is the maximum number of times to retry a batch on recoverable errors.

minBackoff
Duration
(Optional)

MinBackoff is the initial retry delay. Gets doubled for every retry.

maxBackoff
Duration
(Optional)

MaxBackoff is the maximum retry delay.

retryOnRateLimit
bool

Retry upon receiving a 429 status code from the remote-write storage.

This is an experimental feature, it may change in any upcoming release in a breaking way.

sampleAgeLimit
Duration
(Optional)

SampleAgeLimit drops samples older than the limit. It requires Prometheus >= v2.50.0.

RelabelConfig

(Appears on:AlertmanagerEndpoints, Endpoint, PodMetricsEndpoint, ProbeSpec, ProbeTargetIngress, ProbeTargetStaticConfig, RemoteWriteSpec, ScrapeClass, ScrapeConfigSpec)

RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

Field Description
sourceLabels
[]LabelName
(Optional)

The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.

separator
string

Separator is the string between concatenated SourceLabels.

targetLabel
string

Label to which the resulting string is written in a replacement.

It is mandatory for Replace, HashMod, Lowercase, Uppercase, KeepEqual and DropEqual actions.

Regex capture groups are available.

regex
string

Regular expression against which the extracted value is matched.

modulus
uint64

Modulus to take of the hash of the source label values.

Only applicable when the action is HashMod.

replacement
string
(Optional)

Replacement value against which a Replace action is performed if the regular expression matches.

Regex capture groups are available.

action
string

Action to perform based on the regex matching.

Uppercase and Lowercase actions require Prometheus >= v2.36.0. DropEqual and KeepEqual actions require Prometheus >= v2.41.0.

Default: “Replace”

ReloadStrategyType (string alias)

(Appears on:CommonPrometheusFields)

Value Description

"HTTP"

HTTPReloadStrategyType reloads the configuration using the /-/reload HTTP endpoint.

"ProcessSignal"

ProcessSignalReloadStrategyType reloads the configuration by sending a SIGHUP signal to the process.

RemoteReadSpec

(Appears on:PrometheusSpec)

RemoteReadSpec defines the configuration for Prometheus to read back samples from a remote endpoint.

Field Description
url
string

The URL of the endpoint to query from.

name
string

The name of the remote read queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations.

It requires Prometheus >= v2.15.0.

requiredMatchers
map[string]string
(Optional)

An optional list of equality matchers which have to be present in a selector to query the remote read endpoint.

remoteTimeout
Duration
(Optional)

Timeout for requests to the remote read endpoint.

headers
map[string]string
(Optional)

Custom HTTP headers to be sent along with each remote read request. Be aware that headers that are set by Prometheus itself can’t be overwritten. Only valid in Prometheus versions 2.26.0 and newer.

readRecent
bool

Whether reads should be made for queries for time ranges that the local storage should have complete data for.

oauth2
OAuth2
(Optional)

OAuth2 configuration for the URL.

It requires Prometheus >= v2.27.0.

Cannot be set at the same time as authorization, or basicAuth.

basicAuth
BasicAuth
(Optional)

BasicAuth configuration for the URL.

Cannot be set at the same time as authorization, or oauth2.

bearerTokenFile
string

File from which to read the bearer token for the URL.

Deprecated: this will be removed in a future release. Prefer using authorization.

authorization
Authorization
(Optional)

Authorization section for the URL.

It requires Prometheus >= v2.26.0.

Cannot be set at the same time as basicAuth, or oauth2.

bearerToken
string

Warning: this field shouldn’t be used because the token value appears in clear-text. Prefer using authorization.

Deprecated: this will be removed in a future release.

tlsConfig
TLSConfig
(Optional)

TLS Config to use for the URL.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

It requires Prometheus >= v2.26.0.

filterExternalLabels
bool
(Optional)

Whether to use the external labels as selectors for the remote read endpoint.

It requires Prometheus >= v2.34.0.

RemoteWriteMessageVersion (string alias)

(Appears on:CommonPrometheusFields, RemoteWriteSpec)

Value Description

"V1.0"

Remote Write message’s version 1.0.

"V2.0"

Remote Write message’s version 2.0.

RemoteWriteSpec

(Appears on:CommonPrometheusFields)

RemoteWriteSpec defines the configuration to write samples from Prometheus to a remote endpoint.

Field Description
url
string

The URL of the endpoint to send samples to.

name
string
(Optional)

The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues.

It requires Prometheus >= v2.15.0.

messageVersion
RemoteWriteMessageVersion
(Optional)

The Remote Write message’s version to use when writing to the endpoint.

Version1.0 corresponds to the prometheus.WriteRequest protobuf message introduced in Remote Write 1.0. Version2.0 corresponds to the io.prometheus.write.v2.Request protobuf message introduced in Remote Write 2.0.

When Version2.0 is selected, Prometheus will automatically be configured to append the metadata of scraped metrics to the WAL.

Before setting this field, consult with your remote storage provider what message version it supports.

It requires Prometheus >= v2.54.0.

sendExemplars
bool
(Optional)

Enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the spec.enableFeatures option for exemplars to be scraped in the first place.

It requires Prometheus >= v2.27.0.

sendNativeHistograms
bool
(Optional)

Enables sending of native histograms, also known as sparse histograms over remote write.

It requires Prometheus >= v2.40.0.

remoteTimeout
Duration
(Optional)

Timeout for requests to the remote write endpoint.

headers
map[string]string
(Optional)

Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can’t be overwritten.

It requires Prometheus >= v2.25.0.

writeRelabelConfigs
[]RelabelConfig
(Optional)

The list of remote write relabel configurations.

oauth2
OAuth2
(Optional)

OAuth2 configuration for the URL.

It requires Prometheus >= v2.27.0.

Cannot be set at the same time as sigv4, authorization, basicAuth, or azureAd.

basicAuth
BasicAuth
(Optional)

BasicAuth configuration for the URL.

Cannot be set at the same time as sigv4, authorization, oauth2, or azureAd.

bearerTokenFile
string

File from which to read bearer token for the URL.

Deprecated: this will be removed in a future release. Prefer using authorization.

authorization
Authorization
(Optional)

Authorization section for the URL.

It requires Prometheus >= v2.26.0.

Cannot be set at the same time as sigv4, basicAuth, oauth2, or azureAd.

sigv4
Sigv4
(Optional)

Sigv4 allows to configures AWS’s Signature Verification 4 for the URL.

It requires Prometheus >= v2.26.0.

Cannot be set at the same time as authorization, basicAuth, oauth2, or azureAd.

azureAd
AzureAD
(Optional)

AzureAD for the URL.

It requires Prometheus >= v2.45.0.

Cannot be set at the same time as authorization, basicAuth, oauth2, or sigv4.

bearerToken
string

Warning: this field shouldn’t be used because the token value appears in clear-text. Prefer using authorization.

Deprecated: this will be removed in a future release.

tlsConfig
TLSConfig
(Optional)

TLS Config to use for the URL.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

It requires Prometheus >= v2.26.0.

queueConfig
QueueConfig
(Optional)

QueueConfig allows tuning of the remote write queue parameters.

metadataConfig
MetadataConfig
(Optional)

MetadataConfig configures the sending of series metadata to the remote storage.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

Rule

(Appears on:RuleGroup)

Rule describes an alerting or recording rule See Prometheus documentation: alerting or recording rule

Field Description
record
string

Name of the time series to output to. Must be a valid metric name. Only one of record and alert must be set.

alert
string

Name of the alert. Must be a valid label value. Only one of record and alert must be set.

expr
k8s.io/apimachinery/pkg/util/intstr.IntOrString

PromQL expression to evaluate.

for
Duration
(Optional)

Alerts are considered firing once they have been returned for this long.

keep_firing_for
NonEmptyDuration
(Optional)

KeepFiringFor defines how long an alert will continue firing after the condition that triggered it has cleared.

labels
map[string]string

Labels to add or overwrite.

annotations
map[string]string

Annotations to add to each alert. Only valid for alerting rules.

RuleGroup

(Appears on:PrometheusRuleSpec)

RuleGroup is a list of sequentially evaluated recording and alerting rules.

Field Description
name
string

Name of the rule group.

labels
map[string]string
(Optional)

Labels to add or overwrite before storing the result for its rules. The labels defined at the rule level take precedence.

It requires Prometheus >= 3.0.0. The field is ignored for Thanos Ruler.

interval
Duration
(Optional)

Interval determines how often rules in the group are evaluated.

query_offset
Duration
(Optional)

Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.

It requires Prometheus >= v2.53.0. It is not supported for ThanosRuler.

rules
[]Rule
(Optional)

List of alerting and recording rules.

partial_response_strategy
string

PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response

limit
int
(Optional)

Limit the number of alerts an alerting rule and series a recording rule can produce. Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24.

Rules

(Appears on:PrometheusSpec)

Field Description
alert
RulesAlert

Defines the parameters of the Prometheus rules’ engine.

Any update to these parameters trigger a restart of the pods.

RulesAlert

(Appears on:Rules)

Field Description
forOutageTolerance
string

Max time to tolerate prometheus outage for restoring ‘for’ state of alert.

forGracePeriod
string

Minimum duration between alert and restored ‘for’ state.

This is maintained only for alerts with a configured ‘for’ time greater than the grace period.

resendDelay
string

Minimum amount of time to wait before resending an alert to Alertmanager.

RuntimeConfig

(Appears on:CommonPrometheusFields)

RuntimeConfig configures the values for the process behavior.

Field Description
goGC
int32
(Optional)

The Go garbage collection target percentage. Lowering this number may increase the CPU usage. See: https://tip.golang.org/doc/gc-guide#GOGC

SafeAuthorization

(Appears on:AlertmanagerEndpoints, Authorization, Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)

SafeAuthorization specifies a subset of the Authorization struct, that is safe for use because it doesn’t provide access to the Prometheus container’s filesystem.

Field Description
type
string

Defines the authentication type. The value is case-insensitive.

“Basic” is not a supported value.

Default: “Bearer”

credentials
Kubernetes core/v1.SecretKeySelector

Selects a key of a Secret in the namespace that contains the credentials for authentication.

SafeTLSConfig

(Appears on:HTTPConfig, OAuth2, PodMetricsEndpoint, ProbeSpec, TLSConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig)

SafeTLSConfig specifies safe TLS configuration parameters.

Field Description
ca
SecretOrConfigMap

Certificate authority used when verifying server certificates.

cert
SecretOrConfigMap

Client certificate to present when doing client-authentication.

keySecret
Kubernetes core/v1.SecretKeySelector

Secret containing the client key file for the targets.

serverName
string
(Optional)

Used to verify the hostname for the targets.

insecureSkipVerify
bool
(Optional)

Disable target certificate validation.

minVersion
TLSVersion
(Optional)

Minimum acceptable TLS version.

It requires Prometheus >= v2.35.0.

maxVersion
TLSVersion
(Optional)

Maximum acceptable TLS version.

It requires Prometheus >= v2.41.0.

ScrapeClass

(Appears on:CommonPrometheusFields)

Field Description
name
string

Name of the scrape class.

default
bool
(Optional)

Default indicates that the scrape applies to all scrape objects that don’t configure an explicit scrape class name.

Only one scrape class can be set as the default.

tlsConfig
TLSConfig
(Optional)

TLSConfig defines the TLS settings to use for the scrape. When the scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields.

For now only the caFile, certFile and keyFile fields are supported.

authorization
Authorization
(Optional)

Authorization section for the ScrapeClass. It will only apply if the scrape resource doesn’t specify any Authorization.

relabelings
[]RelabelConfig
(Optional)

Relabelings configures the relabeling rules to apply to all scrape targets.

The Operator automatically adds relabelings for a few standard Kubernetes fields like __meta_kubernetes_namespace and __meta_kubernetes_service_name. Then the Operator adds the scrape class relabelings defined here. Then the Operator adds the target-specific relabelings defined in the scrape object.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

metricRelabelings
[]RelabelConfig
(Optional)

MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.

The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. Then the Operator adds namespace enforcement relabeling rule, specified in ‘.spec.enforcedNamespaceLabel’.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs

attachMetadata
AttachMetadata
(Optional)

AttachMetadata configures additional metadata to the discovered targets. When the scrape object defines its own configuration, it takes precedence over the scrape class configuration.

ScrapeProtocol (string alias)

(Appears on:CommonPrometheusFields, PodMonitorSpec, ProbeSpec, ServiceMonitorSpec, ScrapeConfigSpec)

ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. Supported values are: * OpenMetricsText0.0.1 * OpenMetricsText1.0.0 * PrometheusProto * PrometheusText0.0.4 * PrometheusText1.0.0

Value Description

"OpenMetricsText0.0.1"

"OpenMetricsText1.0.0"

"PrometheusProto"

"PrometheusText0.0.4"

"PrometheusText1.0.0"

SecretOrConfigMap

(Appears on:AlertmanagerConfiguration, OAuth2, SafeTLSConfig, WebTLSConfig)

SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.

Field Description
secret
Kubernetes core/v1.SecretKeySelector

Secret containing data to use for the targets.

configMap
Kubernetes core/v1.ConfigMapKeySelector

ConfigMap containing data to use for the targets.

SelectorMechanism (string alias)

(Appears on:PodMonitorSpec, ServiceMonitorSpec)

Value Description

"RelabelConfig"

"RoleSelector"

ServiceDiscoveryRole (string alias)

(Appears on:CommonPrometheusFields)

Value Description

"EndpointSlice"

"Endpoints"

ServiceMonitorSpec

(Appears on:ServiceMonitor)

ServiceMonitorSpec defines the specification parameters for a ServiceMonitor.

Field Description
jobLabel
string

jobLabel selects the label from the associated Kubernetes Service object which will be used as the job label for all metrics.

For example if jobLabel is set to foo and the Kubernetes Service object is labeled with foo: bar, then Prometheus adds the job="bar" label to all ingested metrics.

If the value of this field is empty or if the label doesn’t exist for the given Service, the job label of the metrics defaults to the name of the associated Kubernetes Service.

targetLabels
[]string
(Optional)

targetLabels defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

podTargetLabels
[]string
(Optional)

podTargetLabels defines the labels which are transferred from the associated Kubernetes Pod object onto the ingested metrics.

endpoints
[]Endpoint

List of endpoints part of this ServiceMonitor. Defines how to scrape metrics from Kubernetes Endpoints objects. In most cases, an Endpoints object is backed by a Kubernetes Service object with the same name and labels.

selector
Kubernetes meta/v1.LabelSelector

Label selector to select the Kubernetes Endpoints objects to scrape metrics from.

selectorMechanism
SelectorMechanism
(Optional)

Mechanism used to select the endpoints to scrape. By default, the selection process relies on relabel configurations to filter the discovered targets. Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. Which strategy is best for your use case needs to be carefully evaluated.

It requires Prometheus >= v2.17.0.

namespaceSelector
NamespaceSelector

namespaceSelector defines in which namespace(s) Prometheus should discover the services. By default, the services are discovered in the same namespace as the ServiceMonitor object but it is possible to select pods across different/all namespaces.

sampleLimit
uint64
(Optional)

sampleLimit defines a per-scrape limit on the number of scraped samples that will be accepted.

scrapeProtocols
[]ScrapeProtocol
(Optional)

scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

fallbackScrapeProtocol
ScrapeProtocol
(Optional)

The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.

It requires Prometheus >= v3.0.0.

targetLimit
uint64
(Optional)

targetLimit defines a limit on the number of scraped targets that will be accepted.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

scrapeClassicHistograms
bool
(Optional)

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

nativeHistogramBucketLimit
uint64
(Optional)

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

attachMetadata
AttachMetadata
(Optional)

attachMetadata defines additional metadata which is added to the discovered targets.

It requires Prometheus >= v2.37.0.

scrapeClass
string
(Optional)

The scrape class to apply.

bodySizeLimit
ByteSize
(Optional)

When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus.

It requires Prometheus >= v2.28.0.

ShardStatus

(Appears on:PrometheusStatus)

Field Description
shardID
string

Identifier of the shard.

replicas
int32

Total number of pods targeted by this shard.

updatedReplicas
int32

Total number of non-terminated pods targeted by this shard that have the desired spec.

availableReplicas
int32

Total number of available pods (ready for at least minReadySeconds) targeted by this shard.

unavailableReplicas
int32

Total number of unavailable pods targeted by this shard.

Sigv4

(Appears on:AlertmanagerEndpoints, RemoteWriteSpec, SNSConfig, SNSConfig)

Sigv4 optionally configures AWS’s Signature Verification 4 signing process to sign requests.

