cdktf-crd

import { Manifest, type ManifestConfig } from "@cdktf/provider-kubernetes/lib/manifest"; import { Construct } from "constructs"; export declare class MonitoringCoreosComPrometheusAgentV1alpha1 extends Manifest { constructor(scope: Construct, id: string, config: MonitoringCoreosComPrometheusAgentV1alpha1Config); } export interface MonitoringCoreosComPrometheusAgentV1alpha1Config extends ManifestConfig { manifest: { apiVersion: "monitoring.coreos.com/v1alpha1"; kind: "PrometheusAgent"; metadata: { annotations?: { [key: string]: string; }; labels?: { [key: string]: string; }; name: string; namespace?: string; }; /** @description Specification of the desired behavior of the Prometheus agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status */ spec: { /** @description AdditionalArgs allows setting additional arguments for the 'prometheus' container. * It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. * In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. */ additionalArgs?: { /** @description Name of the argument, e.g. "scrape.discovery-reload-interval". */ name: string; /** @description Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) */ value?: string; }[]; /** @description AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade. */ additionalScrapeConfigs?: { /** @description The key of the secret to select from. Must be a valid secret key. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the Secret or its key must be defined */ optional?: boolean; }; /** @description Defines the Pods' affinity scheduling rules if specified. */ affinity?: { /** @description Describes node affinity scheduling rules for the pod. */ nodeAffinity?: { /** @description The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. */ preferredDuringSchedulingIgnoredDuringExecution?: { /** @description A node selector term, associated with the corresponding weight. */ preference: { /** @description A list of node selector requirements by node's labels. */ matchExpressions?: { /** @description The label key that the selector applies to. */ key: string; /** @description Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. */ operator: string; /** @description An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description A list of node selector requirements by node's fields. */ matchFields?: { /** @description The label key that the selector applies to. */ key: string; /** @description Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. */ operator: string; /** @description An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; }; /** * Format: int32 * @description Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. */ weight: number; }[]; /** @description If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. */ requiredDuringSchedulingIgnoredDuringExecution?: { /** @description Required. A list of node selector terms. The terms are ORed. */ nodeSelectorTerms: { /** @description A list of node selector requirements by node's labels. */ matchExpressions?: { /** @description The label key that the selector applies to. */ key: string; /** @description Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. */ operator: string; /** @description An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description A list of node selector requirements by node's fields. */ matchFields?: { /** @description The label key that the selector applies to. */ key: string; /** @description Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. */ operator: string; /** @description An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; }[]; }; }; /** @description Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). */ podAffinity?: { /** @description The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. */ preferredDuringSchedulingIgnoredDuringExecution?: { /** @description Required. A pod affinity term, associated with the corresponding weight. */ podAffinityTerm: { /** @description A label query over a set of resources, in this case pods. */ labelSelector?: { /** @description matchExpressions is a list of label selector requirements. The requirements are ANDed. */ matchExpressions?: { /** @description key is the label key that the selector applies to. */ key: string; /** @description operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. */ operator: string; /** @description values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. */ matchLabels?: { [key: string]: string; }; }; /** @description A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. */ namespaceSelector?: { /** @description matchExpressions is a list of label selector requirements. The requirements are ANDed. */ matchExpressions?: { /** @description key is the label key that the selector applies to. */ key: string; /** @description operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. */ operator: string; /** @description values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. */ matchLabels?: { [key: string]: string; }; }; /** @description namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". */ namespaces?: string[]; /** @description This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. */ topologyKey: string; }; /** * Format: int32 * @description weight associated with matching the corresponding podAffinityTerm, in the range 1-100. */ weight: number; }[]; /** @description If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. */ requiredDuringSchedulingIgnoredDuringExecution?: { /** @description A label query over a set of resources, in this case pods. */ labelSelector?: { /** @description matchExpressions is a list of label selector requirements. The requirements are ANDed. */ matchExpressions?: { /** @description key is the label key that the selector applies to. */ key: string; /** @description operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. */ operator: string; /** @description values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. */ matchLabels?: { [key: string]: string; }; }; /** @description