Skip to content
Snippets Groups Projects
prometheus-operator-0thanosrulerCustomResourceDefinition.yaml 271 KiB
Newer Older
1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453
                                  to 65535. Name must be an IANA_SVC_NAME.
                                x-kubernetes-int-or-string: true
                              scheme:
                                description: Scheme to use for connecting to the host.
                                  Defaults to HTTP.
                                type: string
                            required:
                            - port
                            type: object
                          tcpSocket:
                            description: 'TCPSocket specifies an action involving
                              a TCP port. TCP hooks not yet supported TODO: implement
                              a realistic TCP lifecycle hook'
                            properties:
                              host:
                                description: 'Optional: Host name to connect to, defaults
                                  to the pod IP.'
                                type: string
                              port:
                                anyOf:
                                - type: integer
                                - type: string
                                description: Number or name of the port to access
                                  on the container. Number must be in the range 1
                                  to 65535. Name must be an IANA_SVC_NAME.
                                x-kubernetes-int-or-string: true
                            required:
                            - port
                            type: object
                        type: object
                    type: object
                  livenessProbe:
                    description: 'Periodic probe of container liveness. Container
                      will be restarted if the probe fails. Cannot be updated. More
                      info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                    properties:
                      exec:
                        description: One and only one of the following should be specified.
                          Exec specifies the action to take.
                        properties:
                          command:
                            description: Command is the command line to execute inside
                              the container, the working directory for the command  is
                              root ('/') in the container's filesystem. The command
                              is simply exec'd, it is not run inside a shell, so traditional
                              shell instructions ('|', etc) won't work. To use a shell,
                              you need to explicitly call out to that shell. Exit
                              status of 0 is treated as live/healthy and non-zero
                              is unhealthy.
                            items:
                              type: string
                            type: array
                        type: object
                      failureThreshold:
                        description: Minimum consecutive failures for the probe to
                          be considered failed after having succeeded. Defaults to
                          3. Minimum value is 1.
                        format: int32
                        type: integer
                      httpGet:
                        description: HTTPGet specifies the http request to perform.
                        properties:
                          host:
                            description: Host name to connect to, defaults to the
                              pod IP. You probably want to set "Host" in httpHeaders
                              instead.
                            type: string
                          httpHeaders:
                            description: Custom headers to set in the request. HTTP
                              allows repeated headers.
                            items:
                              description: HTTPHeader describes a custom header to
                                be used in HTTP probes
                              properties:
                                name:
                                  description: The header field name
                                  type: string
                                value:
                                  description: The header field value
                                  type: string
                              required:
                              - name
                              - value
                              type: object
                            type: array
                          path:
                            description: Path to access on the HTTP server.
                            type: string
                          port:
                            anyOf:
                            - type: integer
                            - type: string
                            description: Name or number of the port to access on the
                              container. Number must be in the range 1 to 65535. Name
                              must be an IANA_SVC_NAME.
                            x-kubernetes-int-or-string: true
                          scheme:
                            description: Scheme to use for connecting to the host.
                              Defaults to HTTP.
                            type: string
                        required:
                        - port
                        type: object
                      initialDelaySeconds:
                        description: 'Number of seconds after the container has started
                          before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                        format: int32
                        type: integer
                      periodSeconds:
                        description: How often (in seconds) to perform the probe.
                          Default to 10 seconds. Minimum value is 1.
                        format: int32
                        type: integer
                      successThreshold:
                        description: Minimum consecutive successes for the probe to
                          be considered successful after having failed. Defaults to
                          1. Must be 1 for liveness and startup. Minimum value is
                          1.
                        format: int32
                        type: integer
                      tcpSocket:
                        description: 'TCPSocket specifies an action involving a TCP
                          port. TCP hooks not yet supported TODO: implement a realistic
                          TCP lifecycle hook'
                        properties:
                          host:
                            description: 'Optional: Host name to connect to, defaults
                              to the pod IP.'
                            type: string
                          port:
                            anyOf:
                            - type: integer
                            - type: string
                            description: Number or name of the port to access on the
                              container. Number must be in the range 1 to 65535. Name
                              must be an IANA_SVC_NAME.