Field Description
region
string

Region is the AWS region. If blank, the region from the default credentials chain used.

accessKey
Kubernetes core/v1.SecretKeySelector
(Optional)

AccessKey is the AWS API key. If not specified, the environment variable AWS_ACCESS_KEY_ID is used.

secretKey
Kubernetes core/v1.SecretKeySelector
(Optional)

SecretKey is the AWS API secret. If not specified, the environment variable AWS_SECRET_ACCESS_KEY is used.

profile
string

Profile is the named AWS profile used to authenticate.

roleArn
string

RoleArn is the named AWS profile used to authenticate.

StorageSpec

(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)

StorageSpec defines the configured storage for a group Prometheus servers. If no storage option is specified, then by default an EmptyDir will be used.

If multiple storage options are specified, priority will be given as follows: 1. emptyDir 2. ephemeral 3. volumeClaimTemplate

Field Description
disableMountSubPath
bool

Deprecated: subPath usage will be removed in a future release.

emptyDir
Kubernetes core/v1.EmptyDirVolumeSource

EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over ephemeral and volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir

ephemeral
Kubernetes core/v1.EphemeralVolumeSource

EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes

volumeClaimTemplate
EmbeddedPersistentVolumeClaim

Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes.

TLSConfig

(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, PrometheusTracingConfig, RemoteReadSpec, RemoteWriteSpec, ScrapeClass, ThanosRulerSpec, ThanosSpec)

TLSConfig extends the safe TLS configuration with file parameters.

Field Description
ca
SecretOrConfigMap

Certificate authority used when verifying server certificates.

cert
SecretOrConfigMap

Client certificate to present when doing client-authentication.

keySecret
Kubernetes core/v1.SecretKeySelector

Secret containing the client key file for the targets.

serverName
string
(Optional)

Used to verify the hostname for the targets.

insecureSkipVerify
bool
(Optional)

Disable target certificate validation.

minVersion
TLSVersion
(Optional)

Minimum acceptable TLS version.

It requires Prometheus >= v2.35.0.

maxVersion
TLSVersion
(Optional)

Maximum acceptable TLS version.

It requires Prometheus >= v2.41.0.

caFile
string

Path to the CA cert in the Prometheus container to use for the targets.

certFile
string

Path to the client cert file in the Prometheus container for the targets.

keyFile
string

Path to the client key file in the Prometheus container for the targets.

TLSVersion (string alias)

(Appears on:SafeTLSConfig)

Value Description

"TLS10"

"TLS11"

"TLS12"

"TLS13"

TSDBSpec

(Appears on:CommonPrometheusFields)

Field Description
outOfOrderTimeWindow
Duration
(Optional)

Configures how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time.

An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).

This is an experimental feature, it may change in any upcoming release in a breaking way.

It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

ThanosRulerSpec

(Appears on:ThanosRuler)

ThanosRulerSpec is a specification of the desired behavior of the ThanosRuler. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Field Description
version
string
(Optional)

Version of Thanos to be deployed.

podMetadata
EmbeddedObjectMetadata
(Optional)

PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.

The following items are reserved and cannot be overridden: * “app.kubernetes.io/name” label, set to “thanos-ruler”. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/instance” label, set to the name of the ThanosRuler instance. * “thanos-ruler” label, set to the name of the ThanosRuler instance. * “kubectl.kubernetes.io/default-container” annotation, set to “thanos-ruler”.

image
string

Thanos container image URL.

imagePullPolicy
Kubernetes core/v1.PullPolicy

Image pull policy for the ‘thanos’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

imagePullSecrets
[]Kubernetes core/v1.LocalObjectReference
(Optional)

An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

paused
bool

When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects.

replicas
int32
(Optional)

Number of thanos ruler instances to deploy.

nodeSelector
map[string]string
(Optional)

Define which Nodes the Pods are scheduled on.

resources
Kubernetes core/v1.ResourceRequirements

Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set

affinity
Kubernetes core/v1.Affinity
(Optional)

If specified, the pod’s scheduling constraints.

tolerations
[]Kubernetes core/v1.Toleration
(Optional)

If specified, the pod’s tolerations.

topologySpreadConstraints
[]Kubernetes core/v1.TopologySpreadConstraint
(Optional)

If specified, the pod’s topology spread constraints.

securityContext
Kubernetes core/v1.PodSecurityContext
(Optional)

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

dnsPolicy
DNSPolicy
(Optional)

Defines the DNS policy for the pods.

dnsConfig
PodDNSConfig
(Optional)

Defines the DNS configuration for the pods.

priorityClassName
string

Priority class assigned to the Pods

serviceAccountName
string

ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods.

storage
StorageSpec
(Optional)

Storage spec to specify how storage shall be used.

volumes
[]Kubernetes core/v1.Volume
(Optional)

Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumeMounts
[]Kubernetes core/v1.VolumeMount
(Optional)

VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the ruler container, that are generated as a result of StorageSpec objects.

objectStorageConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures object storage.

The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage

The operator performs no validation of the configuration.

objectStorageConfigFile takes precedence over this field.

objectStorageConfigFile
string
(Optional)

Configures the path of the object storage configuration file.

The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage

The operator performs no validation of the configuration file.

This field takes precedence over objectStorageConfig.

listenLocal
bool

ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP.

queryEndpoints
[]string
(Optional)

Configures the list of Thanos Query endpoints from which to query metrics.

For Thanos >= v0.11.0, it is recommended to use queryConfig instead.

queryConfig takes precedence over this field.

queryConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures the list of Thanos Query endpoints from which to query metrics.

The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api

It requires Thanos >= v0.11.0.

The operator performs no validation of the configuration.

This field takes precedence over queryEndpoints.

alertmanagersUrl
[]string
(Optional)

Configures the list of Alertmanager endpoints to send alerts to.

For Thanos >= v0.10.0, it is recommended to use alertmanagersConfig instead.

alertmanagersConfig takes precedence over this field.

alertmanagersConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures the list of Alertmanager endpoints to send alerts to.

The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager.

It requires Thanos >= v0.10.0.

The operator performs no validation of the configuration.

This field takes precedence over alertmanagersUrl.

ruleSelector
Kubernetes meta/v1.LabelSelector
(Optional)

PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects.

ruleNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used.

enforcedNamespaceLabel
string

EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.

excludedFromEnforcement
[]ObjectReference
(Optional)

List of references to PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true.

prometheusRulesExcludedFromEnforce
[]PrometheusRuleExcludeConfig
(Optional)

PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair Deprecated: use excludedFromEnforcement instead.

logLevel
string

Log level for ThanosRuler to be configured with.

logFormat
string

Log format for ThanosRuler to be configured with.

portName
string

Port name used for the pods and governing service. Defaults to web.

evaluationInterval
Duration

Interval between consecutive evaluations.

retention
Duration

Time duration ThanosRuler shall retain data for. Default is ‘24h’, and must match the regular expression [0-9]+(ms|s|m|h|d|w|y) (milliseconds seconds minutes hours days weeks years).

containers
[]Kubernetes core/v1.Container
(Optional)

Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: thanos-ruler and config-reloader. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers
[]Kubernetes core/v1.Container
(Optional)

InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

tracingConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures tracing.

The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration

This is an experimental feature, it may change in any upcoming release in a breaking way.

The operator performs no validation of the configuration.

tracingConfigFile takes precedence over this field.

tracingConfigFile
string
(Optional)

Configures the path of the tracing configuration file.

The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration

This is an experimental feature, it may change in any upcoming release in a breaking way.

The operator performs no validation of the configuration file.

This field takes precedence over tracingConfig.

labels
map[string]string
(Optional)

Configures the external label pairs of the ThanosRuler resource.

A default replica label thanos_ruler_replica will be always added as a label with the value of the pod’s name.

alertDropLabels
[]string
(Optional)

Configures the label names which should be dropped in Thanos Ruler alerts.

The replica label thanos_ruler_replica will always be dropped from the alerts.

externalPrefix
string

The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name.

routePrefix
string

The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path.

grpcServerTlsConfig
TLSConfig
(Optional)

GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ‘–grpc-server-tls-*’ CLI args.

alertQueryUrl
string

The external Query URL the Thanos Ruler will set in the ‘Source’ field of all alerts. Maps to the ‘–alert.query-url’ CLI arg.

minReadySeconds
uint32
(Optional)

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

alertRelabelConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

Configures alert relabeling in Thanos Ruler.

Alert relabel configuration must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs

The operator performs no validation of the configuration.

alertRelabelConfigFile takes precedence over this field.

alertRelabelConfigFile
string
(Optional)

Configures the path to the alert relabeling configuration file.

Alert relabel configuration must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs

The operator performs no validation of the configuration file.

This field takes precedence over alertRelabelConfig.

hostAliases
[]HostAlias

Pods’ hostAliases configuration

additionalArgs
[]Argument
(Optional)

AdditionalArgs allows setting additional arguments for the ThanosRuler container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the ThanosRuler container which may cause issues if they are invalid or not supported by the given ThanosRuler version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged.

web
ThanosRulerWebSpec
(Optional)

Defines the configuration of the ThanosRuler web server.

ThanosRulerStatus

(Appears on:ThanosRuler)

ThanosRulerStatus is the most recent observed status of the ThanosRuler. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Field Description
paused
bool

Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.

replicas
int32

Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector).

updatedReplicas
int32

Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec.

availableReplicas
int32

Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment.

unavailableReplicas
int32

Total number of unavailable pods targeted by this ThanosRuler deployment.

conditions
[]Condition
(Optional)

The current state of the ThanosRuler object.

ThanosRulerWebSpec

(Appears on:ThanosRulerSpec)

ThanosRulerWebSpec defines the configuration of the ThanosRuler web server.

Field Description
tlsConfig
WebTLSConfig

Defines the TLS parameters for HTTPS.

httpConfig
WebHTTPConfig

Defines HTTP parameters for web server.

ThanosSpec

(Appears on:PrometheusSpec)

ThanosSpec defines the configuration of the Thanos sidecar.

Field Description
image
string
(Optional)

Container image name for Thanos. If specified, it takes precedence over the spec.thanos.baseImage, spec.thanos.tag and spec.thanos.sha fields.

Specifying spec.thanos.version is still necessary to ensure the Prometheus Operator knows which version of Thanos is being configured.

If neither spec.thanos.image nor spec.thanos.baseImage are defined, the operator will use the latest upstream version of Thanos available at the time when the operator was released.

version
string
(Optional)

Version of Thanos being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files.

If not specified, the operator assumes the latest upstream release of Thanos available at the time when the version of the operator was released.

tag
string
(Optional)

Deprecated: use ‘image’ instead. The image’s tag can be specified as as part of the image name.

sha
string
(Optional)

Deprecated: use ‘image’ instead. The image digest can be specified as part of the image name.

baseImage
string
(Optional)

Deprecated: use ‘image’ instead.

resources
Kubernetes core/v1.ResourceRequirements

Defines the resources requests and limits of the Thanos sidecar.

objectStorageConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Defines the Thanos sidecar’s configuration to upload TSDB blocks to object storage.

More info: https://thanos.io/tip/thanos/storage.md/

objectStorageConfigFile takes precedence over this field.

objectStorageConfigFile
string
(Optional)

Defines the Thanos sidecar’s configuration file to upload TSDB blocks to object storage.

More info: https://thanos.io/tip/thanos/storage.md/

This field takes precedence over objectStorageConfig.

listenLocal
bool

Deprecated: use grpcListenLocal and httpListenLocal instead.

grpcListenLocal
bool

When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP’s address for the gRPC endpoints.

It has no effect if listenLocal is true.

httpListenLocal
bool

When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP’s address for the HTTP endpoints.

It has no effect if listenLocal is true.

tracingConfig
Kubernetes core/v1.SecretKeySelector
(Optional)

Defines the tracing configuration for the Thanos sidecar.

tracingConfigFile takes precedence over this field.

More info: https://thanos.io/tip/thanos/tracing.md/

This is an experimental feature, it may change in any upcoming release in a breaking way.

tracingConfigFile
string

Defines the tracing configuration file for the Thanos sidecar.

This field takes precedence over tracingConfig.

More info: https://thanos.io/tip/thanos/tracing.md/

This is an experimental feature, it may change in any upcoming release in a breaking way.

grpcServerTlsConfig
TLSConfig
(Optional)

Configures the TLS parameters for the gRPC server providing the StoreAPI.

Note: Currently only the caFile, certFile, and keyFile fields are supported.

logLevel
string

Log level for the Thanos sidecar.

logFormat
string

Log format for the Thanos sidecar.

minTime
string

Defines the start of time range limit served by the Thanos sidecar’s StoreAPI. The field’s value should be a constant time in RFC3339 format or a time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.

blockSize
Duration

BlockDuration controls the size of TSDB blocks produced by Prometheus. The default value is 2h to match the upstream Prometheus defaults.

WARNING: Changing the block duration can impact the performance and efficiency of the entire Prometheus/Thanos stack due to how it interacts with memory and Thanos compactors. It is recommended to keep this value set to a multiple of 120 times your longest scrape or rule interval. For example, 30s * 120 = 1h.

readyTimeout
Duration

ReadyTimeout is the maximum time that the Thanos sidecar will wait for Prometheus to start.

getConfigInterval
Duration

How often to retrieve the Prometheus configuration.

getConfigTimeout
Duration

Maximum time to wait when retrieving the Prometheus configuration.

volumeMounts
[]Kubernetes core/v1.VolumeMount
(Optional)

VolumeMounts allows configuration of additional VolumeMounts for Thanos. VolumeMounts specified will be appended to other VolumeMounts in the ‘thanos-sidecar’ container.

additionalArgs
[]Argument
(Optional)

AdditionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.

TopologySpreadConstraint

(Appears on:CommonPrometheusFields)

Field Description
maxSkew
int32

MaxSkew describes the degree to which pods may be unevenly distributed. When whenUnsatisfiable=DoNotSchedule, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When whenUnsatisfiable=ScheduleAnyway, it is used to give higher precedence to topologies that satisfy it. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey
string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a “bucket”, and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is “kubernetes.io/hostname”, each Node is a domain of that topology. And, if TopologyKey is “topology.kubernetes.io/zone”, each zone is a domain of that topology. It’s a required field.

whenUnsatisfiable
Kubernetes core/v1.UnsatisfiableConstraintAction

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered “Unsatisfiable” for an incoming pod if and only if every possible node assignment for that pod would violate “MaxSkew” on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won’t make it more imbalanced. It’s a required field.

labelSelector
Kubernetes meta/v1.LabelSelector
(Optional)

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

minDomains
int32
(Optional)

MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats “global minimum” as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won’t schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.

For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so “global minimum” is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.

nodeAffinityPolicy
Kubernetes core/v1.NodeInclusionPolicy
(Optional)

NodeAffinityPolicy indicates how we will treat Pod’s nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.

If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.

nodeTaintsPolicy
Kubernetes core/v1.NodeInclusionPolicy
(Optional)

NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.

If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.

matchLabelKeys
[]string
(Optional)

MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn’t set. Keys that don’t exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.

This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).

additionalLabelSelectors
AdditionalLabelSelectors
(Optional)

Defines what Prometheus Operator managed labels should be added to labelSelector on the topologySpreadConstraint.

TranslationStrategyOption (string alias)

(Appears on:OTLPConfig)

TranslationStrategyOption represents a translation strategy option for the OTLP endpoint. Supported values are: * NoUTF8EscapingWithSuffixes * UnderscoreEscapingWithSuffixes

Value Description

"NoUTF8EscapingWithSuffixes"

"UnderscoreEscapingWithSuffixes"

WebConfigFileFields

(Appears on:AlertmanagerWebSpec, PrometheusWebSpec, ThanosRulerWebSpec)

WebConfigFileFields defines the file content for –web.config.file flag.

Field Description
tlsConfig
WebTLSConfig

Defines the TLS parameters for HTTPS.

httpConfig
WebHTTPConfig

Defines HTTP parameters for web server.

WebHTTPConfig

(Appears on:WebConfigFileFields)

WebHTTPConfig defines HTTP parameters for web server.

Field Description
http2
bool

Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered.

headers
WebHTTPHeaders

List of headers that can be added to HTTP responses.

WebHTTPHeaders

(Appears on:WebHTTPConfig)

WebHTTPHeaders defines the list of headers that can be added to HTTP responses.

Field Description
contentSecurityPolicy
string

Set the Content-Security-Policy header to HTTP responses. Unset if blank.

xFrameOptions
string

Set the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

xContentTypeOptions
string

Set the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

xXSSProtection
string

Set the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

strictTransportSecurity
string

Set the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same domain and subdomains over HTTPS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

WebTLSConfig

(Appears on:WebConfigFileFields)

WebTLSConfig defines the TLS parameters for HTTPS.

Field Description
cert
SecretOrConfigMap
(Optional)

Secret or ConfigMap containing the TLS certificate for the web server.

