apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: '1' meta.helm.sh/release-name: kube-prometheus-stack meta.helm.sh/release-namespace: monitoring labels: app: kube-prometheus-stack-operator app.kubernetes.io/component: prometheus-operator app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kube-prometheus-stack-prometheus-operator app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/version: 83.2.0 chart: kube-prometheus-stack-83.2.0 heritage: Helm release: kube-prometheus-stack name: kube-prometheus-stack-operator namespace: monitoring spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: kube-prometheus-stack-operator release: kube-prometheus-stack strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app: kube-prometheus-stack-operator app.kubernetes.io/component: prometheus-operator app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kube-prometheus-stack-prometheus-operator app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/version: 83.2.0 chart: kube-prometheus-stack-83.2.0 heritage: Helm release: kube-prometheus-stack spec: automountServiceAccountToken: true containers: - args: - --kubelet-service=kube-system/kube-prometheus-stack-kubelet - --kubelet-endpoints=true - --kubelet-endpointslice=false - --localhost=127.0.0.1 - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.90.1 - --config-reloader-cpu-request=0 - --config-reloader-cpu-limit=0 - --config-reloader-memory-request=0 - --config-reloader-memory-limit=0 - --thanos-default-base-image=quay.io/thanos/thanos:v0.41.0 - --secret-field-selector=type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1 - --web.enable-tls=true - --web.cert-file=/cert/cert - --web.key-file=/cert/key - --web.listen-address=:10250 - --web.tls-min-version=VersionTLS13 env: - name: GOGC value: '30' image: quay.io/prometheus-operator/prometheus-operator:v0.90.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: kube-prometheus-stack ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /cert name: tls-secret readOnly: true dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 seccompProfile: type: RuntimeDefault serviceAccount: kube-prometheus-stack-operator serviceAccountName: kube-prometheus-stack-operator terminationGracePeriodSeconds: 30 volumes: - name: tls-secret secret: defaultMode: 420 secretName: kube-prometheus-stack-admission