                            x-kubernetes-int-or-string: true
                        required:
                        - port
                        type: object
                      timeoutSeconds:
                        description: 'Number of seconds after which the probe times
                          out. Defaults to 1 second. Minimum value is 1. More info:
                          https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                        format: int32
                        type: integer
                    type: object
                  name:
                    description: Name of the container specified as a DNS_LABEL. Each
                      container in a pod must have a unique name (DNS_LABEL). Cannot
                      be updated.
                    type: string
                  ports:
                    description: List of ports to expose from the container. Exposing
                      a port here gives the system additional information about the
                      network connections a container uses, but is primarily informational.
                      Not specifying a port here DOES NOT prevent that port from being
                      exposed. Any port which is listening on the default "0.0.0.0"
                      address inside a container will be accessible from the network.
                      Cannot be updated.
                    items:
                      description: ContainerPort represents a network port in a single
                        container.
                      properties:
                        containerPort:
                          description: Number of port to expose on the pod's IP address.
                            This must be a valid port number, 0 < x < 65536.
                          format: int32
                          type: integer
                        hostIP:
                          description: What host IP to bind the external port to.
                          type: string
                        hostPort:
                          description: Number of port to expose on the host. If specified,
                            this must be a valid port number, 0 < x < 65536. If HostNetwork
                            is specified, this must match ContainerPort. Most containers
                            do not need this.
                          format: int32
                          type: integer
                        name:
                          description: If specified, this must be an IANA_SVC_NAME
                            and unique within the pod. Each named port in a pod must
                            have a unique name. Name for the port that can be referred
                            to by services.
                          type: string
                        protocol:
                          description: Protocol for port. Must be UDP, TCP, or SCTP.
                            Defaults to "TCP".
                          type: string
                      required:
                      - containerPort
                      type: object
                    type: array
                  readinessProbe:
                    description: 'Periodic probe of container service readiness. Container
                      will be removed from service endpoints if the probe fails. Cannot
                      be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                    properties:
                      exec:
                        description: One and only one of the following should be specified.
                          Exec specifies the action to take.
                        properties:
                          command:
                            description: Command is the command line to execute inside
                              the container, the working directory for the command  is
                              root ('/') in the container's filesystem. The command
                              is simply exec'd, it is not run inside a shell, so traditional
                              shell instructions ('|', etc) won't work. To use a shell,
                              you need to explicitly call out to that shell. Exit
                              status of 0 is treated as live/healthy and non-zero
                              is unhealthy.
                            items:
                              type: string
                            type: array
                        type: object
                      failureThreshold:
                        description: Minimum consecutive failures for the probe to
                          be considered failed after having succeeded. Defaults to
                          3. Minimum value is 1.
                        format: int32
                        type: integer
                      httpGet:
                        description: HTTPGet specifies the http request to perform.
                        properties:
                          host:
                            description: Host name to connect to, defaults to the
                              pod IP. You probably want to set "Host" in httpHeaders
                              instead.
                            type: string
                          httpHeaders:
                            description: Custom headers to set in the request. HTTP
                              allows repeated headers.
                            items:
                              description: HTTPHeader describes a custom header to
                                be used in HTTP probes
                              properties:
                                name:
                                  description: The header field name
                                  type: string
                                value:
                                  description: The header field value
                                  type: string
                              required:
                              - name
                              - value
                              type: object
                            type: array
                          path:
                            description: Path to access on the HTTP server.
                            type: string
                          port:
                            anyOf:
                            - type: integer
                            - type: string
                            description: Name or number of the port to access on the
                              container. Number must be in the range 1 to 65535. Name
                              must be an IANA_SVC_NAME.
                            x-kubernetes-int-or-string: true
                          scheme:
                            description: Scheme to use for connecting to the host.
                              Defaults to HTTP.
                            type: string
                        required:
                        - port
                        type: object
                      initialDelaySeconds:
                        description: 'Number of seconds after the container has started
                          before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                        format: int32
                        type: integer
                      periodSeconds:
                        description: How often (in seconds) to perform the probe.
                          Default to 10 seconds. Minimum value is 1.
                        format: int32
                        type: integer
                      successThreshold:
                        description: Minimum consecutive successes for the probe to
                          be considered successful after having failed. Defaults to
                          1. Must be 1 for liveness and startup. Minimum value is
                          1.