Either keySecret or keyFile must be defined.

It is mutually exclusive with certFile.

certFile
string
(Optional)

Path to the TLS certificate file in the container for the web server.

Either keySecret or keyFile must be defined.

It is mutually exclusive with cert.

keySecret
Kubernetes core/v1.SecretKeySelector
(Optional)

Secret containing the TLS private key for the web server.

Either cert or certFile must be defined.

It is mutually exclusive with keyFile.

keyFile
string
(Optional)

Path to the TLS private key file in the container for the web server.

If defined, either cert or certFile must be defined.

It is mutually exclusive with keySecret.

client_ca
SecretOrConfigMap
(Optional)

Secret or ConfigMap containing the CA certificate for client certificate authentication to the server.

It is mutually exclusive with clientCAFile.

clientCAFile
string
(Optional)

Path to the CA certificate file for client certificate authentication to the server.

It is mutually exclusive with client_ca.

clientAuthType
string
(Optional)

The server policy for client TLS authentication.

For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType

minVersion
string
(Optional)

Minimum TLS version that is acceptable.

maxVersion
string
(Optional)

Maximum TLS version that is acceptable.

cipherSuites
[]string
(Optional)

List of supported cipher suites for TLS versions up to TLS 1.2.

If not defined, the Go default cipher suites are used. Available cipher suites are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants

preferServerCipherSuites
bool
(Optional)

Controls whether the server selects the client’s most preferred cipher suite, or the server’s most preferred cipher suite.

If true then the server’s preference, as expressed in the order of elements in cipherSuites, is used.

curvePreferences
[]string
(Optional)

Elliptic curves that will be used in an ECDHE handshake, in preference order.

Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID


monitoring.coreos.com/v1alpha1

Resource Types:

AlertmanagerConfig

AlertmanagerConfig configures the Prometheus Alertmanager, specifying how alerts should be grouped, inhibited and notified to external systems.

Field Description
apiVersion
string
monitoring.coreos.com/v1alpha1
kind
string
AlertmanagerConfig
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AlertmanagerConfigSpec


route
Route
(Optional)

The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route.

receivers
[]Receiver
(Optional)

List of receivers.

inhibitRules
[]InhibitRule
(Optional)

List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace.

muteTimeIntervals
[]MuteTimeInterval
(Optional)

List of MuteTimeInterval specifying when the routes should be muted.

PrometheusAgent

The PrometheusAgent custom resource definition (CRD) defines a desired Prometheus Agent setup to run in a Kubernetes cluster.

The CRD is very similar to the Prometheus CRD except for features which aren’t available in agent mode like rule evaluation, persistent storage and Thanos sidecar.

Field Description
apiVersion
string
monitoring.coreos.com/v1alpha1
kind
string
PrometheusAgent
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
PrometheusAgentSpec

Specification of the desired behavior of the Prometheus agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status



mode
string
(Optional)

Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). For now this field has no effect.

(Alpha) Using this field requires the PrometheusAgentDaemonSet feature gate to be enabled.

podMetadata
EmbeddedObjectMetadata

PodMetadata configures labels and annotations which are propagated to the Prometheus pods.

The following items are reserved and cannot be overridden: * “prometheus” label, set to the name of the Prometheus object. * “app.kubernetes.io/instance” label, set to the name of the Prometheus object. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “prometheus”. * “app.kubernetes.io/version” label, set to the Prometheus version. * “operator.prometheus.io/name” label, set to the name of the Prometheus object. * “operator.prometheus.io/shard” label, set to the shard number of the Prometheus object. * “kubectl.kubernetes.io/default-container” annotation, set to “prometheus”.

serviceMonitorSelector
Kubernetes meta/v1.LabelSelector

ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

serviceMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

podMonitorSelector
Kubernetes meta/v1.LabelSelector

PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

podMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

probeSelector
Kubernetes meta/v1.LabelSelector

Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

probeNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

scrapeConfigSelector
Kubernetes meta/v1.LabelSelector
(Optional)

ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

scrapeConfigNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

version
string

Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files.

If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released.

paused
bool

When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.

image
string
(Optional)

Container image name for Prometheus. If specified, it takes precedence over the spec.baseImage, spec.tag and spec.sha fields.

Specifying spec.version is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured.

If neither spec.image nor spec.baseImage are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released.

imagePullPolicy
Kubernetes core/v1.PullPolicy

Image pull policy for the ‘prometheus’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

imagePullSecrets
[]Kubernetes core/v1.LocalObjectReference

An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

replicas
int32
(Optional)

Number of replicas of each shard to deploy for a Prometheus deployment. spec.replicas multiplied by spec.shards is the total number of Pods created.

Default: 1

shards
int32
(Optional)

Number of shards to distribute scraped targets onto.

spec.replicas multiplied by spec.shards is the total number of Pods being created.

When not defined, the operator assumes only one shard.

Note that scaling down shards will not reshard data onto the remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. Alerting and recording rules

By default, the sharding is performed on: * The __address__ target’s metadata label for PodMonitor, ServiceMonitor and ScrapeConfig resources. * The __param_target__ label for Probe resources.

Users can define their own sharding implementation by setting the __tmp_hash label during the target discovery with relabeling configuration (either in the monitoring resources or via scrape class).

replicaExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the replica name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus_replica”

prometheusExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the Prometheus instance name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus”

logLevel
string

Log level for Prometheus and the config-reloader sidecar.

logFormat
string

Log format for Log level for Prometheus and the config-reloader sidecar.

scrapeInterval
Duration

Interval between consecutive scrapes.

Default: “30s”

scrapeTimeout
Duration

Number of seconds to wait until a scrape request times out.

scrapeProtocols
[]ScrapeProtocol
(Optional)

The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

PrometheusText1.0.0 requires Prometheus >= v3.0.0.

externalLabels
map[string]string

The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by spec.replicaExternalLabelName and spec.prometheusExternalLabelName take precedence over this list.

enableRemoteWriteReceiver
bool

Enable Prometheus to be used as a receiver for the Prometheus remote write protocol.

WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver

It requires Prometheus >= v2.33.0.

enableOTLPReceiver
bool
(Optional)

Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.

Note that the OTLP receiver endpoint is automatically enabled if .spec.otlpConfig is defined.

It requires Prometheus >= v2.47.0.

remoteWriteReceiverMessageVersions
[]RemoteWriteMessageVersion
(Optional)

List of the protobuf message versions to accept when receiving the remote writes.

It requires Prometheus >= v2.54.0.

enableFeatures
[]EnableFeature
(Optional)

Enable access to Prometheus feature flags. By default, no features are enabled.

Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/

externalUrl
string

The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource).

routePrefix
string

The route prefix Prometheus registers HTTP handlers for.

This is useful when using spec.externalURL, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.

storage
StorageSpec

Storage defines the storage used by Prometheus.

volumes
[]Kubernetes core/v1.Volume

Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumeMounts
[]Kubernetes core/v1.VolumeMount

VolumeMounts allows the configuration of additional VolumeMounts.

VolumeMounts will be appended to other VolumeMounts in the ‘prometheus’ container, that are generated as a result of StorageSpec objects.

persistentVolumeClaimRetentionPolicy
Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy
(Optional)

The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.

web
PrometheusWebSpec

Defines the configuration of the Prometheus web server.

resources
Kubernetes core/v1.ResourceRequirements

Defines the resources requests and limits of the ‘prometheus’ container.

nodeSelector
map[string]string

Defines on which Nodes the Pods are scheduled.

serviceAccountName
string

ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.

automountServiceAccountToken
bool
(Optional)

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn’t set, the operator mounts the service account token by default.

Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container.

secrets
[]string

Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each Secret is added to the StatefulSet definition as a volume named secret-<secret-name>. The Secrets are mounted into /etc/prometheus/secrets/ in the ‘prometheus’ container.

configMaps
[]string

ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named configmap-<configmap-name>. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the ‘prometheus’ container.

affinity
Kubernetes core/v1.Affinity
(Optional)

Defines the Pods’ affinity scheduling rules if specified.

tolerations
[]Kubernetes core/v1.Toleration
(Optional)

Defines the Pods’ tolerations if specified.

topologySpreadConstraints
[]TopologySpreadConstraint
(Optional)

Defines the pod’s topology spread constraints if specified.

remoteWrite
[]RemoteWriteSpec
(Optional)

Defines the list of remote write configurations.

otlp
OTLPConfig
(Optional)

Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0.

securityContext
Kubernetes core/v1.PodSecurityContext
(Optional)

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

dnsPolicy
DNSPolicy
(Optional)

Defines the DNS policy for the pods.

dnsConfig
PodDNSConfig
(Optional)

Defines the DNS configuration for the pods.

listenLocal
bool

When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address.

containers
[]Kubernetes core/v1.Container
(Optional)

Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch.

The names of containers managed by the operator are: * prometheus * config-reloader * thanos-sidecar

Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers
[]Kubernetes core/v1.Container
(Optional)

InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch.

The names of init container name managed by the operator are: * init-config-reloader.

Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

additionalScrapeConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.

apiserverConfig
APIServerConfig
(Optional)

APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.

priorityClassName
string

Priority class assigned to the Pods.

portName
string

Port name used for the pods and governing service. Default: “web”

arbitraryFSAccessThroughSMs
ArbitraryFSAccessThroughSMsConfig

When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the ‘prometheus’ container. When a ServiceMonitor’s endpoint specifies a bearerTokenFile value (e.g. ‘/var/run/secrets/kubernetes.io/serviceaccount/token’), a malicious target can get access to the Prometheus service account’s token in the Prometheus’ scrape request. Setting spec.arbitraryFSAccessThroughSM to ‘true’ would prevent the attack. Users should instead provide the credentials using the spec.bearerTokenSecret field.

overrideHonorLabels
bool

When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to “exported_” for all targets created from ServiceMonitor, PodMonitor and ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies. In practice,overrideHonorLaels:true enforces honorLabels:false for all ServiceMonitor, PodMonitor and ScrapeConfig objects.

overrideHonorTimestamps
bool

When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies.

ignoreNamespaceSelectors
bool

When true, spec.namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object.

enforcedNamespaceLabel
string

When not empty, a label will be added to:

  1. All metrics scraped from ServiceMonitor, PodMonitor, Probe and ScrapeConfig objects.
  2. All metrics generated from recording rules defined in PrometheusRule objects.
  3. All alerts generated from alerting rules defined in PrometheusRule objects.
  4. All vector selectors of PromQL expressions defined in PrometheusRule objects.

The label will not added for objects referenced in spec.excludedFromEnforcement.

The label’s name is this field’s value. The label’s value is the namespace of the ServiceMonitor, PodMonitor, Probe, PrometheusRule or ScrapeConfig object.

enforcedSampleLimit
uint64
(Optional)

When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any spec.sampleLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.sampleLimit is greater than zero and less than spec.enforcedSampleLimit.

It is meant to be used by admins to keep the overall number of samples/series under a desired limit.

When both enforcedSampleLimit and sampleLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedSampleLimit is greater than the sampleLimit, the sampleLimit will be set to enforcedSampleLimit. * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.

enforcedTargetLimit
uint64
(Optional)

When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any spec.targetLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.targetLimit is greater than zero and less than spec.enforcedTargetLimit.

It is meant to be used by admins to to keep the overall number of targets under a desired limit.

When both enforcedTargetLimit and targetLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedTargetLimit is greater than the targetLimit, the targetLimit will be set to enforcedTargetLimit. * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.

enforcedLabelLimit
uint64
(Optional)

When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any spec.labelLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelLimit is greater than zero and less than spec.enforcedLabelLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelLimit and labelLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelLimit is greater than the labelLimit, the labelLimit will be set to enforcedLabelLimit. * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.

enforcedLabelNameLengthLimit
uint64
(Optional)

When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any spec.labelNameLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelNameLengthLimit is greater than zero and less than spec.enforcedLabelNameLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelNameLengthLimit and labelNameLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelNameLengthLimit is greater than the labelNameLengthLimit, the labelNameLengthLimit will be set to enforcedLabelNameLengthLimit. * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.

enforcedLabelValueLengthLimit
uint64
(Optional)

When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any spec.labelValueLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelValueLengthLimit is greater than zero and less than spec.enforcedLabelValueLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelValueLengthLimit and labelValueLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelValueLengthLimit is greater than the labelValueLengthLimit, the labelValueLengthLimit will be set to enforcedLabelValueLengthLimit. * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.

enforcedKeepDroppedTargets
uint64
(Optional)

When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets is greater than zero and less than spec.enforcedKeepDroppedTargets.

It requires Prometheus >= v2.47.0.

When both enforcedKeepDroppedTargets and keepDroppedTargets are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedKeepDroppedTargets is greater than the keepDroppedTargets, the keepDroppedTargets will be set to enforcedKeepDroppedTargets. * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.

enforcedBodySizeLimit
ByteSize

When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail.

It requires Prometheus >= v2.28.0.

When both enforcedBodySizeLimit and bodySizeLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedBodySizeLimit is greater than the bodySizeLimit, the bodySizeLimit will be set to enforcedBodySizeLimit. * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.

nameValidationScheme
NameValidationSchemeOptions
(Optional)

Specifies the validation scheme for metric and label names.

minReadySeconds
uint32
(Optional)

Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

hostAliases
[]HostAlias
(Optional)

Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified.

additionalArgs
[]Argument
(Optional)

AdditionalArgs allows setting additional arguments for the ‘prometheus’ container.

It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version.

In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.

walCompression
bool
(Optional)

Configures compression of the write-ahead log (WAL) using Snappy.

WAL compression is enabled by default for Prometheus >= 2.20.0

Requires Prometheus v2.11.0 and above.

excludedFromEnforcement
[]ObjectReference
(Optional)

List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin.

It is only applicable if spec.enforcedNamespaceLabel set to true.

hostNetwork
bool

Use the host’s network namespace if true.

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set to a different value).

podTargetLabels
[]string
(Optional)

PodTargetLabels are appended to the spec.podTargetLabels field of all PodMonitor and ServiceMonitor objects.

tracingConfig
PrometheusTracingConfig
(Optional)

TracingConfig configures tracing in Prometheus.

This is an experimental feature, it may change in any upcoming release in a breaking way.

bodySizeLimit
ByteSize
(Optional)

BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.

sampleLimit
uint64
(Optional)

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.

targetLimit
uint64
(Optional)

TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.

reloadStrategy
ReloadStrategyType
(Optional)

Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint.

maximumStartupDurationSeconds
int32
(Optional)

Defines the maximum time that the prometheus container’s startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).

scrapeClasses
[]ScrapeClass

List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

This is an experimental feature, it may change in any upcoming release in a breaking way.

serviceDiscoveryRole
ServiceDiscoveryRole
(Optional)

Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.

If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role.

tsdb
TSDBSpec
(Optional)

Defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

runtime
RuntimeConfig
(Optional)

RuntimeConfig configures the values for the Prometheus process behavior

status
PrometheusStatus

Most recent observed status of the Prometheus cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

ScrapeConfig

ScrapeConfig defines a namespaced Prometheus scrape_config to be aggregated across multiple namespaces into the Prometheus configuration.

Field Description
apiVersion
string
monitoring.coreos.com/v1alpha1
kind
string
ScrapeConfig
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ScrapeConfigSpec


jobName
string
(Optional)

The value of the job label assigned to the scraped metrics by default.

