Skip to content
Snippets Groups Projects
0prometheusCustomResourceDefinition.yaml 739 KiB
Newer Older
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must be a valid secret key.
                                  type: string
                                name:
                                  description: |-
                                    Name of the referent.
                                    This field is effectively required, but due to backwards compatibility is
                                    allowed to be empty. Instances of this type with an empty value here are
                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        certFile:
                          description: Path to the client cert file in the Prometheus container for the targets.
                          type: string
                        insecureSkipVerify:
                          description: Disable target certificate validation.
                          type: boolean
                        keyFile:
                          description: Path to the client key file in the Prometheus container for the targets.
                          type: string
                        keySecret:
                          description: Secret containing the client key file for the targets.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must be a valid secret key.
                              type: string
                            name:
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
Philip Gough's avatar
Philip Gough committed
                        maxVersion:
                          description: |-
                            Maximum acceptable TLS version.

                            It requires Prometheus >= v2.41.0.
                          enum:
                          - TLS10
                          - TLS11
                          - TLS12
                          - TLS13
                          type: string
                        minVersion:
                          description: |-
                            Minimum acceptable TLS version.

                            It requires Prometheus >= v2.35.0.
                          enum:
                          - TLS10
                          - TLS11
                          - TLS12
                          - TLS13
                          type: string
                        serverName:
                          description: Used to verify the hostname for the targets.
                          type: string
                      type: object
                  required:
                  - name
                  type: object
                type: array
                x-kubernetes-list-map-keys:
                - name
                x-kubernetes-list-type: map
              scrapeConfigNamespaceSelector:
                description: |-
                  Namespaces to match for ScrapeConfig discovery. An empty label selector
                  matches all namespaces. A null label selector matches the current
                  namespace only.

                  Note that the ScrapeConfig custom resource definition is currently at Alpha level.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                    items:
                      description: |-
                        A label selector requirement is a selector that contains values, a key, and an operator that
                        relates the key and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies to.
                          type: string
                        operator:
                          description: |-
                            operator represents a key's relationship to a set of values.
                            Valid operators are In, NotIn, Exists and DoesNotExist.
                          description: |-
                            values is an array of string values. If the operator is In or NotIn,
                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
                            the values array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                          x-kubernetes-list-type: atomic
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: |-
                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
                      map is equivalent to an element of matchExpressions, whose key field is "key", the
                      operator is "In", and the values array contains only "value". The requirements are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              scrapeConfigSelector:
                description: |-
                  ScrapeConfigs to be selected for target discovery. An empty label
                  selector matches all objects. A null label selector matches no objects.

                  If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
                  and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
                  The Prometheus operator will ensure that the Prometheus configuration's
                  Secret exists, but it is the responsibility of the user to provide the raw
                  gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
                  This behavior is *deprecated* and will be removed in the next major version
                  of the custom resource definition. It is recommended to use
                  `spec.additionalScrapeConfigs` instead.

                  Note that the ScrapeConfig custom resource definition is currently at Alpha level.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                    items:
                      description: |-
                        A label selector requirement is a selector that contains values, a key, and an operator that
                        relates the key and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies to.
                          type: string
                        operator:
                          description: |-
                            operator represents a key's relationship to a set of values.
                            Valid operators are In, NotIn, Exists and DoesNotExist.
                          description: |-
                            values is an array of string values. If the operator is In or NotIn,
                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
                            the values array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                          x-kubernetes-list-type: atomic
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: |-
                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
                      map is equivalent to an element of matchExpressions, whose key field is "key", the
                      operator is "In", and the values array contains only "value". The requirements are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              scrapeFailureLogFile:
                description: |-
                  File to which scrape failures are logged.
                  Reloading the configuration will reopen the file.

