Newer
Older
description: Specifies the output format of the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
x-kubernetes-list-type: atomic
description: secret information about the secret data to project
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
description: Maps a string key to a path within a volume.
description: key is the key to project.
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
x-kubernetes-list-type: atomic
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
description: optional field specify whether the Secret or its key must be defined
x-kubernetes-map-type: atomic
description: serviceAccountToken is information about the serviceAccountToken data to project
description: |-
audience is the intended audience of the token. A recipient of a token
must identify itself with an identifier specified in the audience of the
token, and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
description: |-
expirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
description: |-
path is the path relative to the mount point of the file to project the
token into.
type: string
required:
- path
type: object
type: object
type: array
x-kubernetes-list-type: atomic
description: |-
quobyte represents a Quobyte mount on the host that shares a pod's lifetime.
Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.
description: |-
group to map volume access to
Default is no group
description: |-
readOnly here will force the Quobyte volume to be mounted with read-only permissions.
Defaults to false.
description: |-
registry represents a single or multiple Quobyte Registry services
specified as a string as host:port pair (multiple entries are separated with commas)
which acts as the central registry for volumes
description: |-
tenant owning the given Quobyte volume in the Backend
Used with dynamically provisioned Quobyte volumes, value is set by the plugin
description: |-
user to map volume access to
Defaults to serivceaccount user
description: volume is a string that references an already created Quobyte volume by name.
type: string
required:
- registry
- volume
type: object
rbd:
description: |-
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.
More info: https://examples.k8s.io/volumes/rbd/README.md
description: |-
fsType is the filesystem type of the volume that you want to mount.
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
description: |-
image is the rados image name.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
default: /etc/ceph/keyring
description: |-
keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
description: |-
monitors is a collection of Ceph monitors.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
x-kubernetes-list-type: atomic
description: |-
pool is the rados pool name.
Default is rbd.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
description: |-
readOnly here will force the ReadOnly setting in VolumeMounts.
Defaults to false.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
description: |-
secretRef is name of the authentication secret for RBDUser. If provided
overrides keyring.
Default is nil.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
x-kubernetes-map-type: atomic
description: |-
user is the rados user name.
Default is admin.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
required:
- image
- monitors
type: object
scaleIO:
description: |-
scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.
description: |-
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs".
Default is "xfs".
description: gateway is the host address of the ScaleIO API Gateway.
description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
description: |-
readOnly Defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.
description: |-
secretRef references to the secret for ScaleIO user and other
sensitive information. If this is not provided, Login operation will fail.
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
x-kubernetes-map-type: atomic
description: sslEnabled Flag enable/disable SSL communication with Gateway, default false
default: ThinProvisioned
description: |-
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.
description: storagePool is the ScaleIO Storage Pool associated with the protection domain.
description: system is the name of the storage system as configured in ScaleIO.
description: |-
volumeName is the name of a volume already created in the ScaleIO system
that is associated with this volume source.
type: string
required:
- gateway
- secretRef
- system
type: object
secret:
description: |-
secret represents a secret that should populate this volume.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
description: |-
defaultMode is Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
description: |-
items If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: key is the key to project.
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
x-kubernetes-list-type: atomic
description: optional field specify whether the Secret or its keys must be defined
description: |-
secretName is the name of the secret in the pod's namespace to use.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
description: |-
storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.
description: |-
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
description: |-
readOnly defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.
description: |-
secretRef specifies the secret to use for obtaining the StorageOS API
credentials. If not specified, default values will be attempted.
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
x-kubernetes-map-type: atomic
description: |-
volumeName is the human-readable name of the StorageOS volume. Volume
names are only unique within a namespace.
description: |-
volumeNamespace specifies the scope of the volume within StorageOS. If no
namespace is specified then the Pod's namespace will be used. This allows the
Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
Set VolumeName to any name to override the default behaviour.
Set to "default" if you are not using namespaces within StorageOS.
Namespaces that do not pre-exist within StorageOS will be created.
description: |-
vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.
Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type
are redirected to the csi.vsphere.vmware.com CSI driver.
description: |-
fsType is filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
description: storagePolicyName is the storage Policy Based Management (SPBM) profile name.
description: volumePath is the path that identifies vSphere volume vmdk
type: string
required:
- volumePath
type: object
required:
- name
type: object
type: array
web:
description: Defines the configuration of the ThanosRuler web server.
properties:
httpConfig:
description: Defines HTTP parameters for web server.
properties:
headers:
description: List of headers that can be added to HTTP responses.
properties:
contentSecurityPolicy:
description: |-
Set the Content-Security-Policy header to HTTP responses.