The job_name field in the rendered scrape configuration is always controlled by the operator to prevent duplicate job names, which Prometheus does not allow. Instead the job label is set by means of relabeling configs.

staticConfigs
[]StaticConfig
(Optional)

StaticConfigs defines a list of static targets with a common label set.

fileSDConfigs
[]FileSDConfig
(Optional)

FileSDConfigs defines a list of file service discovery configurations.

httpSDConfigs
[]HTTPSDConfig
(Optional)

HTTPSDConfigs defines a list of HTTP service discovery configurations.

kubernetesSDConfigs
[]KubernetesSDConfig
(Optional)

KubernetesSDConfigs defines a list of Kubernetes service discovery configurations.

consulSDConfigs
[]ConsulSDConfig
(Optional)

ConsulSDConfigs defines a list of Consul service discovery configurations.

dnsSDConfigs
[]DNSSDConfig
(Optional)

DNSSDConfigs defines a list of DNS service discovery configurations.

ec2SDConfigs
[]EC2SDConfig
(Optional)

EC2SDConfigs defines a list of EC2 service discovery configurations.

azureSDConfigs
[]AzureSDConfig
(Optional)

AzureSDConfigs defines a list of Azure service discovery configurations.

gceSDConfigs
[]GCESDConfig
(Optional)

GCESDConfigs defines a list of GCE service discovery configurations.

openstackSDConfigs
[]OpenStackSDConfig
(Optional)

OpenStackSDConfigs defines a list of OpenStack service discovery configurations.

digitalOceanSDConfigs
[]DigitalOceanSDConfig
(Optional)

DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations.

kumaSDConfigs
[]KumaSDConfig
(Optional)

KumaSDConfigs defines a list of Kuma service discovery configurations.

eurekaSDConfigs
[]EurekaSDConfig
(Optional)

EurekaSDConfigs defines a list of Eureka service discovery configurations.

dockerSDConfigs
[]DockerSDConfig
(Optional)

DockerSDConfigs defines a list of Docker service discovery configurations.

linodeSDConfigs
[]LinodeSDConfig
(Optional)

LinodeSDConfigs defines a list of Linode service discovery configurations.

hetznerSDConfigs
[]HetznerSDConfig
(Optional)

HetznerSDConfigs defines a list of Hetzner service discovery configurations.

nomadSDConfigs
[]NomadSDConfig
(Optional)

NomadSDConfigs defines a list of Nomad service discovery configurations.

dockerSwarmSDConfigs
[]DockerSwarmSDConfig
(Optional)

DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations.

puppetDBSDConfigs
[]PuppetDBSDConfig
(Optional)

PuppetDBSDConfigs defines a list of PuppetDB service discovery configurations.

lightSailSDConfigs
[]LightSailSDConfig
(Optional)

LightsailSDConfigs defines a list of Lightsail service discovery configurations.

ovhcloudSDConfigs
[]OVHCloudSDConfig
(Optional)

OVHCloudSDConfigs defines a list of OVHcloud service discovery configurations.

scalewaySDConfigs
[]ScalewaySDConfig
(Optional)

ScalewaySDConfigs defines a list of Scaleway instances and baremetal service discovery configurations.

ionosSDConfigs
[]IonosSDConfig
(Optional)

IonosSDConfigs defines a list of IONOS service discovery configurations.

relabelings
[]RelabelConfig
(Optional)

RelabelConfigs defines how to rewrite the target’s labels before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job’s name is available via the __tmp_prometheus_job_name label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

metricsPath
string
(Optional)

MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics).

scrapeInterval
Duration
(Optional)

ScrapeInterval is the interval between consecutive scrapes.

scrapeTimeout
Duration
(Optional)

ScrapeTimeout is the number of seconds to wait until a scrape request times out.

scrapeProtocols
[]ScrapeProtocol
(Optional)

The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

fallbackScrapeProtocol
ScrapeProtocol
(Optional)

The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.

It requires Prometheus >= v3.0.0.

honorTimestamps
bool
(Optional)

HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.

trackTimestampsStaleness
bool
(Optional)

TrackTimestampsStaleness whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if honorTimestamps is false. It requires Prometheus >= v2.48.0.

honorLabels
bool
(Optional)

HonorLabels chooses the metric’s labels on collisions with target labels.

params
map[string][]string
(Optional)

Optional HTTP URL parameters

scheme
string
(Optional)

Configures the protocol scheme used for requests. If empty, Prometheus uses HTTP by default.

enableCompression
bool
(Optional)

When false, Prometheus will request uncompressed response from the scraped target.

It requires Prometheus >= v2.49.0.

If unset, Prometheus uses true by default.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

basicAuth
BasicAuth
(Optional)

BasicAuth information to use on every scrape request.

authorization
SafeAuthorization
(Optional)

Authorization header to use on every scrape request.

oauth2
OAuth2
(Optional)

OAuth2 configuration to use on every scrape request.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to use on every scrape request

sampleLimit
uint64
(Optional)

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

targetLimit
uint64
(Optional)

TargetLimit defines a limit on the number of scraped targets that will be accepted.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

scrapeClassicHistograms
bool
(Optional)

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

nativeHistogramBucketLimit
uint64
(Optional)

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

metricRelabelings
[]RelabelConfig
(Optional)

MetricRelabelConfigs to apply to samples before ingestion.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

scrapeClass
string
(Optional)

The scrape class to apply.

AlertmanagerConfigSpec

(Appears on:AlertmanagerConfig)

AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By default, the Alertmanager configuration only applies to alerts for which the namespace label is equal to the namespace of the AlertmanagerConfig resource (see the .spec.alertmanagerConfigMatcherStrategy field of the Alertmanager CRD).

Field Description
route
Route
(Optional)

The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route.

receivers
[]Receiver
(Optional)

List of receivers.

inhibitRules
[]InhibitRule
(Optional)

List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace.

muteTimeIntervals
[]MuteTimeInterval
(Optional)

List of MuteTimeInterval specifying when the routes should be muted.

AttachMetadata

(Appears on:KubernetesSDConfig)

Field Description
node
bool
(Optional)

Attaches node metadata to discovered targets. When set to true, Prometheus must have the get permission on the Nodes objects. Only valid for Pod, Endpoint and Endpointslice roles.

AzureSDConfig

(Appears on:ScrapeConfigSpec)

AzureSDConfig allow retrieving scrape targets from Azure VMs. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config

Field Description
environment
string
(Optional)

The Azure environment.

authenticationMethod
string
(Optional)

The authentication method, either OAuth or ManagedIdentity or SDK.

See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview SDK authentication method uses environment variables by default. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication

subscriptionID
string

The subscription ID. Always required.

tenantID
string
(Optional)

Optional tenant ID. Only required with the OAuth authentication method.

clientID
string
(Optional)

Optional client ID. Only required with the OAuth authentication method.

clientSecret
Kubernetes core/v1.SecretKeySelector
(Optional)

Optional client secret. Only required with the OAuth authentication method.

resourceGroup
string
(Optional)

Optional resource group name. Limits discovery to this resource group.

refreshInterval
Duration
(Optional)

RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.

port
int
(Optional)

The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.

ConsulSDConfig

(Appears on:ScrapeConfigSpec)

ConsulSDConfig defines a Consul service discovery configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config

Field Description
server
string

Consul server address. A valid string consisting of a hostname or IP followed by an optional port number.

pathPrefix
string
(Optional)

Prefix for URIs for when consul is behind an API gateway (reverse proxy).

It requires Prometheus >= 2.45.0.

tokenRef
Kubernetes core/v1.SecretKeySelector
(Optional)

Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent.

datacenter
string
(Optional)

Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter.

namespace
string
(Optional)

Namespaces are only supported in Consul Enterprise.

It requires Prometheus >= 2.28.0.

partition
string
(Optional)

Admin Partitions are only supported in Consul Enterprise.

scheme
string
(Optional)

HTTP Scheme default “http”

services
[]string
(Optional)

A list of services for which targets are retrieved. If omitted, all services are scraped.

tags
[]string
(Optional)

An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. Starting with Consul 1.14, it is recommended to use filter with the ServiceTags selector instead.

tagSeparator
string
(Optional)

The string by which Consul tags are joined into the tag label. If unset, Prometheus uses its default value.

nodeMeta
map[string]string
(Optional)

Node metadata key/value pairs to filter nodes for a given service. Starting with Consul 1.14, it is recommended to use filter with the NodeMeta selector instead.

filter
string
(Optional)

Filter expression used to filter the catalog results. See https://www.consul.io/api-docs/catalog#list-services It requires Prometheus >= 3.0.0.

allowStale
bool
(Optional)

Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. If unset, Prometheus uses its default value.

refreshInterval
Duration
(Optional)

The time after which the provided names are refreshed. On large setup it might be a good idea to increase this value because the catalog will change all the time. If unset, Prometheus uses its default value.

basicAuth
BasicAuth
(Optional)

Optional BasicAuth information to authenticate against the Consul Server. More info: https://prometheus.io/docs/operating/configuration/#endpoints Cannot be set at the same time as authorization, or oauth2.

authorization
SafeAuthorization
(Optional)

Optional Authorization header configuration to authenticate against the Consul Server. Cannot be set at the same time as basicAuth, or oauth2.

oauth2
OAuth2
(Optional)

Optional OAuth2.0 configuration. Cannot be set at the same time as basicAuth, or authorization.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects. If unset, Prometheus uses its default value.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2. If unset, Prometheus uses its default value.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to connect to the Consul API.

DNSRecordType (string alias)

(Appears on:DNSSDConfig)

Value Description

"A"

"AAAA"

"MX"

"NS"

"SRV"

DNSSDConfig

(Appears on:ScrapeConfigSpec)

DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. The DNS servers to be contacted are read from /etc/resolv.conf. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config

Field Description
names
[]string

A list of DNS domain names to be queried.

refreshInterval
Duration
(Optional)

RefreshInterval configures the time after which the provided names are refreshed. If not set, Prometheus uses its default value.

type
DNSRecordType
(Optional)

The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. If not set, Prometheus uses its default value.

When set to NS, it requires Prometheus >= v2.49.0. When set to MX, it requires Prometheus >= v2.38.0

port
int32
(Optional)

The port number used if the query type is not SRV Ignored for SRV records

DayOfMonthRange

(Appears on:TimeInterval)

DayOfMonthRange is an inclusive range of days of the month beginning at 1

Field Description
start
int

Start of the inclusive range

end
int

End of the inclusive range

DigitalOceanSDConfig

(Appears on:ScrapeConfigSpec)

DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean’s Droplets API. This service discovery uses the public IPv4 address by default, by that can be changed with relabeling See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config

Field Description
authorization
SafeAuthorization
(Optional)

Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as oauth2.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration. Cannot be set at the same time as authorization.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration applying to the target HTTP endpoint.

port
int32
(Optional)

The port to scrape metrics from.

refreshInterval
Duration
(Optional)

Refresh interval to re-read the instance list.

DiscordConfig

(Appears on:Receiver)

DiscordConfig configures notifications via Discord. See https://prometheus.io/docs/alerting/latest/configuration/#discord_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiURL
Kubernetes core/v1.SecretKeySelector

The secret’s key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

title
string
(Optional)

The template of the message’s title.

message
string
(Optional)

The template of the message’s body.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

DockerSDConfig

(Appears on:ScrapeConfigSpec)

Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. This SD discovers “containers” and will create a target for each network IP and port the container is configured to expose. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config

Field Description
host
string

Address of the docker daemon

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration applying to the target HTTP endpoint.

port
int
(Optional)

The port to scrape metrics from.

hostNetworkingHost
string
(Optional)

The host to use if the container is in host networking mode.

matchFirstNetwork
bool
(Optional)

Configure whether to match the first network if the container has multiple networks defined. If unset, Prometheus uses true by default. It requires Prometheus >= v2.54.1.

filters
Filters
(Optional)

Optional filters to limit the discovery process to a subset of the available resources.

refreshInterval
Duration
(Optional)

Time after which the container is refreshed.

basicAuth
BasicAuth
(Optional)

BasicAuth information to use on every scrape request.

authorization
SafeAuthorization
(Optional)

Authorization header configuration to authenticate against the Docker API. Cannot be set at the same time as oauth2.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration. Cannot be set at the same time as authorization.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

DockerSwarmSDConfig

(Appears on:ScrapeConfigSpec)

DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config

Field Description
host
string

Address of the Docker daemon

role
string

Role of the targets to retrieve. Must be Services, Tasks, or Nodes.

port
int32
(Optional)

The port to scrape metrics from, when role is nodes, and for discovered tasks and services that don’t have published ports.

filters
Filters
(Optional)

Optional filters to limit the discovery process to a subset of available resources. The available filters are listed in the upstream documentation: Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList

refreshInterval
Duration
(Optional)

The time after which the service discovery data is refreshed.

basicAuth
BasicAuth
(Optional)

Optional HTTP basic authentication information.

authorization
SafeAuthorization
(Optional)

Authorization header configuration to authenticate against the target HTTP endpoint.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration. Cannot be set at the same time as authorization, or basicAuth.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to use on every scrape request

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

EC2SDConfig

(Appears on:ScrapeConfigSpec)

EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config

The EC2 service discovery requires AWS API keys or role ARN for authentication. BasicAuth, Authorization and OAuth2 fields are not present on purpose.

Field Description
region
string
(Optional)

The AWS region.

accessKey
Kubernetes core/v1.SecretKeySelector
(Optional)

AccessKey is the AWS API key.

secretKey
Kubernetes core/v1.SecretKeySelector
(Optional)

SecretKey is the AWS API secret.

roleARN
string
(Optional)

AWS Role ARN, an alternative to using AWS API keys.

port
int32
(Optional)

The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.

refreshInterval
Duration
(Optional)

RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.

filters
Filters
(Optional)

Filters can be used optionally to filter the instance list by other criteria. Available filter criteria can be found here: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html It requires Prometheus >= v2.3.0

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to connect to the AWS EC2 API. It requires Prometheus >= v2.41.0

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects. It requires Prometheus >= v2.41.0

enableHTTP2
bool
(Optional)

Whether to enable HTTP2. It requires Prometheus >= v2.41.0

EmailConfig

(Appears on:Receiver)

EmailConfig configures notifications via Email.

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

to
string
(Optional)

The email address to send notifications to.

from
string
(Optional)

The sender address.

hello
string
(Optional)

The hostname to identify to the SMTP server.

smarthost
string
(Optional)

The SMTP host and port through which emails are sent. E.g. example.com:25

authUsername
string
(Optional)

The username to use for authentication.

authPassword
Kubernetes core/v1.SecretKeySelector

The secret’s key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

authSecret
Kubernetes core/v1.SecretKeySelector

The secret’s key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

authIdentity
string
(Optional)

The identity to use for authentication.

headers
[]KeyValue

Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.

html
string
(Optional)

The HTML body of the email notification.

text
string
(Optional)

The text body of the email notification.

requireTLS
bool
(Optional)

The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration

EurekaSDConfig

(Appears on:ScrapeConfigSpec)

Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. Prometheus will periodically check the REST endpoint and create a target for every app instance. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config

Field Description
server
string

The URL to connect to the Eureka server.

basicAuth
BasicAuth
(Optional)

BasicAuth information to use on every scrape request.

authorization
SafeAuthorization
(Optional)

Authorization header to use on every scrape request.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration. Cannot be set at the same time as authorization or basic_auth.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration applying to the target HTTP endpoint.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

refreshInterval
Duration
(Optional)

Refresh interval to re-read the instance list.

FileSDConfig

(Appears on:ScrapeConfigSpec)

FileSDConfig defines a Prometheus file service discovery configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config

Field Description
files
[]SDFile

List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the prometheus-operator project makes no guarantees about the working directory where the configuration file is stored. Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets.

refreshInterval
Duration
(Optional)

RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files.

Filter

Filter name and value pairs to limit the discovery process to a subset of available resources.

Field Description
name
string

Name of the Filter.

values
[]string

Value to filter on.

Filters ([]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1.Filter alias)

(Appears on:DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig)

GCESDConfig

(Appears on:ScrapeConfigSpec)

GCESDConfig configures scrape targets from GCP GCE instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config

The GCE service discovery will load the Google Cloud credentials from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform

A pre-requisite for using GCESDConfig is that a Secret containing valid Google Cloud credentials is mounted into the Prometheus or PrometheusAgent pod via the .spec.secrets field and that the GOOGLE_APPLICATION_CREDENTIALS environment variable is set to /etc/prometheus/secrets//.

Field Description
project
string

The Google Cloud Project ID

zone
string

The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs.

filter
string
(Optional)

Filter can be used optionally to filter the instance list by other criteria Syntax of this filter is described in the filter query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list

refreshInterval
Duration
(Optional)

RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.

port
int
(Optional)

The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.

tagSeparator
string
(Optional)

The tag separator is used to separate the tags on concatenation

HTTPConfig

(Appears on:DiscordConfig, MSTeamsConfig, OpsGenieConfig, PagerDutyConfig, PushoverConfig, SNSConfig, SlackConfig, TelegramConfig, VictorOpsConfig, WeChatConfig, WebexConfig, WebhookConfig)

HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config

Field Description
authorization
SafeAuthorization
(Optional)

Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.

basicAuth
BasicAuth
(Optional)

BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.

oauth2
OAuth2
(Optional)

OAuth2 client credentials used to fetch a token for the targets.

bearerTokenSecret
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration for the client.

proxyURL
string
(Optional)

Optional proxy URL.

If defined, this field takes precedence over proxyUrl.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

FollowRedirects specifies whether the client should follow HTTP 3xx redirects.