                  If the filename has an empty path, e.g. 'file.log', The Prometheus Pods
                  will mount the file into an emptyDir volume at `/var/log/prometheus`.
                  If a full path is provided, e.g. '/var/log/prometheus/file.log', you
                  must mount a volume in the specified directory and it must be writable.
                  It requires Prometheus >= v2.55.0.
                minLength: 1
                type: string
paulfantom's avatar
paulfantom committed
              scrapeInterval:
                description: |-
                  Interval between consecutive scrapes.

                  Default: "30s"
                pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
paulfantom's avatar
paulfantom committed
                type: string
                description: |-
                  The protocols to negotiate during a scrape. It tells clients the
                  protocols supported by Prometheus in order of preference (from most to least preferred).

                  If unset, Prometheus uses its default value.

                  It requires Prometheus >= v2.49.0.

                  `PrometheusText1.0.0` requires Prometheus >= v3.0.0.
                  description: |-
                    ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.
                    Supported values are:
                    * `OpenMetricsText0.0.1`
                    * `OpenMetricsText1.0.0`
                    * `PrometheusProto`
                    * `PrometheusText0.0.4`
                    * `PrometheusText1.0.0`
                  enum:
                  - PrometheusProto
                  - OpenMetricsText0.0.1
                  - OpenMetricsText1.0.0
                  - PrometheusText0.0.4
                  type: string
                type: array
                x-kubernetes-list-type: set
              scrapeTimeout:
                description: |-
                  Number of seconds to wait until a scrape request times out.
                  The value cannot be greater than the scrape interval otherwise the operator will reject the resource.
                pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
                type: string
paulfantom's avatar
paulfantom committed
              secrets:
                description: |-
                  Secrets is a list of Secrets in the same namespace as the Prometheus
                  object, which shall be mounted into the Prometheus Pods.
                  Each Secret is added to the StatefulSet definition as a volume named `secret-<secret-name>`.
                  The Secrets are mounted into /etc/prometheus/secrets/<secret-name> in the 'prometheus' container.
paulfantom's avatar
paulfantom committed
                items:
                  type: string
                type: array
Philip Gough's avatar
Philip Gough committed
                x-kubernetes-list-type: set
paulfantom's avatar
paulfantom committed
              securityContext:
                description: |-
                  SecurityContext holds pod-level security attributes and common container settings.
                  This defaults to the default PodSecurityContext.
paulfantom's avatar
paulfantom committed
                properties:
                  appArmorProfile:
                    description: |-
                      appArmorProfile is the AppArmor options to use by the containers in this pod.
                      Note that this field cannot be set when spec.os.name is windows.
                    properties:
                      localhostProfile:
                        description: |-
                          localhostProfile indicates a profile loaded on the node that should be used.
                          The profile must be preconfigured on the node to work.
                          Must match the loaded name of the profile.
                          Must be set if and only if type is "Localhost".
                        type: string
                      type:
                        description: |-
                          type indicates which kind of AppArmor profile will be applied.
                          Valid options are:
                            Localhost - a profile pre-loaded on the node.
                            RuntimeDefault - the container runtime's default profile.
                            Unconfined - no AppArmor enforcement.
                        type: string
                    required:
                    - type
                    type: object
paulfantom's avatar
paulfantom committed
                  fsGroup:
                    description: |-
                      A special supplemental group that applies to all containers in a pod.
                      Some volume types allow the Kubelet to change the ownership of that volume
                      to be owned by the pod:

                      1. The owning GID will be the FSGroup
                      2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
                      3. The permission bits are OR'd with rw-rw----