                        format: int32
                        type: integer
                      tcpSocket:
                        description: 'TCPSocket specifies an action involving a TCP
                          port. TCP hooks not yet supported TODO: implement a realistic
                          TCP lifecycle hook'
                        properties:
                          host:
                            description: 'Optional: Host name to connect to, defaults
                              to the pod IP.'
                            type: string
                          port:
                            anyOf:
                            - type: integer
                            - type: string
                            description: Number or name of the port to access on the
                              container. Number must be in the range 1 to 65535. Name
                              must be an IANA_SVC_NAME.
                            x-kubernetes-int-or-string: true
                        required:
                        - port
                        type: object
                      timeoutSeconds:
                        description: 'Number of seconds after which the probe times
                          out. Defaults to 1 second. Minimum value is 1. More info:
                          https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                        format: int32
                        type: integer
                    type: object
                  resources:
                    description: 'Compute Resources required by this container. Cannot
                      be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
                    properties:
                      limits:
                        additionalProperties:
                          type: string
                        description: 'Limits describes the maximum amount of compute
                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
                        type: object
                      requests:
                        additionalProperties:
                          type: string
                        description: 'Requests describes the minimum amount of compute
                          resources required. If Requests is omitted for a container,
                          it defaults to Limits if that is explicitly specified, otherwise
                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
                        type: object
                    type: object
                  securityContext:
                    description: 'Security options the pod should run with. More info:
                      https://kubernetes.io/docs/concepts/policy/security-context/
                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                    properties:
                      allowPrivilegeEscalation:
                        description: 'AllowPrivilegeEscalation controls whether a
                          process can gain more privileges than its parent process.
                          This bool directly controls if the no_new_privs flag will
                          be set on the container process. AllowPrivilegeEscalation
                          is true always when the container is: 1) run as Privileged
                          2) has CAP_SYS_ADMIN'
                        type: boolean
                      capabilities:
                        description: The capabilities to add/drop when running containers.
                          Defaults to the default set of capabilities granted by the
                          container runtime.
                        properties:
                          add:
                            description: Added capabilities
                            items:
                              description: Capability represent POSIX capabilities
                                type
                              type: string
                            type: array
                          drop:
                            description: Removed capabilities
                            items:
                              description: Capability represent POSIX capabilities
                                type
                              type: string
                            type: array
                        type: object
                      privileged:
                        description: Run container in privileged mode. Processes in
                          privileged containers are essentially equivalent to root
                          on the host. Defaults to false.
                        type: boolean
                      procMount:
                        description: procMount denotes the type of proc mount to use
                          for the containers. The default is DefaultProcMount which
                          uses the container runtime defaults for readonly paths and
                          masked paths. This requires the ProcMountType feature flag
                          to be enabled.
                        type: string
                      readOnlyRootFilesystem:
                        description: Whether this container has a read-only root filesystem.
                          Default is false.
                        type: boolean
                      runAsGroup:
                        description: The GID to run the entrypoint of the container
                          process. Uses runtime default if unset. May also be set
                          in PodSecurityContext.  If set in both SecurityContext and
                          PodSecurityContext, the value specified in SecurityContext
                          takes precedence.
                        format: int64
                        type: integer
                      runAsNonRoot:
                        description: Indicates that the container must run as a non-root
                          user. If true, the Kubelet will validate the image at runtime
                          to ensure that it does not run as UID 0 (root) and fail
                          to start the container if it does. If unset or false, no
                          such validation will be performed. May also be set in PodSecurityContext.  If
                          set in both SecurityContext and PodSecurityContext, the
                          value specified in SecurityContext takes precedence.
                        type: boolean
                      runAsUser:
                        description: The UID to run the entrypoint of the container
                          process. Defaults to user specified in image metadata if
                          unspecified. May also be set in PodSecurityContext.  If
                          set in both SecurityContext and PodSecurityContext, the
                          value specified in SecurityContext takes precedence.
                        format: int64
                        type: integer
                      seLinuxOptions:
                        description: The SELinux context to be applied to the container.
                          If unspecified, the container runtime will allocate a random
                          SELinux context for each container.  May also be set in
                          PodSecurityContext.  If set in both SecurityContext and
                          PodSecurityContext, the value specified in SecurityContext
                          takes precedence.