HTTPSDConfig

(Appears on:ScrapeConfigSpec)

HTTPSDConfig defines a prometheus HTTP service discovery configuration See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config

Field Description
url
string

URL from which the targets are fetched.

refreshInterval
Duration
(Optional)

RefreshInterval configures the refresh interval at which Prometheus will re-query the endpoint to update the target list.

basicAuth
BasicAuth
(Optional)

BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints Cannot be set at the same time as authorization, or oAuth2.

authorization
SafeAuthorization
(Optional)

Authorization header configuration to authenticate against the target HTTP endpoint. Cannot be set at the same time as oAuth2, or basicAuth.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. Cannot be set at the same time as authorization, or basicAuth.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration applying to the target HTTP endpoint.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

HetznerSDConfig

(Appears on:ScrapeConfigSpec)

HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. This service discovery uses the public IPv4 address by default, but that can be changed with relabeling See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config

Field Description
role
string

The Hetzner role of entities that should be discovered.

basicAuth
BasicAuth
(Optional)

BasicAuth information to use on every scrape request, required when role is robot. Role hcloud does not support basic auth.

authorization
SafeAuthorization
(Optional)

Authorization header configuration, required when role is hcloud. Role robot does not support bearer token authentication.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to use on every scrape request.

port
int
(Optional)

The port to scrape metrics from.

refreshInterval
Duration
(Optional)

The time after which the servers are refreshed.

InhibitRule

(Appears on:AlertmanagerConfigSpec)

InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule

Field Description
targetMatch
[]Matcher

Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace.

sourceMatch
[]Matcher

Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace.

equal
[]string

Labels that must have an equal value in the source and target alert for the inhibition to take effect.

IonosSDConfig

(Appears on:ScrapeConfigSpec)

IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config

Field Description
datacenterID
string

The unique ID of the IONOS data center.

port
int32
(Optional)

Port to scrape the metrics from.

refreshInterval
Duration
(Optional)

Refresh interval to re-read the list of resources.

authorization
SafeAuthorization

Authorization` header configuration, required when using IONOS.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to use when connecting to the IONOS API.

followRedirects
bool
(Optional)

Configure whether the HTTP requests should follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Configure whether to enable HTTP2.

K8SSelectorConfig

(Appears on:KubernetesSDConfig)

K8SSelectorConfig is Kubernetes Selector Config

Field Description
role
KubernetesRole

Role specifies the type of Kubernetes resource to limit the service discovery to. Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress.

label
string
(Optional)

An optional label selector to limit the service discovery to resources with specific labels and label values. e.g: node.kubernetes.io/instance-type=master

field
string
(Optional)

An optional field selector to limit the service discovery to resources which have fields with specific values. e.g: metadata.name=foobar

KeyValue

(Appears on:EmailConfig, OpsGenieConfig, PagerDutyConfig, VictorOpsConfig)

KeyValue defines a (key, value) tuple.

Field Description
key
string

Key of the tuple.

value
string

Value of the tuple.

KubernetesRole (string alias)

(Appears on:K8SSelectorConfig, KubernetesSDConfig)

Value Description

"Endpoints"

"EndpointSlice"

"Ingress"

"Node"

"Pod"

"Service"

KubernetesSDConfig

(Appears on:ScrapeConfigSpec)

KubernetesSDConfig allows retrieving scrape targets from Kubernetes’ REST API. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config

Field Description
apiServer
string
(Optional)

The API server address consisting of a hostname or IP address followed by an optional port number. If left empty, Prometheus is assumed to run inside of the cluster. It will discover API servers automatically and use the pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.

role
KubernetesRole

Role of the Kubernetes entities that should be discovered. Role Endpointslice requires Prometheus >= v2.21.0

namespaces
NamespaceDiscovery
(Optional)

Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces.

attachMetadata
AttachMetadata
(Optional)

Optional metadata to attach to discovered targets. It requires Prometheus >= v2.35.0 when using the Pod role and Prometheus >= v2.37.0 for Endpoints and Endpointslice roles.

selectors
[]K8SSelectorConfig
(Optional)

Selector to select objects. It requires Prometheus >= v2.17.0

basicAuth
BasicAuth
(Optional)

BasicAuth information to use on every scrape request. Cannot be set at the same time as authorization, or oauth2.

authorization
SafeAuthorization
(Optional)

Authorization header to use on every scrape request. Cannot be set at the same time as basicAuth, or oauth2.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration. Cannot be set at the same time as authorization, or basicAuth.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to connect to the Kubernetes API.

KumaSDConfig

(Appears on:ScrapeConfigSpec)

KumaSDConfig allow retrieving scrape targets from Kuma’s control plane. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config

Field Description
server
string

Address of the Kuma Control Plane’s MADS xDS server.

clientID
string
(Optional)

Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend.

refreshInterval
Duration
(Optional)

The time to wait between polling update requests.

fetchTimeout
Duration
(Optional)

The time after which the monitoring assignments are refreshed.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to use on every scrape request

basicAuth
BasicAuth
(Optional)

BasicAuth information to use on every scrape request.

authorization
SafeAuthorization
(Optional)

Authorization header to use on every scrape request.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration. Cannot be set at the same time as authorization, or basicAuth.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

LightSailSDConfig

(Appears on:ScrapeConfigSpec)

LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config TODO: Need to document that we will not be supporting the _file fields.

Field Description
region
string
(Optional)

The AWS region.

accessKey
Kubernetes core/v1.SecretKeySelector
(Optional)

AccessKey is the AWS API key.

secretKey
Kubernetes core/v1.SecretKeySelector
(Optional)

SecretKey is the AWS API secret.

roleARN
string
(Optional)

AWS Role ARN, an alternative to using AWS API keys.

endpoint
string
(Optional)

Custom endpoint to be used.

refreshInterval
Duration
(Optional)

Refresh interval to re-read the list of instances.

port
int32

Port to scrape the metrics from. If using the public IP address, this must instead be specified in the relabeling rule.

basicAuth
BasicAuth
(Optional)

Optional HTTP basic authentication information. Cannot be set at the same time as authorization, or oauth2.

authorization
SafeAuthorization
(Optional)

Optional authorization HTTP header configuration. Cannot be set at the same time as basicAuth, or oauth2.

oauth2
OAuth2
(Optional)

Optional OAuth2.0 configuration. Cannot be set at the same time as basicAuth, or authorization.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to connect to the Puppet DB.

followRedirects
bool
(Optional)

Configure whether the HTTP requests should follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Configure whether to enable HTTP2.

LinodeSDConfig

(Appears on:ScrapeConfigSpec)

LinodeSDConfig configurations allow retrieving scrape targets from Linode’s Linode APIv4. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config

Field Description
region
string
(Optional)

Optional region to filter on.

port
int32
(Optional)

Default port to scrape metrics from.

tagSeparator
string
(Optional)

The string by which Linode Instance tags are joined into the tag label.

refreshInterval
Duration
(Optional)

Time after which the linode instances are refreshed.

authorization
SafeAuthorization
(Optional)

Authorization header configuration.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration. Cannot be used at the same time as authorization.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration applying to the target HTTP endpoint.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

MSTeamsConfig

(Appears on:Receiver)

MSTeamsConfig configures notifications via Microsoft Teams. It requires Alertmanager >= 0.26.0.

Field Description
sendResolved
bool
(Optional)

Whether to notify about resolved alerts.

webhookUrl
Kubernetes core/v1.SecretKeySelector

MSTeams webhook URL.

title
string
(Optional)

Message title template.

summary
string
(Optional)

Message summary template. It requires Alertmanager >= 0.27.0.

text
string
(Optional)

Message body template.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

MatchType (string alias)

(Appears on:Matcher)

MatchType is a comparison operator on a Matcher

Value Description

"="

"!="

"!~"

"=~"

Matcher

(Appears on:InhibitRule, Route)

Matcher defines how to match on alert’s labels.

Field Description
name
string

Label to match.

value
string
(Optional)

Label value to match.

matchType
MatchType
(Optional)

Match operation available with AlertManager >= v0.22.0 and takes precedence over Regex (deprecated) if non-empty.

regex
bool
(Optional)

Whether to match on equality (false) or regular-expression (true). Deprecated: for AlertManager >= v0.22.0, matchType should be used instead.

Month (string alias)

Month of the year

Value Description

"april"

"august"

"december"

"february"

"january"

"july"

"june"

"march"

"may"

"november"

"october"

"september"

MonthRange (string alias)

(Appears on:TimeInterval)

MonthRange is an inclusive range of months of the year beginning in January Months can be specified by name (e.g ‘January’) by numerical month (e.g ‘1’) or as an inclusive range (e.g ‘January:March’, ‘1:3’, ‘1:March’)

MuteTimeInterval

(Appears on:AlertmanagerConfigSpec)

MuteTimeInterval specifies the periods in time when notifications will be muted

Field Description
name
string

Name of the time interval

timeIntervals
[]TimeInterval

TimeIntervals is a list of TimeInterval

NamespaceDiscovery

(Appears on:KubernetesSDConfig)

NamespaceDiscovery is the configuration for discovering Kubernetes namespaces.

Field Description
ownNamespace
bool
(Optional)

Includes the namespace in which the Prometheus pod runs to the list of watched namespaces.

names
[]string
(Optional)

List of namespaces where to watch for resources. If empty and ownNamespace isn’t true, Prometheus watches for resources in all namespaces.

NomadSDConfig

(Appears on:ScrapeConfigSpec)

NomadSDConfig configurations allow retrieving scrape targets from Nomad’s Service API. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config

Field Description
allowStale
bool
(Optional)

The information to access the Nomad API. It is to be defined as the Nomad documentation requires.

namespace
string
(Optional)
refreshInterval
Duration
(Optional)
region
string
(Optional)
server
string
tagSeparator
string
(Optional)
basicAuth
BasicAuth
(Optional)

BasicAuth information to use on every scrape request.

authorization
SafeAuthorization
(Optional)

Authorization header to use on every scrape request.

oauth2
OAuth2
(Optional)

Optional OAuth 2.0 configuration. Cannot be set at the same time as authorization or basic_auth.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration applying to the target HTTP endpoint.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

OVHCloudSDConfig

(Appears on:ScrapeConfigSpec)

OVHCloudSDConfig configurations allow retrieving scrape targets from OVHcloud’s dedicated servers and VPS using their API. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ovhcloud_sd_config

Field Description
applicationKey
string

Access key to use. https://api.ovh.com.

applicationSecret
Kubernetes core/v1.SecretKeySelector
consumerKey
Kubernetes core/v1.SecretKeySelector
service
OVHService

Service of the targets to retrieve. Must be VPS or DedicatedServer.

endpoint
string
(Optional)

Custom endpoint to be used.

refreshInterval
Duration
(Optional)

Refresh interval to re-read the resources list.

OVHService (string alias)

(Appears on:OVHCloudSDConfig)

Service of the targets to retrieve. Must be VPS or DedicatedServer.

Value Description

"DedicatedServer"

"VPS"

OpenStackSDConfig

(Appears on:ScrapeConfigSpec)

OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config

Field Description
role
string

The OpenStack role of entities that should be discovered.

region
string

The OpenStack Region.

identityEndpoint
string
(Optional)

IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version.

username
string
(Optional)

Username is required if using Identity V2 API. Consult with your provider’s control panel to discover your account’s username. In Identity V3, either userid or a combination of username and domainId or domainName are needed

userid
string
(Optional)

UserID

password
Kubernetes core/v1.SecretKeySelector
(Optional)

Password for the Identity V2 and V3 APIs. Consult with your provider’s control panel to discover your account’s preferred method of authentication.

domainName
string
(Optional)

At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional.

domainID
string
(Optional)

DomainID

projectName
string
(Optional)

The ProjectId and ProjectName fields are optional for the Identity V2 API. Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider’s authentication policies will determine how these fields influence authentication.

projectID
string
(Optional)

ProjectID

applicationCredentialName
string
(Optional)

The ApplicationCredentialID or ApplicationCredentialName fields are required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password.

applicationCredentialId
string
(Optional)

ApplicationCredentialID

applicationCredentialSecret
Kubernetes core/v1.SecretKeySelector
(Optional)

The applicationCredentialSecret field is required if using an application credential to authenticate.

allTenants
bool
(Optional)

Whether the service discovery should list all instances for all projects. It is only relevant for the ‘instance’ role and usually requires admin permissions.

refreshInterval
Duration
(Optional)

Refresh interval to re-read the instance list.

port
int
(Optional)

The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.

availability
string
(Optional)

Availability of the endpoint to connect to.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration applying to the target HTTP endpoint.

OpsGenieConfig

(Appears on:Receiver)

OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiKey
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

apiURL
string
(Optional)

The URL to send OpsGenie API requests to.

message
string
(Optional)

Alert text limited to 130 characters.

description
string
(Optional)

Description of the incident.

source
string
(Optional)

Backlink to the sender of the notification.

tags
string
(Optional)

Comma separated list of tags attached to the notifications.

note
string
(Optional)

Additional alert note.

priority
string
(Optional)

Priority level of alert. Possible values are P1, P2, P3, P4, and P5.

updateAlerts
bool
(Optional)

Whether to update message and description of the alert in OpsGenie if it already exists By default, the alert is never updated in OpsGenie, the new message only appears in activity log.

details
[]KeyValue
(Optional)

A set of arbitrary key/value pairs that provide further detail about the incident.

responders
[]OpsGenieConfigResponder
(Optional)

List of responders responsible for notifications.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

entity
string
(Optional)

Optional field that can be used to specify which domain alert is related to.

actions
string
(Optional)

Comma separated list of actions that will be available for the alert.

OpsGenieConfigResponder

(Appears on:OpsGenieConfig)

OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined.

Field Description
id
string
(Optional)

ID of the responder.

name
string
(Optional)

Name of the responder.

username
string
(Optional)

Username of the responder.

type
string

Type of responder.

PagerDutyConfig

(Appears on:Receiver)

PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

routingKey
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the PagerDuty integration key (when using Events API v2). Either this field or serviceKey needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

serviceKey
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the PagerDuty service key (when using integration type “Prometheus”). Either this field or routingKey needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

url
string
(Optional)

The URL to send requests to.

client
string
(Optional)

Client identification.

clientURL
string
(Optional)

Backlink to the sender of notification.

description
string
(Optional)

Description of the incident.

severity
string
(Optional)

Severity of the incident.

class
string
(Optional)

The class/type of the event.

group
string
(Optional)

A cluster or grouping of sources.

component
string
(Optional)

The part or component of the affected system that is broken.

details
[]KeyValue
(Optional)

Arbitrary key/value pairs that provide further detail about the incident.

pagerDutyImageConfigs
[]PagerDutyImageConfig
(Optional)

A list of image details to attach that provide further detail about an incident.

pagerDutyLinkConfigs
[]PagerDutyLinkConfig
(Optional)

A list of link details to attach that provide further detail about an incident.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

source
string
(Optional)

Unique location of the affected system.

PagerDutyImageConfig

(Appears on:PagerDutyConfig)

PagerDutyImageConfig attaches images to an incident

Field Description
src
string
(Optional)

Src of the image being attached to the incident

href
string
(Optional)

Optional URL; makes the image a clickable link.

alt
string
(Optional)

Alt is the optional alternative text for the image.

PagerDutyLinkConfig

(Appears on:PagerDutyConfig)

PagerDutyLinkConfig attaches text links to an incident

Field Description
href
string
(Optional)

Href is the URL of the link to be attached

alt
string
(Optional)

Text that describes the purpose of the link, and can be used as the link’s text.

ParsedRange

ParsedRange is an integer representation of a range

Field Description
start
int

Start is the beginning of the range

end
int

End of the range

PrometheusAgentSpec

(Appears on:PrometheusAgent)

PrometheusAgentSpec is a specification of the desired behavior of the Prometheus agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Field Description
mode
string
(Optional)

Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). For now this field has no effect.

(Alpha) Using this field requires the PrometheusAgentDaemonSet feature gate to be enabled.

podMetadata
EmbeddedObjectMetadata

PodMetadata configures labels and annotations which are propagated to the Prometheus pods.

The following items are reserved and cannot be overridden: * “prometheus” label, set to the name of the Prometheus object. * “app.kubernetes.io/instance” label, set to the name of the Prometheus object. * “app.kubernetes.io/managed-by” label, set to “prometheus-operator”. * “app.kubernetes.io/name” label, set to “prometheus”. * “app.kubernetes.io/version” label, set to the Prometheus version. * “operator.prometheus.io/name” label, set to the name of the Prometheus object. * “operator.prometheus.io/shard” label, set to the shard number of the Prometheus object. * “kubectl.kubernetes.io/default-container” annotation, set to “prometheus”.

serviceMonitorSelector
Kubernetes meta/v1.LabelSelector

ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

serviceMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

podMonitorSelector
Kubernetes meta/v1.LabelSelector

PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

podMonitorNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only.

probeSelector
Kubernetes meta/v1.LabelSelector

Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

probeNamespaceSelector
Kubernetes meta/v1.LabelSelector

Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

scrapeConfigSelector
Kubernetes meta/v1.LabelSelector
(Optional)

ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects.