                      If unset, the Kubelet will not modify the ownership and permissions of any volume.
                      Note that this field cannot be set when spec.os.name is windows.
paulfantom's avatar
paulfantom committed
                    format: int64
                    type: integer
                  fsGroupChangePolicy:
                    description: |-
                      fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
                      before being exposed inside Pod. This field will only apply to
                      volume types which support fsGroup based ownership(and permissions).
                      It will have no effect on ephemeral volume types such as: secret, configmaps
                      and emptydir.
                      Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
                      Note that this field cannot be set when spec.os.name is windows.
paulfantom's avatar
paulfantom committed
                    type: string
                  runAsGroup:
                    description: |-
                      The GID to run the entrypoint of the container process.
                      Uses runtime default if unset.
                      May also be set in SecurityContext.  If set in both SecurityContext and
                      PodSecurityContext, the value specified in SecurityContext takes precedence
                      for that container.
                      Note that this field cannot be set when spec.os.name is windows.
paulfantom's avatar
paulfantom committed
                    format: int64
                    type: integer
                  runAsNonRoot:
                    description: |-
                      Indicates that the container must run as a non-root user.
                      If true, the Kubelet will validate the image at runtime to ensure that it
                      does not run as UID 0 (root) and fail to start the container if it does.
                      If unset or false, no such validation will be performed.
                      May also be set in SecurityContext.  If set in both SecurityContext and
                      PodSecurityContext, the value specified in SecurityContext takes precedence.
paulfantom's avatar
paulfantom committed
                    type: boolean
                  runAsUser:
                    description: |-
                      The UID to run the entrypoint of the container process.
                      Defaults to user specified in image metadata if unspecified.
                      May also be set in SecurityContext.  If set in both SecurityContext and
                      PodSecurityContext, the value specified in SecurityContext takes precedence
                      for that container.
                      Note that this field cannot be set when spec.os.name is windows.
paulfantom's avatar
paulfantom committed
                    format: int64
                    type: integer
                  seLinuxChangePolicy:
                    description: |-
                      seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
                      It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
                      Valid values are "MountOption" and "Recursive".

                      "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
                      This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.

                      "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
                      This requires all Pods that share the same volume to use the same SELinux label.
                      It is not possible to share the same volume among privileged and unprivileged Pods.
                      Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
                      whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
                      CSIDriver instance. Other volumes are always re-labelled recursively.
                      "MountOption" value is allowed only when SELinuxMount feature gate is enabled.

                      If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
                      If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
                      and "Recursive" for all other volumes.

                      This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.

                      All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
                      Note that this field cannot be set when spec.os.name is windows.
                    type: string
paulfantom's avatar
paulfantom committed
                  seLinuxOptions:
                    description: |-
                      The SELinux context to be applied to all containers.
                      If unspecified, the container runtime will allocate a random SELinux context for each
                      container.  May also be set in SecurityContext.  If set in
                      both SecurityContext and PodSecurityContext, the value specified in SecurityContext
                      takes precedence for that container.
                      Note that this field cannot be set when spec.os.name is windows.
paulfantom's avatar
paulfantom committed
                    properties:
                      level:
                        description: Level is SELinux level label that applies to the container.
paulfantom's avatar
paulfantom committed
                        type: string
                      role:
                        description: Role is a SELinux role label that applies to the container.
paulfantom's avatar
paulfantom committed
                        type: string
                      type:
                        description: Type is a SELinux type label that applies to the container.
paulfantom's avatar
paulfantom committed
                        type: string
                      user:
                        description: User is a SELinux user label that applies to the container.
paulfantom's avatar
paulfantom committed
                        type: string
                    type: object
                    description: |-
                      The seccomp options to use by the containers in this pod.
                      Note that this field cannot be set when spec.os.name is windows.
                    properties:
                      localhostProfile:
                        description: |-
                          localhostProfile indicates a profile defined in a file on the node should be used.
                          The profile must be preconfigured on the node to work.
                          Must be a descending path, relative to the kubelet's configured seccomp profile location.
                          Must be set if type is "Localhost". Must NOT be set for any other type.
                        description: |-
                          type indicates which kind of seccomp profile will be applied.
                          Valid options are:

                          Localhost - a profile defined in a file on the node should be used.
                          RuntimeDefault - the container runtime default profile should be used.
                          Unconfined - no profile should be applied.
                        type: string
                    required:
                    - type
                    type: object
paulfantom's avatar
paulfantom committed
                  supplementalGroups:
                      A list of groups applied to the first process run in each container, in
                      addition to the container's primary GID and fsGroup (if specified).  If
                      the SupplementalGroupsPolicy feature is enabled, the
                      supplementalGroupsPolicy field determines whether these are in addition
                      to or instead of any group memberships defined in the container image.
                      If unspecified, no additional groups are added, though group memberships
                      defined in the container image may still be used, depending on the
                      supplementalGroupsPolicy field.
                      Note that this field cannot be set when spec.os.name is windows.
paulfantom's avatar
paulfantom committed
                    items:
                      format: int64
                      type: integer
                    type: array
                    x-kubernetes-list-type: atomic
                  supplementalGroupsPolicy:
                    description: |-
                      Defines how supplemental groups of the first container processes are calculated.
                      Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
                      (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
                      and the container runtime must implement support for this feature.
                      Note that this field cannot be set when spec.os.name is windows.
                    type: string
paulfantom's avatar
paulfantom committed
                  sysctls:
                    description: |-
                      Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
                      sysctls (by the container runtime) might fail to launch.
                      Note that this field cannot be set when spec.os.name is windows.
paulfantom's avatar
paulfantom committed
                    items:
                      description: Sysctl defines a kernel parameter to be set
                      properties:
                        name:
                          description: Name of a property to set
                          type: string
                        value:
                          description: Value of a property to set
                          type: string
                      required:
                      - name
                      - value
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
paulfantom's avatar
paulfantom committed
                  windowsOptions:
                    description: |-
                      The Windows specific settings applied to all containers.
                      If unspecified, the options within a container's SecurityContext will be used.
                      If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
                      Note that this field cannot be set when spec.os.name is linux.
paulfantom's avatar
paulfantom committed
                    properties:
                      gmsaCredentialSpec:
                        description: |-
                          GMSACredentialSpec is where the GMSA admission webhook
                          (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
                          GMSA credential spec named by the GMSACredentialSpecName field.
paulfantom's avatar
paulfantom committed
                        type: string
                      gmsaCredentialSpecName:
                        description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
paulfantom's avatar
paulfantom committed
                        type: string
                        description: |-
                          HostProcess determines if a container should be run as a 'Host Process' container.
                          All of a Pod's containers must have the same effective HostProcess value
                          (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
                          In addition, if HostProcess is true then HostNetwork must also be set to true.
paulfantom's avatar
paulfantom committed
                      runAsUserName:
                        description: |-
                          The UserName in Windows to run the entrypoint of the container process.
                          Defaults to the user specified in image metadata if unspecified.
                          May also be set in PodSecurityContext. If set in both SecurityContext and
                          PodSecurityContext, the value specified in SecurityContext takes precedence.
paulfantom's avatar
paulfantom committed
                        type: string
                    type: object
                type: object
              serviceAccountName:
                description: |-
                  ServiceAccountName is the name of the ServiceAccount to use to run the
                  Prometheus Pods.
paulfantom's avatar
paulfantom committed
                type: string
Philip Gough's avatar
Philip Gough committed
              serviceDiscoveryRole:
                description: |-
                  Defines the service discovery role used to discover targets from
                  `ServiceMonitor` objects and Alertmanager endpoints.