                        properties:
                          level:
                            description: Level is SELinux level label that applies
                              to the container.
                            type: string
                          role:
                            description: Role is a SELinux role label that applies
                              to the container.
                            type: string
                          type:
                            description: Type is a SELinux type label that applies
                              to the container.
                            type: string
                          user:
                            description: User is a SELinux user label that applies
                              to the container.
                            type: string
                        type: object
                      windowsOptions:
                        description: The Windows specific settings applied to all
                          containers. If unspecified, the options from the PodSecurityContext
                          will be used. If set in both SecurityContext and PodSecurityContext,
                          the value specified in SecurityContext takes precedence.
                        properties:
                          gmsaCredentialSpec:
                            description: GMSACredentialSpec is where the GMSA admission
                              webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                              inlines the contents of the GMSA credential spec named
                              by the GMSACredentialSpecName field. This field is alpha-level
                              and is only honored by servers that enable the WindowsGMSA
                              feature flag.
                            type: string
                          gmsaCredentialSpecName:
                            description: GMSACredentialSpecName is the name of the
                              GMSA credential spec to use. This field is alpha-level
                              and is only honored by servers that enable the WindowsGMSA
                              feature flag.
                            type: string
                          runAsUserName:
                            description: The UserName in Windows to run the entrypoint
                              of the container process. Defaults to the user specified
                              in image metadata if unspecified. May also be set in
                              PodSecurityContext. If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext
                              takes precedence. This field is beta-level and may be
                              disabled with the WindowsRunAsUserName feature flag.
                            type: string
                        type: object
                    type: object
                  startupProbe:
                    description: 'StartupProbe indicates that the Pod has successfully
                      initialized. If specified, no other probes are executed until
                      this completes successfully. If this probe fails, the Pod will
                      be restarted, just as if the livenessProbe failed. This can
                      be used to provide different probe parameters at the beginning
                      of a Pod''s lifecycle, when it might take a long time to load
                      data or warm a cache, than during steady-state operation. This
                      cannot be updated. This is an alpha feature enabled by the StartupProbe
                      feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                    properties:
                      exec:
                        description: One and only one of the following should be specified.
                          Exec specifies the action to take.
                        properties:
                          command:
                            description: Command is the command line to execute inside
                              the container, the working directory for the command  is
                              root ('/') in the container's filesystem. The command
                              is simply exec'd, it is not run inside a shell, so traditional
                              shell instructions ('|', etc) won't work. To use a shell,
                              you need to explicitly call out to that shell. Exit
                              status of 0 is treated as live/healthy and non-zero
                              is unhealthy.
                            items:
                              type: string
                            type: array
                        type: object
                      failureThreshold:
                        description: Minimum consecutive failures for the probe to
                          be considered failed after having succeeded. Defaults to
                          3. Minimum value is 1.
                        format: int32
                        type: integer
                      httpGet:
                        description: HTTPGet specifies the http request to perform.
                        properties:
                          host:
                            description: Host name to connect to, defaults to the
                              pod IP. You probably want to set "Host" in httpHeaders
                              instead.
                            type: string
                          httpHeaders:
                            description: Custom headers to set in the request. HTTP
                              allows repeated headers.
                            items:
                              description: HTTPHeader describes a custom header to
                                be used in HTTP probes
                              properties:
                                name:
                                  description: The header field name
                                  type: string
                                value:
                                  description: The header field value
                                  type: string
                              required:
                              - name
                              - value
                              type: object
                            type: array
                          path:
                            description: Path to access on the HTTP server.
                            type: string
                          port:
                            anyOf:
                            - type: integer
                            - type: string
                            description: Name or number of the port to access on the
                              container. Number must be in the range 1 to 65535. Name
                              must be an IANA_SVC_NAME.
                            x-kubernetes-int-or-string: true
                          scheme:
                            description: Scheme to use for connecting to the host.
                              Defaults to HTTP.
                            type: string
                        required:
                        - port
                        type: object
                      initialDelaySeconds:
                        description: 'Number of seconds after the container has started
                          before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                        format: int32
                        type: integer
                      periodSeconds:
                        description: How often (in seconds) to perform the probe.