If spec.serviceMonitorSelector, spec.podMonitorSelector, spec.probeSelector and spec.scrapeConfigSelector are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration’s Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the prometheus.yaml.gz key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use spec.additionalScrapeConfigs instead.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

scrapeConfigNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.

Note that the ScrapeConfig custom resource definition is currently at Alpha level.

version
string

Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files.

If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released.

paused
bool

When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.

image
string
(Optional)

Container image name for Prometheus. If specified, it takes precedence over the spec.baseImage, spec.tag and spec.sha fields.

Specifying spec.version is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured.

If neither spec.image nor spec.baseImage are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released.

imagePullPolicy
Kubernetes core/v1.PullPolicy

Image pull policy for the ‘prometheus’, ‘init-config-reloader’ and ‘config-reloader’ containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.

imagePullSecrets
[]Kubernetes core/v1.LocalObjectReference

An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod

replicas
int32
(Optional)

Number of replicas of each shard to deploy for a Prometheus deployment. spec.replicas multiplied by spec.shards is the total number of Pods created.

Default: 1

shards
int32
(Optional)

Number of shards to distribute scraped targets onto.

spec.replicas multiplied by spec.shards is the total number of Pods being created.

When not defined, the operator assumes only one shard.

Note that scaling down shards will not reshard data onto the remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. Alerting and recording rules

By default, the sharding is performed on: * The __address__ target’s metadata label for PodMonitor, ServiceMonitor and ScrapeConfig resources. * The __param_target__ label for Probe resources.

Users can define their own sharding implementation by setting the __tmp_hash label during the target discovery with relabeling configuration (either in the monitoring resources or via scrape class).

replicaExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the replica name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus_replica”

prometheusExternalLabelName
string
(Optional)

Name of Prometheus external label used to denote the Prometheus instance name. The external label will not be added when the field is set to the empty string ("").

Default: “prometheus”

logLevel
string

Log level for Prometheus and the config-reloader sidecar.

logFormat
string

Log format for Log level for Prometheus and the config-reloader sidecar.

scrapeInterval
Duration

Interval between consecutive scrapes.

Default: “30s”

scrapeTimeout
Duration

Number of seconds to wait until a scrape request times out.

scrapeProtocols
[]ScrapeProtocol
(Optional)

The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

PrometheusText1.0.0 requires Prometheus >= v3.0.0.

externalLabels
map[string]string

The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by spec.replicaExternalLabelName and spec.prometheusExternalLabelName take precedence over this list.

enableRemoteWriteReceiver
bool

Enable Prometheus to be used as a receiver for the Prometheus remote write protocol.

WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver

It requires Prometheus >= v2.33.0.

enableOTLPReceiver
bool
(Optional)

Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.

Note that the OTLP receiver endpoint is automatically enabled if .spec.otlpConfig is defined.

It requires Prometheus >= v2.47.0.

remoteWriteReceiverMessageVersions
[]RemoteWriteMessageVersion
(Optional)

List of the protobuf message versions to accept when receiving the remote writes.

It requires Prometheus >= v2.54.0.

enableFeatures
[]EnableFeature
(Optional)

Enable access to Prometheus feature flags. By default, no features are enabled.

Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/

externalUrl
string

The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource).

routePrefix
string

The route prefix Prometheus registers HTTP handlers for.

This is useful when using spec.externalURL, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.

storage
StorageSpec

Storage defines the storage used by Prometheus.

volumes
[]Kubernetes core/v1.Volume

Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.

volumeMounts
[]Kubernetes core/v1.VolumeMount

VolumeMounts allows the configuration of additional VolumeMounts.

VolumeMounts will be appended to other VolumeMounts in the ‘prometheus’ container, that are generated as a result of StorageSpec objects.

persistentVolumeClaimRetentionPolicy
Kubernetes apps/v1.StatefulSetPersistentVolumeClaimRetentionPolicy
(Optional)

The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.

web
PrometheusWebSpec

Defines the configuration of the Prometheus web server.

resources
Kubernetes core/v1.ResourceRequirements

Defines the resources requests and limits of the ‘prometheus’ container.

nodeSelector
map[string]string

Defines on which Nodes the Pods are scheduled.

serviceAccountName
string

ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.

automountServiceAccountToken
bool
(Optional)

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn’t set, the operator mounts the service account token by default.

Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container.

secrets
[]string

Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each Secret is added to the StatefulSet definition as a volume named secret-<secret-name>. The Secrets are mounted into /etc/prometheus/secrets/ in the ‘prometheus’ container.

configMaps
[]string

ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named configmap-<configmap-name>. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the ‘prometheus’ container.

affinity
Kubernetes core/v1.Affinity
(Optional)

Defines the Pods’ affinity scheduling rules if specified.

tolerations
[]Kubernetes core/v1.Toleration
(Optional)

Defines the Pods’ tolerations if specified.

topologySpreadConstraints
[]TopologySpreadConstraint
(Optional)

Defines the pod’s topology spread constraints if specified.

remoteWrite
[]RemoteWriteSpec
(Optional)

Defines the list of remote write configurations.

otlp
OTLPConfig
(Optional)

Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0.

securityContext
Kubernetes core/v1.PodSecurityContext
(Optional)

SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.

dnsPolicy
DNSPolicy
(Optional)

Defines the DNS policy for the pods.

dnsConfig
PodDNSConfig
(Optional)

Defines the DNS configuration for the pods.

listenLocal
bool

When true, the Prometheus server listens on the loopback address instead of the Pod IP’s address.

containers
[]Kubernetes core/v1.Container
(Optional)

Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch.

The names of containers managed by the operator are: * prometheus * config-reloader * thanos-sidecar

Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

initContainers
[]Kubernetes core/v1.Container
(Optional)

InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch.

The names of init container name managed by the operator are: * init-config-reloader.

Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.

additionalScrapeConfigs
Kubernetes core/v1.SecretKeySelector
(Optional)

AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.

apiserverConfig
APIServerConfig
(Optional)

APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod’s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.

priorityClassName
string

Priority class assigned to the Pods.

portName
string

Port name used for the pods and governing service. Default: “web”

arbitraryFSAccessThroughSMs
ArbitraryFSAccessThroughSMsConfig

When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the ‘prometheus’ container. When a ServiceMonitor’s endpoint specifies a bearerTokenFile value (e.g. ‘/var/run/secrets/kubernetes.io/serviceaccount/token’), a malicious target can get access to the Prometheus service account’s token in the Prometheus’ scrape request. Setting spec.arbitraryFSAccessThroughSM to ‘true’ would prevent the attack. Users should instead provide the credentials using the spec.bearerTokenSecret field.

overrideHonorLabels
bool

When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to “exported_” for all targets created from ServiceMonitor, PodMonitor and ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies. In practice,overrideHonorLaels:true enforces honorLabels:false for all ServiceMonitor, PodMonitor and ScrapeConfig objects.

overrideHonorTimestamps
bool

When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies.

ignoreNamespaceSelectors
bool

When true, spec.namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object.

enforcedNamespaceLabel
string

When not empty, a label will be added to:

  1. All metrics scraped from ServiceMonitor, PodMonitor, Probe and ScrapeConfig objects.
  2. All metrics generated from recording rules defined in PrometheusRule objects.
  3. All alerts generated from alerting rules defined in PrometheusRule objects.
  4. All vector selectors of PromQL expressions defined in PrometheusRule objects.

The label will not added for objects referenced in spec.excludedFromEnforcement.

The label’s name is this field’s value. The label’s value is the namespace of the ServiceMonitor, PodMonitor, Probe, PrometheusRule or ScrapeConfig object.

enforcedSampleLimit
uint64
(Optional)

When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any spec.sampleLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.sampleLimit is greater than zero and less than spec.enforcedSampleLimit.

It is meant to be used by admins to keep the overall number of samples/series under a desired limit.

When both enforcedSampleLimit and sampleLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedSampleLimit is greater than the sampleLimit, the sampleLimit will be set to enforcedSampleLimit. * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.

enforcedTargetLimit
uint64
(Optional)

When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any spec.targetLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.targetLimit is greater than zero and less than spec.enforcedTargetLimit.

It is meant to be used by admins to to keep the overall number of targets under a desired limit.

When both enforcedTargetLimit and targetLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedTargetLimit is greater than the targetLimit, the targetLimit will be set to enforcedTargetLimit. * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.

enforcedLabelLimit
uint64
(Optional)

When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any spec.labelLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelLimit is greater than zero and less than spec.enforcedLabelLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelLimit and labelLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelLimit is greater than the labelLimit, the labelLimit will be set to enforcedLabelLimit. * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.

enforcedLabelNameLengthLimit
uint64
(Optional)

When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any spec.labelNameLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelNameLengthLimit is greater than zero and less than spec.enforcedLabelNameLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelNameLengthLimit and labelNameLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelNameLengthLimit is greater than the labelNameLengthLimit, the labelNameLengthLimit will be set to enforcedLabelNameLengthLimit. * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.

enforcedLabelValueLengthLimit
uint64
(Optional)

When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any spec.labelValueLengthLimit set by ServiceMonitor, PodMonitor, Probe objects unless spec.labelValueLengthLimit is greater than zero and less than spec.enforcedLabelValueLengthLimit.

It requires Prometheus >= v2.27.0.

When both enforcedLabelValueLengthLimit and labelValueLengthLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedLabelValueLengthLimit is greater than the labelValueLengthLimit, the labelValueLengthLimit will be set to enforcedLabelValueLengthLimit. * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.

enforcedKeepDroppedTargets
uint64
(Optional)

When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets is greater than zero and less than spec.enforcedKeepDroppedTargets.

It requires Prometheus >= v2.47.0.

When both enforcedKeepDroppedTargets and keepDroppedTargets are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedKeepDroppedTargets is greater than the keepDroppedTargets, the keepDroppedTargets will be set to enforcedKeepDroppedTargets. * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.

enforcedBodySizeLimit
ByteSize

When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail.

It requires Prometheus >= v2.28.0.

When both enforcedBodySizeLimit and bodySizeLimit are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the enforcedBodySizeLimit is greater than the bodySizeLimit, the bodySizeLimit will be set to enforcedBodySizeLimit. * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.

nameValidationScheme
NameValidationSchemeOptions
(Optional)

Specifies the validation scheme for metric and label names.

minReadySeconds
uint32
(Optional)

Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.

hostAliases
[]HostAlias
(Optional)

Optional list of hosts and IPs that will be injected into the Pod’s hosts file if specified.

additionalArgs
[]Argument
(Optional)

AdditionalArgs allows setting additional arguments for the ‘prometheus’ container.

It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version.

In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.

walCompression
bool
(Optional)

Configures compression of the write-ahead log (WAL) using Snappy.

WAL compression is enabled by default for Prometheus >= 2.20.0

Requires Prometheus v2.11.0 and above.

excludedFromEnforcement
[]ObjectReference
(Optional)

List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin.

It is only applicable if spec.enforcedNamespaceLabel set to true.

hostNetwork
bool

Use the host’s network namespace if true.

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set to a different value).

podTargetLabels
[]string
(Optional)

PodTargetLabels are appended to the spec.podTargetLabels field of all PodMonitor and ServiceMonitor objects.

tracingConfig
PrometheusTracingConfig
(Optional)

TracingConfig configures tracing in Prometheus.

This is an experimental feature, it may change in any upcoming release in a breaking way.

bodySizeLimit
ByteSize
(Optional)

BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.

sampleLimit
uint64
(Optional)

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.

targetLimit
uint64
(Optional)

TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

Note that the global limit only applies to scrape objects that don’t specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.

reloadStrategy
ReloadStrategyType
(Optional)

Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint.

maximumStartupDurationSeconds
int32
(Optional)

Defines the maximum time that the prometheus container’s startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).

scrapeClasses
[]ScrapeClass

List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

This is an experimental feature, it may change in any upcoming release in a breaking way.

serviceDiscoveryRole
ServiceDiscoveryRole
(Optional)

Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.

If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role.

tsdb
TSDBSpec
(Optional)

Defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

runtime
RuntimeConfig
(Optional)

RuntimeConfig configures the values for the Prometheus process behavior

PuppetDBSDConfig

(Appears on:ScrapeConfigSpec)

PuppetDBSDConfig configurations allow retrieving scrape targets from PuppetDB resources. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#puppetdb_sd_config

Field Description
url
string

The URL of the PuppetDB root query endpoint.

query
string

Puppet Query Language (PQL) query. Only resources are supported. https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html

includeParameters
bool
(Optional)

Whether to include the parameters as meta labels. Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure that you don’t have secrets exposed as parameters if you enable this.

refreshInterval
Duration
(Optional)

Refresh interval to re-read the list of resources.

port
int32

Port to scrape the metrics from.

basicAuth
BasicAuth
(Optional)

Optional HTTP basic authentication information. Cannot be set at the same time as authorization, or oauth2.

authorization
SafeAuthorization
(Optional)

Optional authorization HTTP header configuration. Cannot be set at the same time as basicAuth, or oauth2.

oauth2
OAuth2
(Optional)

Optional OAuth2.0 configuration. Cannot be set at the same time as basicAuth, or authorization.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to connect to the Puppet DB.

followRedirects
bool
(Optional)

Configure whether the HTTP requests should follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Configure whether to enable HTTP2.

PushoverConfig

(Appears on:Receiver)

PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

userKey
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either userKey or userKeyFile is required.

userKeyFile
string
(Optional)

The user key file that contains the recipient user’s user key. Either userKey or userKeyFile is required. It requires Alertmanager >= v0.26.0.

token
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either token or tokenFile is required.

tokenFile
string
(Optional)

The token file that contains the registered application’s API token, see https://pushover.net/apps. Either token or tokenFile is required. It requires Alertmanager >= v0.26.0.

title
string
(Optional)

Notification title.

message
string
(Optional)

Notification message.

url
string
(Optional)

A supplementary URL shown alongside the message.

urlTitle
string
(Optional)

A title for supplementary URL, otherwise just the URL is shown

ttl
Duration
(Optional)

The time to live definition for the alert notification

device
string
(Optional)

The name of a device to send the notification to

sound
string
(Optional)

The name of one of the sounds supported by device clients to override the user’s default sound choice

priority
string
(Optional)

Priority, see https://pushover.net/api#priority

retry
string
(Optional)

How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.

expire
string
(Optional)

How long your notification will continue to be retried for, unless the user acknowledges the notification.

html
bool
(Optional)

Whether notification message is HTML or plain text.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

Receiver

(Appears on:AlertmanagerConfigSpec)

Receiver defines one or more notification integrations.

Field Description
name
string

Name of the receiver. Must be unique across all items from the list.

opsgenieConfigs
[]OpsGenieConfig

List of OpsGenie configurations.

pagerdutyConfigs
[]PagerDutyConfig

List of PagerDuty configurations.

discordConfigs
[]DiscordConfig
(Optional)

List of Discord configurations.

slackConfigs
[]SlackConfig

List of Slack configurations.

webhookConfigs
[]WebhookConfig

List of webhook configurations.

wechatConfigs
[]WeChatConfig

List of WeChat configurations.

emailConfigs
[]EmailConfig

List of Email configurations.

victoropsConfigs
[]VictorOpsConfig

List of VictorOps configurations.

pushoverConfigs
[]PushoverConfig

List of Pushover configurations.

snsConfigs
[]SNSConfig

List of SNS configurations

telegramConfigs
[]TelegramConfig

List of Telegram configurations.

webexConfigs
[]WebexConfig

List of Webex configurations.

msteamsConfigs
[]MSTeamsConfig

List of MSTeams configurations. It requires Alertmanager >= 0.26.0.

Route

(Appears on:AlertmanagerConfigSpec)

Route defines a node in the routing tree.

Field Description
receiver
string
(Optional)

Name of the receiver for this route. If not empty, it should be listed in the receivers field.

groupBy
[]string
(Optional)

List of labels to group by. Labels must not be repeated (unique list). Special label “…” (aggregate by all possible labels), if provided, must be the only element in the list.

groupWait
string
(Optional)

How long to wait before sending the initial notification. Must match the regular expression^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ Example: “30s”

groupInterval
string
(Optional)

How long to wait before sending an updated notification. Must match the regular expression^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ Example: “5m”

repeatInterval
string
(Optional)

How long to wait before repeating the last notification. Must match the regular expression^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ Example: “4h”

matchers
[]Matcher
(Optional)

List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the namespace label and adds a namespace: <object namespace> matcher.

continue
bool
(Optional)

Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.

routes
[]k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON

Child routes.

muteTimeIntervals
[]string
(Optional)

Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn’t support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can’t validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,

activeTimeIntervals
[]string
(Optional)

ActiveTimeIntervals is a list of MuteTimeInterval names when this route should be active.