Philip Gough's avatar
Philip Gough committed
                  If set, the value should be either "Endpoints" or "EndpointSlice".
                  If unset, the operator assumes the "Endpoints" role.
                enum:
                - Endpoints
                - EndpointSlice
                type: string
paulfantom's avatar
paulfantom committed
              serviceMonitorNamespaceSelector:
                description: |-
                  Namespaces to match for ServicedMonitors discovery. An empty label selector
                  matches all namespaces. A null label selector (default value) matches the current
paulfantom's avatar
paulfantom committed
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
paulfantom's avatar
paulfantom committed
                    items:
                      description: |-
                        A label selector requirement is a selector that contains values, a key, and an operator that
                        relates the key and values.
paulfantom's avatar
paulfantom committed
                      properties:
                        key:
                          description: key is the label key that the selector applies to.
paulfantom's avatar
paulfantom committed
                          type: string
                        operator:
                          description: |-
                            operator represents a key's relationship to a set of values.
                            Valid operators are In, NotIn, Exists and DoesNotExist.
paulfantom's avatar
paulfantom committed
                          type: string
                        values:
                          description: |-
                            values is an array of string values. If the operator is In or NotIn,
                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
                            the values array must be empty. This array is replaced during a strategic
                            merge patch.
paulfantom's avatar
paulfantom committed
                          items:
                            type: string
                          type: array
                          x-kubernetes-list-type: atomic
paulfantom's avatar
paulfantom committed
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
paulfantom's avatar
paulfantom committed
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: |-
                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
                      map is equivalent to an element of matchExpressions, whose key field is "key", the
                      operator is "In", and the values array contains only "value". The requirements are ANDed.
paulfantom's avatar
paulfantom committed
                    type: object
                type: object
                x-kubernetes-map-type: atomic
paulfantom's avatar
paulfantom committed
              serviceMonitorSelector:
                description: |-
                  ServiceMonitors to be selected for target discovery. An empty label
                  selector matches all objects. A null label selector matches no objects.

                  If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
                  and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
                  The Prometheus operator will ensure that the Prometheus configuration's
                  Secret exists, but it is the responsibility of the user to provide the raw
                  gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
                  This behavior is *deprecated* and will be removed in the next major version
                  of the custom resource definition. It is recommended to use
                  `spec.additionalScrapeConfigs` instead.
paulfantom's avatar
paulfantom committed
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
paulfantom's avatar
paulfantom committed
                    items:
                      description: |-
                        A label selector requirement is a selector that contains values, a key, and an operator that
                        relates the key and values.
paulfantom's avatar
paulfantom committed
                      properties:
                        key:
                          description: key is the label key that the selector applies to.
paulfantom's avatar
paulfantom committed
                          type: string
                        operator:
                          description: |-
                            operator represents a key's relationship to a set of values.
                            Valid operators are In, NotIn, Exists and DoesNotExist.
paulfantom's avatar
paulfantom committed
                          type: string
                        values:
                          description: |-
                            values is an array of string values. If the operator is In or NotIn,
                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
                            the values array must be empty. This array is replaced during a strategic
                            merge patch.
paulfantom's avatar
paulfantom committed
                          items:
                            type: string
                          type: array
                          x-kubernetes-list-type: atomic
paulfantom's avatar
paulfantom committed
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
paulfantom's avatar
paulfantom committed
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: |-
                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
                      map is equivalent to an element of matchExpressions, whose key field is "key", the
                      operator is "In", and the values array contains only "value". The requirements are ANDed.
paulfantom's avatar
paulfantom committed
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              serviceName:
                description: |-
                  The name of the service name used by the underlying StatefulSet(s) as the governing service.
                  If defined, the Service  must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels.
                  If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources,
                  or `prometheus-agent-operated` for PrometheusAgent resources.
                  When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each.
                  See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details.
                minLength: 1
                type: string
paulfantom's avatar
paulfantom committed
              sha:
                description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.'
paulfantom's avatar
paulfantom committed
                type: string
              shardRetentionPolicy:
                description: |-
                  ShardRetentionPolicy defines the retention policy for the Prometheus shards.
                  (Alpha) Using this field requires the 'PrometheusShardRetentionPolicy' feature gate to be enabled.

                  The final goals for this feature can be seen at https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/proposals/202310-shard-autoscaling.md#graceful-scale-down-of-prometheus-servers,
                  however, the feature is not yet fully implemented in this PR. The limitation being:
                  * Retention duration is not settable, for now, shards are retained forever.
                properties:
                  whenScaled:
                    description: |-
                      Defines the retention policy when the Prometheus shards are scaled down.
                      * `Delete`, the operator will delete the pods from the scaled-down shard(s).
                      * `Retain`, the operator will keep the pods from the scaled-down shard(s), so the data can still be queried.