A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. */ namespaceSelector?: { /** @description matchExpressions is a list of label selector requirements. The requirements are ANDed. */ matchExpressions?: { /** @description key is the label key that the selector applies to. */ key: string; /** @description operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. */ operator: string; /** @description values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. */ matchLabels?: { [key: string]: string; }; }; /** @description namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". */ namespaces?: string[]; /** @description This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. */ topologyKey: string; }[]; }; /** @description Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). */ podAntiAffinity?: { /** @description The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. */ preferredDuringSchedulingIgnoredDuringExecution?: { /** @description Required. A pod affinity term, associated with the corresponding weight. */ podAffinityTerm: { /** @description A label query over a set of resources, in this case pods. */ labelSelector?: { /** @description matchExpressions is a list of label selector requirements. The requirements are ANDed. */ matchExpressions?: { /** @description key is the label key that the selector applies to. */ key: string; /** @description operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. */ operator: string; /** @description values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. */ matchLabels?: { [key: string]: string; }; }; /** @description A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. */ namespaceSelector?: { /** @description matchExpressions is a list of label selector requirements. The requirements are ANDed. */ matchExpressions?: { /** @description key is the label key that the selector applies to. */ key: string; /** @description operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. */ operator: string; /** @description values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. */ matchLabels?: { [key: string]: string; }; }; /** @description namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". */ namespaces?: string[]; /** @description This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. */ topologyKey: string; }; /** * Format: int32 * @description weight associated with matching the corresponding podAffinityTerm, in the range 1-100. */ weight: number; }[]; /** @description If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. */ requiredDuringSchedulingIgnoredDuringExecution?: { /** @description A label query over a set of resources, in this case pods. */ labelSelector?: { /** @description matchExpressions is a list of label selector requirements. The requirements are ANDed. */ matchExpressions?: { /** @description key is the label key that the selector applies to. */ key: string; /** @description operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. */ operator: string; /** @description values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. */ matchLabels?: { [key: string]: string; }; }; /** @description A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. */ namespaceSelector?: { /** @description matchExpressions is a list of label selector requirements. The requirements are ANDed. */ matchExpressions?: { /** @description key is the label key that the selector applies to. */ key: string; /** @description operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. */ operator: string; /** @description values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. */ values?: string[]; }[]; /** @description matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. */ matchLabels?: { [key: string]: string; }; }; /** @description namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". */ namespaces?: string[]; /** @description This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. */ topologyKey: string; }[]; }; }; /** @description APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. */ apiserverConfig?: { /** @description Authorization section for the API server. * Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`. */ authorization?: { /** @description Selects a key of a Secret in the namespace that contains the credentials for authentication. */ credentials?: { /** @description The key of the secret to select from. Must be a valid secret key. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the Secret or its key must be defined */ optional?: boolean; }; /** @description File to read a secret from, mutually exclusive with `credentials`. */ credentialsFile?: string; /** @description Defines the authentication type. The value is case-insensitive. * "Basic" is not a supported value. * Default: "Bearer" */ type?: string; }; /** @description BasicAuth configuration for the API server. * Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`. */ basicAuth?: { /** @description `password` specifies a key of a Secret containing the password for authentication. */ password?: { /** @description The key of the secret to select from. Must be a valid secret key. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the Secret or its key must be defined */ optional?: boolean; }; /** @description `username` specifies a key of a Secret containing the username for authentication. */ username?: { /** @description The key of the secret to select from. Must be a valid secret key. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the Secret or its key must be defined */ optional?: boolean; }; }; /** @description *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* * *Deprecated: this will be removed in a future release.* */ bearerToken?: string; /** @description File to read bearer token for accessing apiserver. * Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. * *Deprecated: this will be removed in a future release. Prefer using `authorization`.