SDFile (string alias)

(Appears on:FileSDConfig)

SDFile represents a file used for service discovery

SNSConfig

(Appears on:Receiver)

SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiURL
string
(Optional)

The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used.

sigv4
Sigv4
(Optional)

Configures AWS’s Signature Verification 4 signing process to sign requests.

topicARN
string
(Optional)

SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don’t specify this value, you must specify a value for the PhoneNumber or TargetARN.

subject
string
(Optional)

Subject line when the message is delivered to email endpoints.

phoneNumber
string
(Optional)

Phone number if message is delivered via SMS in E.164 format. If you don’t specify this value, you must specify a value for the TopicARN or TargetARN.

targetARN
string
(Optional)

The mobile platform endpoint ARN if message is delivered via mobile notifications. If you don’t specify this value, you must specify a value for the topic_arn or PhoneNumber.

message
string
(Optional)

The message content of the SNS notification.

attributes
map[string]string
(Optional)

SNS message attributes.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

ScalewayRole (string alias)

(Appears on:ScalewaySDConfig)

Role of the targets to retrieve. Must be Instance or Baremetal.

Value Description

"Baremetal"

"Instance"

ScalewaySDConfig

(Appears on:ScrapeConfigSpec)

ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config TODO: Need to document that we will not be supporting the _file fields.

Field Description
accessKey
string

Access key to use. https://console.scaleway.com/project/credentials

secretKey
Kubernetes core/v1.SecretKeySelector

Secret key to use when listing targets.

projectID
string

Project ID of the targets.

role
ScalewayRole

Service of the targets to retrieve. Must be Instance or Baremetal.

port
int32
(Optional)

The port to scrape metrics from.

apiURL
string
(Optional)

API URL to use when doing the server listing requests.

zone
string
(Optional)

Zone is the availability zone of your targets (e.g. fr-par-1).

nameFilter
string
(Optional)

NameFilter specify a name filter (works as a LIKE) to apply on the server listing request.

tagsFilter
[]string
(Optional)

TagsFilter specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request.

refreshInterval
Duration
(Optional)

Refresh interval to re-read the list of instances.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

Configure whether HTTP requests follow HTTP 3xx redirects.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to use on every scrape request

ScrapeConfigSpec

(Appears on:ScrapeConfig)

ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration.

Field Description
jobName
string
(Optional)

The value of the job label assigned to the scraped metrics by default.

The job_name field in the rendered scrape configuration is always controlled by the operator to prevent duplicate job names, which Prometheus does not allow. Instead the job label is set by means of relabeling configs.

staticConfigs
[]StaticConfig
(Optional)

StaticConfigs defines a list of static targets with a common label set.

fileSDConfigs
[]FileSDConfig
(Optional)

FileSDConfigs defines a list of file service discovery configurations.

httpSDConfigs
[]HTTPSDConfig
(Optional)

HTTPSDConfigs defines a list of HTTP service discovery configurations.

kubernetesSDConfigs
[]KubernetesSDConfig
(Optional)

KubernetesSDConfigs defines a list of Kubernetes service discovery configurations.

consulSDConfigs
[]ConsulSDConfig
(Optional)

ConsulSDConfigs defines a list of Consul service discovery configurations.

dnsSDConfigs
[]DNSSDConfig
(Optional)

DNSSDConfigs defines a list of DNS service discovery configurations.

ec2SDConfigs
[]EC2SDConfig
(Optional)

EC2SDConfigs defines a list of EC2 service discovery configurations.

azureSDConfigs
[]AzureSDConfig
(Optional)

AzureSDConfigs defines a list of Azure service discovery configurations.

gceSDConfigs
[]GCESDConfig
(Optional)

GCESDConfigs defines a list of GCE service discovery configurations.

openstackSDConfigs
[]OpenStackSDConfig
(Optional)

OpenStackSDConfigs defines a list of OpenStack service discovery configurations.

digitalOceanSDConfigs
[]DigitalOceanSDConfig
(Optional)

DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations.

kumaSDConfigs
[]KumaSDConfig
(Optional)

KumaSDConfigs defines a list of Kuma service discovery configurations.

eurekaSDConfigs
[]EurekaSDConfig
(Optional)

EurekaSDConfigs defines a list of Eureka service discovery configurations.

dockerSDConfigs
[]DockerSDConfig
(Optional)

DockerSDConfigs defines a list of Docker service discovery configurations.

linodeSDConfigs
[]LinodeSDConfig
(Optional)

LinodeSDConfigs defines a list of Linode service discovery configurations.

hetznerSDConfigs
[]HetznerSDConfig
(Optional)

HetznerSDConfigs defines a list of Hetzner service discovery configurations.

nomadSDConfigs
[]NomadSDConfig
(Optional)

NomadSDConfigs defines a list of Nomad service discovery configurations.

dockerSwarmSDConfigs
[]DockerSwarmSDConfig
(Optional)

DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations.

puppetDBSDConfigs
[]PuppetDBSDConfig
(Optional)

PuppetDBSDConfigs defines a list of PuppetDB service discovery configurations.

lightSailSDConfigs
[]LightSailSDConfig
(Optional)

LightsailSDConfigs defines a list of Lightsail service discovery configurations.

ovhcloudSDConfigs
[]OVHCloudSDConfig
(Optional)

OVHCloudSDConfigs defines a list of OVHcloud service discovery configurations.

scalewaySDConfigs
[]ScalewaySDConfig
(Optional)

ScalewaySDConfigs defines a list of Scaleway instances and baremetal service discovery configurations.

ionosSDConfigs
[]IonosSDConfig
(Optional)

IonosSDConfigs defines a list of IONOS service discovery configurations.

relabelings
[]RelabelConfig
(Optional)

RelabelConfigs defines how to rewrite the target’s labels before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job’s name is available via the __tmp_prometheus_job_name label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

metricsPath
string
(Optional)

MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics).

scrapeInterval
Duration
(Optional)

ScrapeInterval is the interval between consecutive scrapes.

scrapeTimeout
Duration
(Optional)

ScrapeTimeout is the number of seconds to wait until a scrape request times out.

scrapeProtocols
[]ScrapeProtocol
(Optional)

The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

fallbackScrapeProtocol
ScrapeProtocol
(Optional)

The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.

It requires Prometheus >= v3.0.0.

honorTimestamps
bool
(Optional)

HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.

trackTimestampsStaleness
bool
(Optional)

TrackTimestampsStaleness whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if honorTimestamps is false. It requires Prometheus >= v2.48.0.

honorLabels
bool
(Optional)

HonorLabels chooses the metric’s labels on collisions with target labels.

params
map[string][]string
(Optional)

Optional HTTP URL parameters

scheme
string
(Optional)

Configures the protocol scheme used for requests. If empty, Prometheus uses HTTP by default.

enableCompression
bool
(Optional)

When false, Prometheus will request uncompressed response from the scraped target.

It requires Prometheus >= v2.49.0.

If unset, Prometheus uses true by default.

enableHTTP2
bool
(Optional)

Whether to enable HTTP2.

basicAuth
BasicAuth
(Optional)

BasicAuth information to use on every scrape request.

authorization
SafeAuthorization
(Optional)

Authorization header to use on every scrape request.

oauth2
OAuth2
(Optional)

OAuth2 configuration to use on every scrape request.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration to use on every scrape request

sampleLimit
uint64
(Optional)

SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

targetLimit
uint64
(Optional)

TargetLimit defines a limit on the number of scraped targets that will be accepted.

labelLimit
uint64
(Optional)

Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

labelNameLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

labelValueLengthLimit
uint64
(Optional)

Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

scrapeClassicHistograms
bool
(Optional)

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

nativeHistogramBucketLimit
uint64
(Optional)

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

keepDroppedTargets
uint64
(Optional)

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

metricRelabelings
[]RelabelConfig
(Optional)

MetricRelabelConfigs to apply to samples before ingestion.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

scrapeClass
string
(Optional)

The scrape class to apply.

SlackAction

(Appears on:SlackConfig)

SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.

Field Description
type
string
text
string
url
string
(Optional)
style
string
(Optional)
name
string
(Optional)
value
string
(Optional)
confirm
SlackConfirmationField
(Optional)

SlackConfig

(Appears on:Receiver)

SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiURL
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

channel
string
(Optional)

The channel or user to send notifications to.

username
string
(Optional)
color
string
(Optional)
title
string
(Optional)
titleLink
string
(Optional)
pretext
string
(Optional)
text
string
(Optional)
fields
[]SlackField
(Optional)

A list of Slack fields that are sent with each notification.

shortFields
bool
(Optional)
footer
string
(Optional)
fallback
string
(Optional)
callbackId
string
(Optional)
iconEmoji
string
(Optional)
iconURL
string
(Optional)
imageURL
string
(Optional)
thumbURL
string
(Optional)
linkNames
bool
(Optional)
mrkdwnIn
[]string
(Optional)
actions
[]SlackAction
(Optional)

A list of Slack actions that are sent with each notification.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

SlackConfirmationField

(Appears on:SlackAction)

SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.

Field Description
text
string
title
string
(Optional)
okText
string
(Optional)
dismissText
string
(Optional)

SlackField

(Appears on:SlackConfig)

SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.

Field Description
title
string
value
string
short
bool
(Optional)

StaticConfig

(Appears on:ScrapeConfigSpec)

StaticConfig defines a Prometheus static configuration. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config

Field Description
targets
[]Target

List of targets for this static configuration.

labels
map[string]string
(Optional)

Labels assigned to all metrics scraped from the targets.

Target (string alias)

(Appears on:StaticConfig)

Target represents a target for Prometheus to scrape kubebuilder:validation:MinLength:=1

TelegramConfig

(Appears on:Receiver)

TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config

Field Description
sendResolved
bool
(Optional)

Whether to notify about resolved alerts.

apiURL
string
(Optional)

The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used.

botToken
Kubernetes core/v1.SecretKeySelector
(Optional)

Telegram bot token. It is mutually exclusive with botTokenFile. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

Either botToken or botTokenFile is required.

botTokenFile
string
(Optional)

File to read the Telegram bot token from. It is mutually exclusive with botToken. Either botToken or botTokenFile is required.

It requires Alertmanager >= v0.26.0.

chatID
int64

The Telegram chat ID.

messageThreadID
int64
(Optional)

The Telegram Group Topic ID. It requires Alertmanager >= 0.26.0.

message
string
(Optional)

Message template

disableNotifications
bool
(Optional)

Disable telegram notifications

parseMode
string
(Optional)

Parse mode for telegram message

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

Time (string alias)

(Appears on:TimeRange)

Time defines a time in 24hr format

TimeInterval

(Appears on:MuteTimeInterval)

TimeInterval describes intervals of time

Field Description
times
[]TimeRange
(Optional)

Times is a list of TimeRange

weekdays
[]WeekdayRange
(Optional)

Weekdays is a list of WeekdayRange

daysOfMonth
[]DayOfMonthRange
(Optional)

DaysOfMonth is a list of DayOfMonthRange

months
[]MonthRange
(Optional)

Months is a list of MonthRange

years
[]YearRange
(Optional)

Years is a list of YearRange

TimeRange

(Appears on:TimeInterval)

TimeRange defines a start and end time in 24hr format

Field Description
startTime
Time

StartTime is the start time in 24hr format.

endTime
Time

EndTime is the end time in 24hr format.

URL (string alias)

(Appears on:WebexConfig)

URL represents a valid URL

VictorOpsConfig

(Appears on:Receiver)

VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiKey
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

apiUrl
string
(Optional)

The VictorOps API URL.

routingKey
string
(Optional)

A key used to map the alert to a team.

messageType
string
(Optional)

Describes the behavior of the alert (CRITICAL, WARNING, INFO).

entityDisplayName
string
(Optional)

Contains summary of the alerted problem.

stateMessage
string
(Optional)

Contains long explanation of the alerted problem.

monitoringTool
string
(Optional)

The monitoring tool the state message is from.

customFields
[]KeyValue
(Optional)

Additional custom fields for notification.

httpConfig
HTTPConfig
(Optional)

The HTTP client’s configuration.

WeChatConfig

(Appears on:Receiver)

WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiSecret
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

apiURL
string
(Optional)

The WeChat API URL.

corpID
string
(Optional)

The corp id for authentication.

agentID
string
(Optional)
toUser
string
(Optional)
toParty
string
(Optional)
toTag
string
(Optional)
message
string

API request data as defined by the WeChat API.

messageType
string
(Optional)
httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

WebexConfig

(Appears on:Receiver)

WebexConfig configures notification via Cisco Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config

Field Description
sendResolved
bool
(Optional)

Whether to notify about resolved alerts.

apiURL
URL
(Optional)

The Webex Teams API URL i.e. https://webexapis.com/v1/messages Provide if different from the default API URL.

httpConfig
HTTPConfig
(Optional)

The HTTP client’s configuration. You must supply the bot token via the httpConfig.authorization field.

message
string
(Optional)

Message template

roomID
string

ID of the Webex Teams room where to send the messages.

WebhookConfig

(Appears on:Receiver)

WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

url
string
(Optional)

The URL to send HTTP POST requests to. urlSecret takes precedence over url. One of urlSecret and url should be defined.

urlSecret
Kubernetes core/v1.SecretKeySelector
(Optional)

The secret’s key that contains the webhook URL to send HTTP requests to. urlSecret takes precedence over url. One of urlSecret and url should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

maxAlerts
int32
(Optional)

Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.

Weekday (string alias)

Weekday is day of the week

Value Description

"friday"

"monday"

"saturday"

"sunday"

"thursday"

"tuesday"

"wednesday"

WeekdayRange (string alias)

(Appears on:TimeInterval)

WeekdayRange is an inclusive range of days of the week beginning on Sunday Days can be specified by name (e.g ‘Sunday’) or as an inclusive range (e.g ‘Monday:Friday’)

YearRange (string alias)

(Appears on:TimeInterval)

YearRange is an inclusive range of years


monitoring.coreos.com/v1beta1

Resource Types:

AlertmanagerConfig

The AlertmanagerConfig custom resource definition (CRD) defines how Alertmanager objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.

Alertmanager objects select AlertmanagerConfig objects using label and namespace selectors.

Field Description
apiVersion
string
monitoring.coreos.com/v1beta1
kind
string
AlertmanagerConfig
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AlertmanagerConfigSpec


route
Route
(Optional)

The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route.

receivers
[]Receiver
(Optional)

List of receivers.

inhibitRules
[]InhibitRule
(Optional)

List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace.

timeIntervals
[]TimeInterval
(Optional)

List of TimeInterval specifying when the routes should be muted or active.

AlertmanagerConfigSpec

(Appears on:AlertmanagerConfig)

AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the namespace label is equal to the namespace of the AlertmanagerConfig resource.

Field Description
route
Route
(Optional)

The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route.

receivers
[]Receiver
(Optional)

List of receivers.

inhibitRules
[]InhibitRule
(Optional)

List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace.

timeIntervals
[]TimeInterval
(Optional)

List of TimeInterval specifying when the routes should be muted or active.

DayOfMonthRange

(Appears on:TimePeriod)

DayOfMonthRange is an inclusive range of days of the month beginning at 1

Field Description
start
int

Start of the inclusive range

end
int

End of the inclusive range

DiscordConfig

(Appears on:Receiver)

DiscordConfig configures notifications via Discord. See https://prometheus.io/docs/alerting/latest/configuration/#discord_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiURL
Kubernetes core/v1.SecretKeySelector

The secret’s key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

title
string
(Optional)

The template of the message’s title.

message
string
(Optional)

The template of the message’s body.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

EmailConfig

(Appears on:Receiver)

EmailConfig configures notifications via Email.

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

to
string
(Optional)

The email address to send notifications to.

from
string
(Optional)

The sender address.

hello
string
(Optional)

The hostname to identify to the SMTP server.

smarthost
string
(Optional)

The SMTP host and port through which emails are sent. E.g. example.com:25

authUsername
string
(Optional)

The username to use for authentication.

authPassword
SecretKeySelector

The secret’s key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

authSecret
SecretKeySelector

The secret’s key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

authIdentity
string
(Optional)

The identity to use for authentication.

headers
[]KeyValue

Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.

html
string
(Optional)

The HTML body of the email notification.

text
string
(Optional)

The text body of the email notification.

requireTLS
bool
(Optional)

The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration

HTTPConfig

(Appears on:DiscordConfig, MSTeamsConfig, OpsGenieConfig, PagerDutyConfig, PushoverConfig, SNSConfig, SlackConfig, TelegramConfig, VictorOpsConfig, WeChatConfig, WebexConfig, WebhookConfig)

HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config

Field Description
authorization
SafeAuthorization
(Optional)

Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.

basicAuth
BasicAuth
(Optional)

BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.

oauth2
OAuth2
(Optional)

OAuth2 client credentials used to fetch a token for the targets.

bearerTokenSecret
SecretKeySelector
(Optional)

The secret’s key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

tlsConfig
SafeTLSConfig
(Optional)

TLS configuration for the client.

proxyURL
string
(Optional)

Optional proxy URL.