                      If not defined, the operator assumes the `Delete` value.
                    enum:
                    - Retain
                    - Delete
                    type: string
                type: object
Lili Cosic's avatar
Lili Cosic committed
              shards:
                  Number of shards to distribute the scraped targets onto.
                  `spec.replicas` multiplied by `spec.shards` is the total number of Pods
                  being created.

                  When not defined, the operator assumes only one shard.

                  Note that scaling down shards will not reshard data onto the remaining
                  instances, it must be manually moved. Increasing shards will not reshard
                  data either but it will continue to be available from the same
                  instances. To query globally, use either
                  * Thanos sidecar + querier for query federation and Thanos Ruler for rules.
                  * Remote-write to send metrics to a central location.
                  By default, the sharding of targets is performed on:
                  * The `__address__` target's metadata label for PodMonitor,
                  ServiceMonitor and ScrapeConfig resources.
                  * The `__param_target__` label for Probe resources.
                  Users can define their own sharding implementation by setting the
                  `__tmp_hash` label during the target discovery with relabeling
                  configuration (either in the monitoring resources or via scrape class).
Lili Cosic's avatar
Lili Cosic committed
                format: int32
                type: integer
paulfantom's avatar
paulfantom committed
              storage:
                description: Storage defines the storage used by Prometheus.
paulfantom's avatar
paulfantom committed
                properties:
                  disableMountSubPath:
                    description: 'Deprecated: subPath usage will be removed in a future release.'
paulfantom's avatar
paulfantom committed
                    type: boolean
                  emptyDir:
                    description: |-
                      EmptyDirVolumeSource to be used by the StatefulSet.
                      If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.
                      More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
paulfantom's avatar
paulfantom committed
                    properties:
                      medium:
                        description: |-
                          medium represents what type of storage medium should back this directory.
                          The default is "" which means to use the node's default medium.
                          Must be an empty string (default) or Memory.
                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
paulfantom's avatar
paulfantom committed
                        type: string
                      sizeLimit:
Lili Cosic's avatar
Lili Cosic committed
                        anyOf:
                        - type: integer
                        - type: string
                        description: |-
                          sizeLimit is the total amount of local storage required for this EmptyDir volume.
                          The size limit is also applicable for memory medium.
                          The maximum usage on memory medium EmptyDir would be the minimum value between
                          the SizeLimit specified here and the sum of memory limits of all containers in a pod.
                          The default is nil which means that the limit is undefined.
                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Lili Cosic's avatar
Lili Cosic committed
                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                        x-kubernetes-int-or-string: true
paulfantom's avatar
paulfantom committed
                    type: object
                    description: |-
                      EphemeralVolumeSource to be used by the StatefulSet.
                      This is a beta field in k8s 1.21 and GA in 1.15.
                      For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.
                      More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
                    properties:
                      volumeClaimTemplate:
                        description: |-
                          Will be used to create a stand-alone PVC to provision the volume.
                          The pod in which this EphemeralVolumeSource is embedded will be the
                          owner of the PVC, i.e. the PVC will be deleted together with the
                          pod.  The name of the PVC will be `<pod name>-<volume name>` where
                          `<volume name>` is the name from the `PodSpec.Volumes` array
                          entry. Pod validation will reject the pod if the concatenated name
                          is not valid for a PVC (for example, too long).

                          An existing PVC with that name that is not owned by the pod
                          will *not* be used for the pod to avoid using an unrelated
                          volume by mistake. Starting the pod is then blocked until
                          the unrelated PVC is removed. If such a pre-created PVC is
                          meant to be used by the pod, the PVC has to updated with an
                          owner reference to the pod once the pod exists. Normally
                          this should not be necessary, but it may be useful when
                          manually reconstructing a broken cluster.

                          This field is read-only and no changes will be made by Kubernetes
                          to the PVC after it has been created.