* */ bearerTokenFile?: string; /** @description Kubernetes API address consisting of a hostname or IP address followed by an optional port number. */ host: string; /** @description TLS Config to use for the API server. */ tlsConfig?: { /** @description Certificate authority used when verifying server certificates. */ ca?: { /** @description ConfigMap containing data to use for the targets. */ configMap?: { /** @description The key to select. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the ConfigMap or its key must be defined */ optional?: boolean; }; /** @description Secret containing data to use for the targets. */ secret?: { /** @description The key of the secret to select from. Must be a valid secret key. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the Secret or its key must be defined */ optional?: boolean; }; }; /** @description Path to the CA cert in the Prometheus container to use for the targets. */ caFile?: string; /** @description Client certificate to present when doing client-authentication. */ cert?: { /** @description ConfigMap containing data to use for the targets. */ configMap?: { /** @description The key to select. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the ConfigMap or its key must be defined */ optional?: boolean; }; /** @description Secret containing data to use for the targets. */ secret?: { /** @description The key of the secret to select from. Must be a valid secret key. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the Secret or its key must be defined */ optional?: boolean; }; }; /** @description Path to the client cert file in the Prometheus container for the targets. */ certFile?: string; /** @description Disable target certificate validation. */ insecureSkipVerify?: boolean; /** @description Path to the client key file in the Prometheus container for the targets. */ keyFile?: string; /** @description Secret containing the client key file for the targets. */ keySecret?: { /** @description The key of the secret to select from. Must be a valid secret key. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the Secret or its key must be defined */ optional?: boolean; }; /** @description Used to verify the hostname for the targets. */ serverName?: string; }; }; /** @description When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a malicious target can get access to the Prometheus service account's token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. Users should instead provide the credentials using the `spec.bearerTokenSecret` field. */ arbitraryFSAccessThroughSMs?: { deny?: boolean; }; /** @description BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. */ bodySizeLimit?: string; /** @description ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-<configmap-name>`. The ConfigMaps are mounted into /etc/prometheus/configmaps/<configmap-name> in the 'prometheus' container. */ configMaps?: string[]; /** @description Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. * The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` * Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. */ containers?: { /** @description Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell */ args?: string[]; /** @description Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell */ command?: string[]; /** @description List of environment variables to set in the container. Cannot be updated. */ env?: { /** @description Name of the environment variable. Must be a C_IDENTIFIER. */ name: string; /** @description Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". */ value?: string; /** @description Source for the environment variable's value. Cannot be used if value is not empty. */ valueFrom?: { /** @description Selects a key of a ConfigMap. */ configMapKeyRef?: { /** @description The key to select. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the ConfigMap or its key must be defined */ optional?: boolean; }; /** @description Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. */ fieldRef?: { /** @description Version of the schema the FieldPath is written in terms of, defaults to "v1". */ apiVersion?: string; /** @description Path of the field to select in the specified API version. */ fieldPath: string; }; /** @description Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. */ resourceFieldRef?: { /** @description Container name: required for volumes, optional for env vars */ containerName?: string; /** @description Specifies the output format of the exposed resources, defaults to "1" */ divisor?: number | string; /** @description Required: resource to select */ resource: string; }; /** @description Selects a key of a secret in the pod's namespace */ secretKeyRef?: { /** @description The key of the secret to select from. Must be a valid secret key. */ key: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the Secret or its key must be defined */ optional?: boolean; }; }; }[]; /** @description List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. */ envFrom?: { /** @description The ConfigMap to select from */ configMapRef?: { /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the ConfigMap must be defined */ optional?: boolean; }; /** @description An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. */ prefix?: string; /** @description The Secret to select from */ secretRef?: { /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? */ name?: string; /** @description Specify whether the Secret must be defined */ optional?: boolean; }; }[]; /** @description Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. */ image?: string; /** @description Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images */ imagePullPolicy?: string; /** @description Actions that the management system should take in response to container lifecycle events. Cannot be updated. */ lifecycle?: { /** @description PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks */ postStart?: { /** @description Exec specifies the action to take. */ exec?: { /** @description Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. */ command?: string[]; }; /** @description HTTPGet specifies the http request to perform. */ httpGet?: {