                          Default to 10 seconds. Minimum value is 1.
                        format: int32
                        type: integer
                      successThreshold:
                        description: Minimum consecutive successes for the probe to
                          be considered successful after having failed. Defaults to
                          1. Must be 1 for liveness and startup. Minimum value is
                          1.
                        format: int32
                        type: integer
                      tcpSocket:
                        description: 'TCPSocket specifies an action involving a TCP
                          port. TCP hooks not yet supported TODO: implement a realistic
                          TCP lifecycle hook'
                        properties:
                          host:
                            description: 'Optional: Host name to connect to, defaults
                              to the pod IP.'
                            type: string
                          port:
                            anyOf:
                            - type: integer
                            - type: string
                            description: Number or name of the port to access on the
                              container. Number must be in the range 1 to 65535. Name
                              must be an IANA_SVC_NAME.
                            x-kubernetes-int-or-string: true
                        required:
                        - port
                        type: object
                      timeoutSeconds:
                        description: 'Number of seconds after which the probe times
                          out. Defaults to 1 second. Minimum value is 1. More info:
                          https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                        format: int32
                        type: integer
                    type: object
                  stdin:
                    description: Whether this container should allocate a buffer for
                      stdin in the container runtime. If this is not set, reads from
                      stdin in the container will always result in EOF. Default is
                      false.
                    type: boolean
                  stdinOnce:
                    description: Whether the container runtime should close the stdin
                      channel after it has been opened by a single attach. When stdin
                      is true the stdin stream will remain open across multiple attach
                      sessions. If stdinOnce is set to true, stdin is opened on container
                      start, is empty until the first client attaches to stdin, and
                      then remains open and accepts data until the client disconnects,
                      at which time stdin is closed and remains closed until the container
                      is restarted. If this flag is false, a container processes that
                      reads from stdin will never receive an EOF. Default is false
                    type: boolean
                  terminationMessagePath:
                    description: 'Optional: Path at which the file to which the container''s
                      termination message will be written is mounted into the container''s
                      filesystem. Message written is intended to be brief final status,
                      such as an assertion failure message. Will be truncated by the
                      node if greater than 4096 bytes. The total message length across
                      all containers will be limited to 12kb. Defaults to /dev/termination-log.
                      Cannot be updated.'
                    type: string
                  terminationMessagePolicy:
                    description: Indicate how the termination message should be populated.
                      File will use the contents of terminationMessagePath to populate
                      the container status message on both success and failure. FallbackToLogsOnError
                      will use the last chunk of container log output if the termination
                      message file is empty and the container exited with an error.
                      The log output is limited to 2048 bytes or 80 lines, whichever
                      is smaller. Defaults to File. Cannot be updated.
                    type: string
                  tty:
                    description: Whether this container should allocate a TTY for
                      itself, also requires 'stdin' to be true. Default is false.
                    type: boolean
                  volumeDevices:
                    description: volumeDevices is the list of block devices to be
                      used by the container. This is a beta feature.
                    items:
                      description: volumeDevice describes a mapping of a raw block
                        device within a container.
                      properties:
                        devicePath:
                          description: devicePath is the path inside of the container
                            that the device will be mapped to.
                          type: string
                        name:
                          description: name must match the name of a persistentVolumeClaim
                            in the pod
                          type: string
                      required:
                      - devicePath
                      - name
                      type: object
                    type: array
                  volumeMounts:
                    description: Pod volumes to mount into the container's filesystem.
                      Cannot be updated.
                    items:
                      description: VolumeMount describes a mounting of a Volume within
                        a container.
                      properties:
                        mountPath:
                          description: Path within the container at which the volume
                            should be mounted.  Must not contain ':'.
                          type: string
                        mountPropagation:
                          description: mountPropagation determines how mounts are
                            propagated from the host to container and the other way
                            around. When not set, MountPropagationNone is used. This
                            field is beta in 1.10.
                          type: string
                        name:
                          description: This must match the Name of a Volume.
                          type: string
                        readOnly:
                          description: Mounted read-only if true, read-write otherwise
                            (false or unspecified). Defaults to false.
                          type: boolean
                        subPath:
                          description: Path within the volume from which the container's
                            volume should be mounted. Defaults to "" (volume's root).