                          Required, must not be nil.
                            description: |-
                              May contain labels and annotations that will be copied into the PVC
                              when creating it. No other fields are allowed and will be rejected during
                              validation.
                            description: |-
                              The specification for the PersistentVolumeClaim. The entire content is
                              copied unchanged into the PVC that gets created from this
                              template. The same fields as in a PersistentVolumeClaim
                              are also valid here.
                                description: |-
                                  accessModes contains the desired access modes the volume should have.
                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
                                items:
                                  type: string
                                type: array
                                x-kubernetes-list-type: atomic
                                description: |-
                                  dataSource field can be used to specify either:
                                  * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
                                  * An existing PVC (PersistentVolumeClaim)
                                  If the provisioner or an external controller can support the specified data source,
                                  it will create a new volume based on the contents of the specified data source.
                                  When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
                                  and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
                                  If the namespace is specified, then dataSourceRef will not be copied to dataSource.
                                    description: |-
                                      APIGroup is the group for the resource being referenced.
                                      If APIGroup is not specified, the specified Kind must be in the core API group.
                                      For any other third-party types, APIGroup is required.
                                    description: Kind is the type of resource being referenced
                                    description: Name is the name of resource being referenced
                                    type: string
                                required:
                                - kind
                                - name
                                type: object
                                x-kubernetes-map-type: atomic
                                description: |-
                                  dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
                                  volume is desired. This may be any object from a non-empty API group (non
                                  core object) or a PersistentVolumeClaim object.
                                  When this field is specified, volume binding will only succeed if the type of
                                  the specified object matches some installed volume populator or dynamic
                                  provisioner.
                                  This field will replace the functionality of the dataSource field and as such
                                  if both fields are non-empty, they must have the same value. For backwards
                                  compatibility, when namespace isn't specified in dataSourceRef,
                                  both fields (dataSource and dataSourceRef) will be set to the same
                                  value automatically if one of them is empty and the other is non-empty.
                                  When namespace is specified in dataSourceRef,
                                  dataSource isn't set to the same value and must be empty.
                                  There are three important differences between dataSource and dataSourceRef:
                                  * While dataSource only allows two specific types of objects, dataSourceRef
                                    allows any non-core object, as well as PersistentVolumeClaim objects.
                                  * While dataSource ignores disallowed values (dropping them), dataSourceRef
                                    preserves all values, and generates an error if a disallowed value is
                                    specified.
                                  * While dataSource only allows local objects, dataSourceRef allows objects
                                    in any namespaces.
                                  (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
                                  (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
                                    description: |-
                                      APIGroup is the group for the resource being referenced.
                                      If APIGroup is not specified, the specified Kind must be in the core API group.
                                      For any other third-party types, APIGroup is required.
                                    description: Kind is the type of resource being referenced
                                    description: Name is the name of resource being referenced
                                    description: |-
                                      Namespace is the namespace of resource being referenced
                                      Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
                                      (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
                                required:
                                - kind
                                - name
                                type: object
                              resources:
                                description: |-
                                  resources represents the minimum resources the volume should have.
                                  If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
                                  that are lower than previous value but must still be higher than capacity recorded in the
                                  status field of the claim.
                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
                                properties:
                                  limits:
                                    additionalProperties:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
                                    description: |-
                                      Limits describes the maximum amount of compute resources allowed.
                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
                                    type: object
                                  requests:
                                    additionalProperties:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
                                    description: |-
                                      Requests describes the minimum amount of compute resources required.
                                      If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
                                      otherwise to an implementation-defined value. Requests cannot exceed Limits.
                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
                                    type: object
                                type: object
                              selector:
                                description: selector is a label query over volumes to consider for binding.
                                properties:
                                  matchExpressions:
                                    description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                                      description: |-
                                        A label selector requirement is a selector that contains values, a key, and an operator that