If defined, this field takes precedence over proxyUrl.

proxyUrl
string
(Optional)

proxyURL defines the HTTP proxy server to use.

noProxy
string
(Optional)

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyFromEnvironment
bool
(Optional)

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader
map[string][]k8s.io/api/core/v1.SecretKeySelector
(Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

followRedirects
bool
(Optional)

FollowRedirects specifies whether the client should follow HTTP 3xx redirects.

InhibitRule

(Appears on:AlertmanagerConfigSpec)

InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule

Field Description
targetMatch
[]Matcher

Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace.

sourceMatch
[]Matcher

Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace.

equal
[]string

Labels that must have an equal value in the source and target alert for the inhibition to take effect.

KeyValue

(Appears on:EmailConfig, OpsGenieConfig, PagerDutyConfig, VictorOpsConfig)

KeyValue defines a (key, value) tuple.

Field Description
key
string

Key of the tuple.

value
string

Value of the tuple.

MSTeamsConfig

(Appears on:Receiver)

MSTeamsConfig configures notifications via Microsoft Teams. It requires Alertmanager >= 0.26.0.

Field Description
sendResolved
bool
(Optional)

Whether to notify about resolved alerts.

webhookUrl
Kubernetes core/v1.SecretKeySelector

MSTeams webhook URL.

title
string
(Optional)

Message title template.

summary
string
(Optional)

Message summary template. It requires Alertmanager >= 0.27.0.

text
string
(Optional)

Message body template.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

MatchType (string alias)

(Appears on:Matcher)

MatchType is a comparison operator on a Matcher

Value Description

"="

"!="

"!~"

"=~"

Matcher

(Appears on:InhibitRule, Route)

Matcher defines how to match on alert’s labels.

Field Description
name
string

Label to match.

value
string
(Optional)

Label value to match.

matchType
MatchType

Match operator, one of = (equal to), != (not equal to), =~ (regex match) or !~ (not regex match). Negative operators (!= and !~) require Alertmanager >= v0.22.0.

Month (string alias)

Month of the year

Value Description

"april"

"august"

"december"

"february"

"january"

"july"

"june"

"march"

"may"

"november"

"october"

"september"

MonthRange (string alias)

(Appears on:TimePeriod)

MonthRange is an inclusive range of months of the year beginning in January Months can be specified by name (e.g ‘January’) by numerical month (e.g ‘1’) or as an inclusive range (e.g ‘January:March’, ‘1:3’, ‘1:March’)

OpsGenieConfig

(Appears on:Receiver)

OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiKey
SecretKeySelector
(Optional)

The secret’s key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

apiURL
string
(Optional)

The URL to send OpsGenie API requests to.

message
string
(Optional)

Alert text limited to 130 characters.

description
string
(Optional)

Description of the incident.

source
string
(Optional)

Backlink to the sender of the notification.

tags
string
(Optional)

Comma separated list of tags attached to the notifications.

note
string
(Optional)

Additional alert note.

priority
string
(Optional)

Priority level of alert. Possible values are P1, P2, P3, P4, and P5.

details
[]KeyValue
(Optional)

A set of arbitrary key/value pairs that provide further detail about the incident.

responders
[]OpsGenieConfigResponder
(Optional)

List of responders responsible for notifications.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

entity
string
(Optional)

Optional field that can be used to specify which domain alert is related to.

actions
string
(Optional)

Comma separated list of actions that will be available for the alert.

OpsGenieConfigResponder

(Appears on:OpsGenieConfig)

OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined.

Field Description
id
string
(Optional)

ID of the responder.

name
string
(Optional)

Name of the responder.

username
string
(Optional)

Username of the responder.

type
string

Type of responder.

PagerDutyConfig

(Appears on:Receiver)

PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

routingKey
SecretKeySelector
(Optional)

The secret’s key that contains the PagerDuty integration key (when using Events API v2). Either this field or serviceKey needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

serviceKey
SecretKeySelector
(Optional)

The secret’s key that contains the PagerDuty service key (when using integration type “Prometheus”). Either this field or routingKey needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

url
string
(Optional)

The URL to send requests to.

client
string
(Optional)

Client identification.

clientURL
string
(Optional)

Backlink to the sender of notification.

description
string
(Optional)

Description of the incident.

severity
string
(Optional)

Severity of the incident.

class
string
(Optional)

The class/type of the event.

group
string
(Optional)

A cluster or grouping of sources.

component
string
(Optional)

The part or component of the affected system that is broken.

details
[]KeyValue
(Optional)

Arbitrary key/value pairs that provide further detail about the incident.

pagerDutyImageConfigs
[]PagerDutyImageConfig
(Optional)

A list of image details to attach that provide further detail about an incident.

pagerDutyLinkConfigs
[]PagerDutyLinkConfig
(Optional)

A list of link details to attach that provide further detail about an incident.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

source
string
(Optional)

Unique location of the affected system.

PagerDutyImageConfig

(Appears on:PagerDutyConfig)

PagerDutyImageConfig attaches images to an incident

Field Description
src
string
(Optional)

Src of the image being attached to the incident

href
string
(Optional)

Optional URL; makes the image a clickable link.

alt
string
(Optional)

Alt is the optional alternative text for the image.

PagerDutyLinkConfig

(Appears on:PagerDutyConfig)

PagerDutyLinkConfig attaches text links to an incident

Field Description
href
string
(Optional)

Href is the URL of the link to be attached

alt
string
(Optional)

Text that describes the purpose of the link, and can be used as the link’s text.

ParsedRange

ParsedRange is an integer representation of a range

Field Description
start
int

Start is the beginning of the range

end
int

End of the range

PushoverConfig

(Appears on:Receiver)

PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

userKey
SecretKeySelector
(Optional)

The secret’s key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either userKey or userKeyFile is required.

userKeyFile
string
(Optional)

The user key file that contains the recipient user’s user key. Either userKey or userKeyFile is required. It requires Alertmanager >= v0.26.0.

token
SecretKeySelector
(Optional)

The secret’s key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either token or tokenFile is required.

tokenFile
string
(Optional)

The token file that contains the registered application’s API token, see https://pushover.net/apps. Either token or tokenFile is required. It requires Alertmanager >= v0.26.0.

title
string
(Optional)

Notification title.

message
string
(Optional)

Notification message.

url
string
(Optional)

A supplementary URL shown alongside the message.

urlTitle
string
(Optional)

A title for supplementary URL, otherwise just the URL is shown

ttl
Duration
(Optional)

The time to live definition for the alert notification

device
string
(Optional)

The name of a device to send the notification to

sound
string
(Optional)

The name of one of the sounds supported by device clients to override the user’s default sound choice

priority
string
(Optional)

Priority, see https://pushover.net/api#priority

retry
string
(Optional)

How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.

expire
string
(Optional)

How long your notification will continue to be retried for, unless the user acknowledges the notification.

html
bool
(Optional)

Whether notification message is HTML or plain text.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

Receiver

(Appears on:AlertmanagerConfigSpec)

Receiver defines one or more notification integrations.

Field Description
name
string

Name of the receiver. Must be unique across all items from the list.

opsgenieConfigs
[]OpsGenieConfig

List of OpsGenie configurations.

pagerdutyConfigs
[]PagerDutyConfig

List of PagerDuty configurations.

discordConfigs
[]DiscordConfig

List of Slack configurations.

slackConfigs
[]SlackConfig

List of Slack configurations.

webhookConfigs
[]WebhookConfig

List of webhook configurations.

wechatConfigs
[]WeChatConfig

List of WeChat configurations.

emailConfigs
[]EmailConfig

List of Email configurations.

victoropsConfigs
[]VictorOpsConfig

List of VictorOps configurations.

pushoverConfigs
[]PushoverConfig

List of Pushover configurations.

snsConfigs
[]SNSConfig

List of SNS configurations

telegramConfigs
[]TelegramConfig

List of Telegram configurations.

webexConfigs
[]WebexConfig

List of Webex configurations.

msteamsConfigs
[]MSTeamsConfig

List of MSTeams configurations. It requires Alertmanager >= 0.26.0.

Route

(Appears on:AlertmanagerConfigSpec)

Route defines a node in the routing tree.

Field Description
receiver
string
(Optional)

Name of the receiver for this route. If not empty, it should be listed in the receivers field.

groupBy
[]string
(Optional)

List of labels to group by. Labels must not be repeated (unique list). Special label “…” (aggregate by all possible labels), if provided, must be the only element in the list.

groupWait
string
(Optional)

How long to wait before sending the initial notification. Must match the regular expression^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ Example: “30s”

groupInterval
string
(Optional)

How long to wait before sending an updated notification. Must match the regular expression^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ Example: “5m”

repeatInterval
string
(Optional)

How long to wait before repeating the last notification. Must match the regular expression^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ Example: “4h”

matchers
[]Matcher
(Optional)

List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the namespace label and adds a namespace: <object namespace> matcher.

continue
bool
(Optional)

Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.

routes
[]k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON

Child routes.

muteTimeIntervals
[]string
(Optional)

Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn’t support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can’t validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of TimeInterval names that will mute this route when matched.

activeTimeIntervals
[]string
(Optional)

ActiveTimeIntervals is a list of TimeInterval names when this route should be active.

SNSConfig

(Appears on:Receiver)

SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiURL
string
(Optional)

The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used.

sigv4
Sigv4
(Optional)

Configures AWS’s Signature Verification 4 signing process to sign requests.

topicARN
string
(Optional)

SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don’t specify this value, you must specify a value for the PhoneNumber or TargetARN.

subject
string
(Optional)

Subject line when the message is delivered to email endpoints.

phoneNumber
string
(Optional)

Phone number if message is delivered via SMS in E.164 format. If you don’t specify this value, you must specify a value for the TopicARN or TargetARN.

targetARN
string
(Optional)

The mobile platform endpoint ARN if message is delivered via mobile notifications. If you don’t specify this value, you must specify a value for the topic_arn or PhoneNumber.

message
string
(Optional)

The message content of the SNS notification.

attributes
map[string]string
(Optional)

SNS message attributes.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

SecretKeySelector

(Appears on:EmailConfig, HTTPConfig, OpsGenieConfig, PagerDutyConfig, PushoverConfig, SlackConfig, TelegramConfig, VictorOpsConfig, WeChatConfig, WebhookConfig)

SecretKeySelector selects a key of a Secret.

Field Description
name
string

The name of the secret in the object’s namespace to select from.

key
string

The key of the secret to select from. Must be a valid secret key.

SlackAction

(Appears on:SlackConfig)

SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.

Field Description
type
string
text
string
url
string
(Optional)
style
string
(Optional)
name
string
(Optional)
value
string
(Optional)
confirm
SlackConfirmationField
(Optional)

SlackConfig

(Appears on:Receiver)

SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiURL
SecretKeySelector
(Optional)

The secret’s key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

channel
string
(Optional)

The channel or user to send notifications to.

username
string
(Optional)
color
string
(Optional)
title
string
(Optional)
titleLink
string
(Optional)
pretext
string
(Optional)
text
string
(Optional)
fields
[]SlackField
(Optional)

A list of Slack fields that are sent with each notification.

shortFields
bool
(Optional)
footer
string
(Optional)
fallback
string
(Optional)
callbackId
string
(Optional)
iconEmoji
string
(Optional)
iconURL
string
(Optional)
imageURL
string
(Optional)
thumbURL
string
(Optional)
linkNames
bool
(Optional)
mrkdwnIn
[]string
(Optional)
actions
[]SlackAction
(Optional)

A list of Slack actions that are sent with each notification.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

SlackConfirmationField

(Appears on:SlackAction)

SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.

Field Description
text
string
title
string
(Optional)
okText
string
(Optional)
dismissText
string
(Optional)

SlackField

(Appears on:SlackConfig)

SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.

Field Description
title
string
value
string
short
bool
(Optional)

TelegramConfig

(Appears on:Receiver)

TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config

Field Description
sendResolved
bool
(Optional)

Whether to notify about resolved alerts.

apiURL
string
(Optional)

The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used.

botToken
SecretKeySelector
(Optional)

Telegram bot token. It is mutually exclusive with botTokenFile. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

Either botToken or botTokenFile is required.

botTokenFile
string
(Optional)

File to read the Telegram bot token from. It is mutually exclusive with botToken. Either botToken or botTokenFile is required.

It requires Alertmanager >= v0.26.0.

chatID
int64

The Telegram chat ID.

messageThreadID
int64
(Optional)

The Telegram Group Topic ID. It requires Alertmanager >= 0.26.0.

message
string
(Optional)

Message template

disableNotifications
bool
(Optional)

Disable telegram notifications

parseMode
string
(Optional)

Parse mode for telegram message

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

Time (string alias)

(Appears on:TimeRange)

Time defines a time in 24hr format

TimeInterval

(Appears on:AlertmanagerConfigSpec)

TimeInterval specifies the periods in time when notifications will be muted or active.

Field Description
name
string

Name of the time interval.

timeIntervals
[]TimePeriod

TimeIntervals is a list of TimePeriod.

TimePeriod

(Appears on:TimeInterval)

TimePeriod describes periods of time.

Field Description
times
[]TimeRange
(Optional)

Times is a list of TimeRange

weekdays
[]WeekdayRange
(Optional)

Weekdays is a list of WeekdayRange

daysOfMonth
[]DayOfMonthRange
(Optional)

DaysOfMonth is a list of DayOfMonthRange

months
[]MonthRange
(Optional)

Months is a list of MonthRange

years
[]YearRange
(Optional)

Years is a list of YearRange

TimeRange

(Appears on:TimePeriod)

TimeRange defines a start and end time in 24hr format

Field Description
startTime
Time

StartTime is the start time in 24hr format.

endTime
Time

EndTime is the end time in 24hr format.

URL (string alias)

(Appears on:WebexConfig)

URL represents a valid URL

VictorOpsConfig

(Appears on:Receiver)

VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiKey
SecretKeySelector
(Optional)

The secret’s key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

apiUrl
string
(Optional)

The VictorOps API URL.

routingKey
string
(Optional)

A key used to map the alert to a team.

messageType
string
(Optional)

Describes the behavior of the alert (CRITICAL, WARNING, INFO).

entityDisplayName
string
(Optional)

Contains summary of the alerted problem.

stateMessage
string
(Optional)

Contains long explanation of the alerted problem.

monitoringTool
string
(Optional)

The monitoring tool the state message is from.

customFields
[]KeyValue
(Optional)

Additional custom fields for notification.

httpConfig
HTTPConfig
(Optional)

The HTTP client’s configuration.

WeChatConfig

(Appears on:Receiver)

WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

apiSecret
SecretKeySelector
(Optional)

The secret’s key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

apiURL
string
(Optional)

The WeChat API URL.

corpID
string
(Optional)

The corp id for authentication.

agentID
string
(Optional)
toUser
string
(Optional)
toParty
string
(Optional)
toTag
string
(Optional)
message
string

API request data as defined by the WeChat API.

messageType
string
(Optional)
httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

WebexConfig

(Appears on:Receiver)

WebexConfig configures notification via Cisco Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config

Field Description
sendResolved
bool
(Optional)

Whether to notify about resolved alerts.

apiURL
URL
(Optional)

The Webex Teams API URL i.e. https://webexapis.com/v1/messages

httpConfig
HTTPConfig

The HTTP client’s configuration. You must use this configuration to supply the bot token as part of the HTTP Authorization header.

message
string
(Optional)

Message template

roomID
string

ID of the Webex Teams room where to send the messages.

WebhookConfig

(Appears on:Receiver)

WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config

Field Description
sendResolved
bool
(Optional)

Whether or not to notify about resolved alerts.

url
string
(Optional)

The URL to send HTTP POST requests to. urlSecret takes precedence over url. One of urlSecret and url should be defined.

urlSecret
SecretKeySelector
(Optional)

The secret’s key that contains the webhook URL to send HTTP requests to. urlSecret takes precedence over url. One of urlSecret and url should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.

httpConfig
HTTPConfig
(Optional)

HTTP client configuration.

maxAlerts
int32
(Optional)

Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.

Weekday (string alias)

Weekday is day of the week

Value Description

"friday"

"monday"

"saturday"

"sunday"

"thursday"

"tuesday"

"wednesday"

WeekdayRange (string alias)

(Appears on:TimePeriod)

WeekdayRange is an inclusive range of days of the week beginning on Sunday Days can be specified by name (e.g ‘Sunday’) or as an inclusive range (e.g ‘Monday:Friday’)

YearRange (string alias)

(Appears on:TimePeriod)

YearRange is an inclusive range of years