                          type: string
                        subPathExpr:
                          description: Expanded path within the volume from which
                            the container's volume should be mounted. Behaves similarly
                            to SubPath but environment variable references $(VAR_NAME)
                            are expanded using the container's environment. Defaults
                            to "" (volume's root). SubPathExpr and SubPath are mutually
                            exclusive.
                          type: string
                      required:
                      - mountPath
                      - name
                      type: object
                    type: array
                  workingDir:
                    description: Container's working directory. If not specified,
                      the container runtime's default will be used, which might be
                      configured in the container image. Cannot be updated.
                    type: string
                required:
                - name
                type: object
              type: array
            enforcedNamespaceLabel:
              description: EnforcedNamespaceLabel enforces adding a namespace label
                of origin for each alert and metric that is user created. The label
                value will always be the namespace of the object that is being created.
              type: string
            evaluationInterval:
              description: Interval between consecutive evaluations.
              type: string
            externalPrefix:
              description: The external URL the Thanos Ruler instances will be available
                under. This is necessary to generate correct URLs. This is necessary
                if Thanos Ruler is not served from root of a DNS name.
              type: string
            grpcServerTlsConfig:
              description: 'GRPCServerTLSConfig configures the gRPC server from which
                Thanos Querier reads recorded rule data. Note: Currently only the
                CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*''
                CLI args.'
              properties:
                ca:
                  description: Stuct containing the CA cert to use for the targets.
                  properties:
                    configMap:
                      description: ConfigMap containing data to use for the targets.
                      properties:
                        key:
                          description: The key to select.
                          type: string
                        name:
                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?'
                          type: string
                        optional:
                          description: Specify whether the ConfigMap or its key must
                            be defined
                          type: boolean
                      required:
                      - key
                      type: object
                    secret:
                      description: Secret containing data to use for the targets.
                      properties:
                        key:
                          description: The key of the secret to select from.  Must
                            be a valid secret key.
                          type: string
                        name:
                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?'
                          type: string
                        optional:
                          description: Specify whether the Secret or its key must
                            be defined
                          type: boolean
                      required:
                      - key
                      type: object
                  type: object
                caFile:
                  description: Path to the CA cert in the Prometheus container to
                    use for the targets.
                  type: string
                cert:
                  description: Struct containing the client cert file for the targets.
                  properties:
                    configMap:
                      description: ConfigMap containing data to use for the targets.
                      properties:
                        key:
                          description: The key to select.
                          type: string
                        name:
                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?'
                          type: string
                        optional:
                          description: Specify whether the ConfigMap or its key must
                            be defined
                          type: boolean
                      required:
                      - key
                      type: object
                    secret:
                      description: Secret containing data to use for the targets.
                      properties:
                        key:
                          description: The key of the secret to select from.  Must
                            be a valid secret key.
                          type: string
                        name:
                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?'
                          type: string
                        optional:
                          description: Specify whether the Secret or its key must
                            be defined
                          type: boolean
                      required:
                      - key
                      type: object
                  type: object
                certFile:
                  description: Path to the client cert file in the Prometheus container
                    for the targets.
                  type: string
                insecureSkipVerify:
                  description: Disable target certificate validation.
                  type: boolean
                keyFile:
                  description: Path to the client key file in the Prometheus container
                    for the targets.
                  type: string
                keySecret:
                  description: Secret containing the client key file for the targets.
                  properties:
                    key:
                      description: The key of the secret to select from.  Must be
                        a valid secret key.
                      type: string
                    name:
                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        TODO: Add other useful fields. apiVersion, kind, uid?'
                      type: string
                    optional:
                      description: Specify whether the Secret or its key must be defined
                      type: boolean
                  required:
                  - key
                  type: object
                serverName:
                  description: Used to verify the hostname for the targets.
                  type: string
              type: object
            image:
              description: Thanos container image URL.
              type: string
            imagePullSecrets:
              description: An optional list of references to secrets in the same namespace
                to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
              items:
                description: LocalObjectReference contains enough information to let
                  you locate the referenced object inside the same namespace.
                properties:
                  name:
                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                      TODO: Add other useful fields. apiVersion, kind, uid?'