                                        relates the key and values.
                                          description: key is the label key that the selector applies to.
                                          description: |-
                                            operator represents a key's relationship to a set of values.
                                            Valid operators are In, NotIn, Exists and DoesNotExist.
                                          description: |-
                                            values is an array of string values. If the operator is In or NotIn,
                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
                                            the values array must be empty. This array is replaced during a strategic
                                            merge patch.
                                          items:
                                            type: string
                                          type: array
                                          x-kubernetes-list-type: atomic
                                      required:
                                      - key
                                      - operator
                                      type: object
                                    type: array
                                    x-kubernetes-list-type: atomic
                                  matchLabels:
                                    additionalProperties:
                                      type: string
                                    description: |-
                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
                                    type: object
                                type: object
                                x-kubernetes-map-type: atomic
                                description: |-
                                  storageClassName is the name of the StorageClass required by the claim.
                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
                              volumeAttributesClassName:
                                description: |-
                                  volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
                                  If specified, the CSI driver will create or update the volume with the attributes defined
                                  in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
                                  it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
                                  will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
                                  If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
                                  will be set by the persistentvolume controller if it exists.
                                  If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
                                  set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
                                  exists.
                                  More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
                                  (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
                                description: |-
                                  volumeMode defines what type of volume is required by the claim.
                                  Value of Filesystem is implied when not included in claim spec.
                                description: volumeName is the binding reference to the PersistentVolume backing this claim.
                                type: string
                            type: object
                        required:
                        - spec
                        type: object
                    type: object
paulfantom's avatar
paulfantom committed
                  volumeClaimTemplate:
                    description: |-
                      Defines the PVC spec to be used by the Prometheus StatefulSets.
                      The easiest way to use a volume that cannot be automatically provisioned
                      is to use a label selector alongside manually created PersistentVolumes.
paulfantom's avatar
paulfantom committed
                    properties:
                      apiVersion:
                        description: |-
                          APIVersion defines the versioned schema of this representation of an object.
                          Servers should convert recognized schemas to the latest internal value, and
                          may reject unrecognized values.
                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
paulfantom's avatar
paulfantom committed
                        type: string
                      kind:
                        description: |-
                          Kind is a string value representing the REST resource this object represents.
                          Servers may infer this from the endpoint the client submits requests to.
                          Cannot be updated.
                          In CamelCase.
                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
paulfantom's avatar
paulfantom committed
                        type: string
                      metadata:
                        description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource.
paulfantom's avatar
paulfantom committed
                        properties:
                          annotations:
                            additionalProperties:
                              type: string
                            description: |-
                              Annotations is an unstructured key value map stored with a resource that may be
                              set by external tools to store and retrieve arbitrary metadata. They are not
                              queryable and should be preserved when modifying objects.
                              More info: http://kubernetes.io/docs/user-guide/annotations
                            type: object
paulfantom's avatar
paulfantom committed
                          labels:
                            additionalProperties:
                              type: string
                            description: |-
                              Map of string keys and values that can be used to organize and categorize
                              (scope and select) objects. May match selectors of replication controllers
                              and services.
                              More info: http://kubernetes.io/docs/user-guide/labels
                            type: object
paulfantom's avatar
paulfantom committed
                          name:
                            description: |-
                              Name must be unique within a namespace. Is required when creating resources, although
                              some resources may allow a client to request the generation of an appropriate name
                              automatically. Name is primarily intended for creation idempotence and configuration
                              definition.
                              Cannot be updated.
                              More info: http://kubernetes.io/docs/user-guide/identifiers#names
paulfantom's avatar
paulfantom committed
                            type: string
                        type: object
paulfantom's avatar
paulfantom committed
                      spec:
                        description: |-
                          Defines the desired characteristics of a volume requested by a pod author.
                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
                        properties:
paulfantom's avatar
paulfantom committed
                          accessModes:
                            description: |-
                              accessModes contains the desired access modes the volume should have.
                              More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
paulfantom's avatar
paulfantom committed
                            items:
                              type: string
                            type: array
                            x-kubernetes-list-type: atomic