Unset if blank.
type: string
strictTransportSecurity:
description: |-
Set the Strict-Transport-Security header to HTTP responses.
Unset if blank.
Please make sure that you use this with care as this header might force
browsers to load Prometheus and the other applications hosted on the same
domain and subdomains over HTTPS.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
type: string
xContentTypeOptions:
description: |-
Set the X-Content-Type-Options header to HTTP responses.
Unset if blank. Accepted value is nosniff.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
enum:
- ""
- NoSniff
type: string
xFrameOptions:
description: |-
Set the X-Frame-Options header to HTTP responses.
Unset if blank. Accepted values are deny and sameorigin.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
enum:
- ""
- Deny
- SameOrigin
type: string
xXSSProtection:
description: |-
Set the X-XSS-Protection header to all responses.
Unset if blank.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
type: string
type: object
http2:
description: |-
Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.
When TLSConfig is not configured, HTTP/2 will be disabled.
Whenever the value of the field changes, a rolling update will be triggered.
type: boolean
type: object
tlsConfig:
description: Defines the TLS parameters for HTTPS.
properties:
cert:
description: |-
Secret or ConfigMap containing the TLS certificate for the web server.
Either `keySecret` or `keyFile` must be defined.
It is mutually exclusive with `certFile`.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
certFile:
description: |-
Path to the TLS certificate file in the container for the web server.
Either `keySecret` or `keyFile` must be defined.
It is mutually exclusive with `cert`.
List of supported cipher suites for TLS versions up to TLS 1.2.
If not defined, the Go default cipher suites are used.
Available cipher suites are documented in the Go documentation:
https://golang.org/pkg/crypto/tls/#pkg-constants
items:
type: string
type: array
client_ca:
description: |-
Secret or ConfigMap containing the CA certificate for client certificate
authentication to the server.
It is mutually exclusive with `clientCAFile`.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientAuthType:
The server policy for client TLS authentication.
For more detail on clientAuth options:
https://golang.org/pkg/crypto/tls/#ClientAuthType
clientCAFile:
description: |-
Path to the CA certificate file for client certificate authentication to
the server.
It is mutually exclusive with `client_ca`.
description: |-
Elliptic curves that will be used in an ECDHE handshake, in preference
order.
Available curves are documented in the Go documentation:
https://golang.org/pkg/crypto/tls/#CurveID
items:
type: string
type: array
keyFile:
description: |-
Path to the TLS private key file in the container for the web server.
If defined, either `cert` or `certFile` must be defined.
It is mutually exclusive with `keySecret`.
description: |-
Secret containing the TLS private key for the web server.
Either `cert` or `certFile` must be defined.
It is mutually exclusive with `keyFile`.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
maxVersion:
description: Maximum TLS version that is acceptable.
type: string
minVersion:
description: Minimum TLS version that is acceptable.
type: string
preferServerCipherSuites:
Controls whether the server selects the client's most preferred cipher
suite, or the server's most preferred cipher suite.
If true then the server's preference, as expressed in
the order of elements in cipherSuites, is used.
type: boolean
type: object
type: object
description: |-
Most recent observed status of the ThanosRuler cluster. Read-only.
More info:
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
description: |-
Total number of available pods (ready for at least minReadySeconds)
targeted by this ThanosRuler deployment.
description: The current state of the ThanosRuler object.
description: |-
Condition represents the state of the resources associated with the
Prometheus, Alertmanager or ThanosRuler resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the time of the last update to the current status property.
format: date-time
type: string
message:
description: Human-readable message indicating details for the condition's last transition.
type: string
observedGeneration:
description: |-
ObservedGeneration represents the .metadata.generation that the
condition was set based upon. For instance, if `.metadata.generation` is
currently 12, but the `.status.conditions[].observedGeneration` is 9, the
condition is out of date with respect to the current state of the
instance.
format: int64
type: integer
reason:
description: Reason for the condition's last transition.
type: string
status:
description: Status of the condition.
type: string
type:
description: Type of the condition being reported.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
description: |-
Represents whether any actions on the underlying managed objects are
being performed. Only delete actions will be performed.
description: |-
Total number of non-terminated pods targeted by this ThanosRuler deployment
(their labels match the selector).
description: Total number of unavailable pods targeted by this ThanosRuler deployment.
description: |-
Total number of non-terminated pods targeted by this ThanosRuler deployment
that have the desired version spec.
format: int32
type: integer
required:
- availableReplicas
- paused
- replicas
- unavailableReplicas
- updatedReplicas
type: object
required:
- spec
type: object
subresources:
status: {}