                    type: string
                type: object
              type: array
            initContainers:
              description: 'InitContainers allows adding initContainers to the pod
                definition. Those can be used to e.g. fetch secrets for injection
                into the ThanosRuler configuration from external sources. Any errors
                during the execution of an initContainer will lead to a restart of
                the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
                Using initContainers for any use case other then secret fetching is
                entirely outside the scope of what the maintainers will support and
                by doing so, you accept that this behaviour may break at any time
                without notice.'
              items:
                description: A single application container that you want to run within
                  a pod.
                properties:
                  args:
                    description: 'Arguments to the entrypoint. The docker image''s
                      CMD is used if this is not provided. Variable references $(VAR_NAME)
                      are expanded using the container''s environment. If a variable
                      cannot be resolved, the reference in the input string will be
                      unchanged. The $(VAR_NAME) syntax can be escaped with a double
                      $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
                      regardless of whether the variable exists or not. Cannot be
                      updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                    items:
                      type: string
                    type: array
                  command:
                    description: 'Entrypoint array. Not executed within a shell. The
                      docker image''s ENTRYPOINT is used if this is not provided.
                      Variable references $(VAR_NAME) are expanded using the container''s
                      environment. If a variable cannot be resolved, the reference
                      in the input string will be unchanged. The $(VAR_NAME) syntax
                      can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references
                      will never be expanded, regardless of whether the variable exists
                      or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                    items:
                      type: string
                    type: array
                  env:
                    description: List of environment variables to set in the container.
                      Cannot be updated.
                    items:
                      description: EnvVar represents an environment variable present
                        in a Container.
                      properties:
                        name:
                          description: Name of the environment variable. Must be a
                            C_IDENTIFIER.
                          type: string
                        value:
                          description: 'Variable references $(VAR_NAME) are expanded
                            using the previous defined environment variables in the
                            container and any service environment variables. If a
                            variable cannot be resolved, the reference in the input
                            string will be unchanged. The $(VAR_NAME) syntax can be
                            escaped with a double $$, ie: $$(VAR_NAME). Escaped references
                            will never be expanded, regardless of whether the variable
                            exists or not. Defaults to "".'
                          type: string
                        valueFrom:
                          description: Source for the environment variable's value.
                            Cannot be used if value is not empty.
                          properties:
                            configMapKeyRef:
                              description: Selects a key of a ConfigMap.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                            fieldRef:
                              description: 'Selects a field of the pod: supports metadata.name,
                                metadata.namespace, metadata.labels, metadata.annotations,
                                spec.nodeName, spec.serviceAccountName, status.hostIP,
                                status.podIP, status.podIPs.'
                              properties:
                                apiVersion:
                                  description: Version of the schema the FieldPath
                                    is written in terms of, defaults to "v1".
                                  type: string
                                fieldPath:
                                  description: Path of the field to select in the
                                    specified API version.
                                  type: string
                              required:
                              - fieldPath
                              type: object
                            resourceFieldRef:
                              description: 'Selects a resource of the container: only
                                resources limits and requests (limits.cpu, limits.memory,
                                limits.ephemeral-storage, requests.cpu, requests.memory
                                and requests.ephemeral-storage) are currently supported.'
                              properties:
                                containerName:
                                  description: 'Container name: required for volumes,
                                    optional for env vars'
                                  type: string
                                divisor:
                                  description: Specifies the output format of the
                                    exposed resources, defaults to "1"
                                  type: string
                                resource:
                                  description: 'Required: resource to select'
                                  type: string
                              required:
                              - resource
                              type: object
                            secretKeyRef:
                              description: Selects a key of a secret in the pod's
                                namespace
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                          type: object
                      required:
                      - name
                      type: object
                    type: array
                  envFrom:
                    description: List of sources to populate environment variables
                      in the container. The keys defined within a source must be a
                      C_IDENTIFIER. All invalid keys will be reported as an event
                      when the container is starting. When a key exists in multiple
                      sources, the value associated with the last source will take
                      precedence. Values defined by an Env with a duplicate key will
                      take precedence. Cannot be updated.
                    items:
                      description: EnvFromSource represents the source of a set of
                        ConfigMaps
                      properties:
                        configMapRef:
                          description: The ConfigMap to select from
                          properties:
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string