k8s-manifests/monitoring/statefulset-prometheus-kube-prometheus-stack-prometheus.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  annotations:
    meta.helm.sh/release-name: kube-prometheus-stack
    meta.helm.sh/release-namespace: monitoring
    prometheus-operator-input-hash: '11102801613401654018'
  labels:
    app: kube-prometheus-stack-prometheus
    app.kubernetes.io/instance: kube-prometheus-stack-prometheus
    app.kubernetes.io/managed-by: prometheus-operator
    app.kubernetes.io/name: prometheus
    app.kubernetes.io/part-of: kube-prometheus-stack
    app.kubernetes.io/version: 83.2.0
    chart: kube-prometheus-stack-83.2.0
    heritage: Helm
    managed-by: prometheus-operator
    operator.prometheus.io/mode: server
    operator.prometheus.io/name: kube-prometheus-stack-prometheus
    operator.prometheus.io/shard: '0'
    prometheus: kube-prometheus-stack-prometheus
    release: kube-prometheus-stack
  name: prometheus-kube-prometheus-stack-prometheus
  namespace: monitoring
  ownerReferences:
  - apiVersion: monitoring.coreos.com/v1
    blockOwnerDeletion: true
    controller: true
    kind: Prometheus
    name: kube-prometheus-stack-prometheus
    uid: f0355616-4bfa-4409-8b5f-c1c815ee7a2a
spec:
  persistentVolumeClaimRetentionPolicy:
    whenDeleted: Retain
    whenScaled: Retain
  podManagementPolicy: Parallel
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/instance: kube-prometheus-stack-prometheus
      app.kubernetes.io/managed-by: prometheus-operator
      app.kubernetes.io/name: prometheus
      operator.prometheus.io/name: kube-prometheus-stack-prometheus
      operator.prometheus.io/shard: '0'
      prometheus: kube-prometheus-stack-prometheus
  serviceName: prometheus-operated
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/default-container: prometheus
      labels:
        app.kubernetes.io/instance: kube-prometheus-stack-prometheus
        app.kubernetes.io/managed-by: prometheus-operator
        app.kubernetes.io/name: prometheus
        app.kubernetes.io/version: 3.11.1
        operator.prometheus.io/name: kube-prometheus-stack-prometheus
        operator.prometheus.io/shard: '0'
        prometheus: kube-prometheus-stack-prometheus
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                  - prometheus
                - key: app.kubernetes.io/instance
                  operator: In
                  values:
                  - kube-prometheus-stack-prometheus
              topologyKey: kubernetes.io/hostname
            weight: 100
      automountServiceAccountToken: true
      containers:
      - args:
        - --config.file=/etc/prometheus/config_out/prometheus.env.yaml
        - --web.enable-lifecycle
        - --web.external-url=http://kube-prometheus-stack-prometheus.monitoring:9090
        - --web.route-prefix=/
        - --storage.tsdb.retention.time=30d
        - --storage.tsdb.path=/prometheus
        - --storage.tsdb.wal-compression
        - --web.config.file=/etc/prometheus/web_config/web-config.yaml
        image: quay.io/prometheus/prometheus:v3.11.1
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 6
          httpGet:
            path: /-/healthy
            port: http-web
            scheme: HTTP
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 3
        name: prometheus
        ports:
        - containerPort: 9090
          name: http-web
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /-/ready
            port: http-web
            scheme: HTTP
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 3
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
        startupProbe:
          failureThreshold: 60
          httpGet:
            path: /-/ready
            port: http-web
            scheme: HTTP
          periodSeconds: 15
          successThreshold: 1
          timeoutSeconds: 3
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: FallbackToLogsOnError
        volumeMounts:
        - mountPath: /etc/prometheus/config_out
          name: config-out
          readOnly: true
        - mountPath: /etc/prometheus/certs
          name: tls-assets
          readOnly: true
        - mountPath: /prometheus
          name: prometheus-kube-prometheus-stack-prometheus-db
          subPath: prometheus-db
        - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0
          readOnly: true
        - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1
          readOnly: true
        - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2
          readOnly: true
        - mountPath: /etc/prometheus/web_config/web-config.yaml
          name: web-config
          readOnly: true
          subPath: web-config.yaml
      - args:
        - --listen-address=:8080
        - --reload-url=http://127.0.0.1:9090/-/reload
        - --config-file=/etc/prometheus/config/prometheus.yaml.gz
        - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml
        - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0
        - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1
        - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2
        command:
        - /bin/prometheus-config-reloader
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: SHARD
          value: '0'
        image: quay.io/prometheus-operator/prometheus-config-reloader:v0.90.1
        imagePullPolicy: IfNotPresent
        name: config-reloader
        ports:
        - containerPort: 8080
          name: reloader-web
          protocol: TCP
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: FallbackToLogsOnError
        volumeMounts:
        - mountPath: /etc/prometheus/config
          name: config
        - mountPath: /etc/prometheus/config_out
          name: config-out
        - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0
        - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1
        - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2
      dnsPolicy: ClusterFirst
      initContainers:
      - args:
        - --watch-interval=0
        - --listen-address=:8081
        - --config-file=/etc/prometheus/config/prometheus.yaml.gz
        - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml
        - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0
        - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1
        - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2
        command:
        - /bin/prometheus-config-reloader
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: SHARD
          value: '0'
        image: quay.io/prometheus-operator/prometheus-config-reloader:v0.90.1
        imagePullPolicy: IfNotPresent
        name: init-config-reloader
        ports:
        - containerPort: 8081
          name: reloader-init
          protocol: TCP
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: FallbackToLogsOnError
        volumeMounts:
        - mountPath: /etc/prometheus/config
          name: config
        - mountPath: /etc/prometheus/config_out
          name: config-out
        - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0
        - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1
        - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        fsGroup: 2000
        runAsGroup: 2000
        runAsNonRoot: true
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault
      serviceAccount: kube-prometheus-stack-prometheus
      serviceAccountName: kube-prometheus-stack-prometheus
      shareProcessNamespace: false
      terminationGracePeriodSeconds: 600
      volumes:
      - name: config
        secret:
          defaultMode: 420
          secretName: prometheus-kube-prometheus-stack-prometheus
      - name: tls-assets
        projected:
          defaultMode: 420
          sources:
          - secret:
              name: prometheus-kube-prometheus-stack-prometheus-tls-assets-0
      - emptyDir:
          medium: Memory
        name: config-out
      - configMap:
          defaultMode: 420
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0
          optional: true
        name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0
      - configMap:
          defaultMode: 420
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1
          optional: true
        name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1
      - configMap:
          defaultMode: 420
          name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2
          optional: true
        name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2
      - name: web-config
        secret:
          defaultMode: 420
          secretName: prometheus-kube-prometheus-stack-prometheus-web-config
  updateStrategy:
    type: RollingUpdate
  volumeClaimTemplates:
  - apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: prometheus-kube-prometheus-stack-prometheus-db
    spec:
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 20Gi
      storageClassName: local-path
      volumeMode: Filesystem
    status:
      phase: Pending