--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: StatefulSet metadata: annotations: operator.prometheus.io/controller-id: openshift-monitoring/prometheus-operator prometheus-operator-input-hash: "5906965652158549260" creationTimestamp: "2025-10-11T10:40:03Z" generation: 1 labels: app.kubernetes.io/component: alert-router app.kubernetes.io/instance: main app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.27.0 managed-by: prometheus-operator managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:operator.prometheus.io/controller-id: {} f:prometheus-operator-input-hash: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:managed-by: {} f:ownerReferences: .: {} k:{"uid":"7c4d3ec7-5f1e-4505-bff6-14c371a37920"}: {} f:spec: f:persistentVolumeClaimRetentionPolicy: .: {} f:whenDeleted: {} f:whenScaled: {} f:podManagementPolicy: {} f:replicas: {} f:revisionHistoryLimit: {} f:selector: {} f:serviceName: {} f:template: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:alertmanager: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:spec: f:affinity: .: {} f:podAntiAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"alertmanager"}: .: {} f:args: {} f:env: .: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9094,"protocol":"UDP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:startupProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/alertmanager"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metric"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9097,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9095,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"alertmanager-main-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"alertmanager-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"config-volume"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-alertmanager-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-metric"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-main-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} f:updateStrategy: f:type: {} manager: PrometheusOperator operation: Update time: "2025-10-11T10:40:03Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:collisionCount: {} f:currentReplicas: {} f:currentRevision: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} f:updateRevision: {} f:updatedReplicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:40:34Z" name: alertmanager-main namespace: openshift-monitoring ownerReferences: - apiVersion: monitoring.coreos.com/v1 blockOwnerDeletion: true controller: true kind: Alertmanager name: main uid: 7c4d3ec7-5f1e-4505-bff6-14c371a37920 resourceVersion: "21133" uid: 4822ea22-b8e5-4cc5-a94b-adc81629602f spec: persistentVolumeClaimRetentionPolicy: whenDeleted: Retain whenScaled: Retain podManagementPolicy: Parallel replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: alertmanager: main app.kubernetes.io/instance: main app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: alertmanager serviceName: alertmanager-operated template: metadata: annotations: kubectl.kubernetes.io/default-container: alertmanager openshift.io/required-scc: nonroot target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: alertmanager: main app.kubernetes.io/component: alert-router app.kubernetes.io/instance: main app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.27.0 spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: alert-router app.kubernetes.io/instance: main app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: openshift-monitoring namespaces: - openshift-monitoring topologyKey: kubernetes.io/hostname automountServiceAccountToken: true containers: - args: - --config.file=/etc/alertmanager/config_out/alertmanager.env.yaml - --storage.path=/alertmanager - --data.retention=120h - --cluster.listen-address=[$(POD_IP)]:9094 - --web.listen-address=127.0.0.1:9093 - --web.external-url=https://console-openshift-console.apps.ocp.openstack.lab/monitoring - --web.route-prefix=/ - --cluster.label=openshift-monitoring/main - --cluster.peer=alertmanager-main-0.alertmanager-operated:9094 - --cluster.peer=alertmanager-main-1.alertmanager-operated:9094 - --cluster.reconnect-timeout=5m - --web.config.file=/etc/alertmanager/web_config/web-config.yaml env: - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:755d2dc7bc83f2e1c10e6a0a70dd9acdd6bc282ad4ae973794d262a785e9f6d6 imagePullPolicy: IfNotPresent name: alertmanager ports: - containerPort: 9094 name: mesh-tcp protocol: TCP - containerPort: 9094 name: mesh-udp protocol: UDP resources: requests: cpu: 4m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true startupProbe: exec: command: - sh - -c - exec curl --fail http://localhost:9093/-/ready failureThreshold: 40 initialDelaySeconds: 20 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume - mountPath: /etc/alertmanager/config_out name: config-out readOnly: true - mountPath: /etc/alertmanager/certs name: tls-assets readOnly: true - mountPath: /alertmanager name: alertmanager-main-db - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem/ name: alertmanager-trusted-ca-bundle - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - args: - --listen-address=localhost:8080 - --web-config-file=/etc/alertmanager/web_config/web-config.yaml - --reload-url=http://localhost:9093/-/reload - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d26267190f13ef59cf0f8f5eee729694c7faccc36ab1294566192272625a58af imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - args: - --secure-listen-address=0.0.0.0:9095 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9095 name: web protocol: TCP resources: requests: cpu: 1m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9096 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy - mountPath: /etc/tls/private name: secret-alertmanager-main-tls - args: - --secure-listen-address=0.0.0.0:9097 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metric ports: - containerPort: 9097 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - args: - --insecure-listen-address=127.0.0.1:9096 - --upstream=http://127.0.0.1:9093 - --label=namespace - --error-on-replace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:61f170d009db78c5df2e61a5de6cbd57283366bb46168eea3b0cca5f005bbf59 imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError dnsPolicy: ClusterFirst initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d26267190f13ef59cf0f8f5eee729694c7faccc36ab1294566192272625a58af imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-web protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 serviceAccount: alertmanager-main serviceAccountName: alertmanager-main terminationGracePeriodSeconds: 120 volumes: - name: config-volume secret: defaultMode: 420 secretName: alertmanager-main-generated - name: tls-assets projected: defaultMode: 420 sources: - secret: name: alertmanager-main-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-alertmanager-main-tls secret: defaultMode: 420 secretName: alertmanager-main-tls - name: secret-alertmanager-kube-rbac-proxy secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy - name: secret-alertmanager-kube-rbac-proxy-metric secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-metric - name: secret-alertmanager-kube-rbac-proxy-web secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-web - name: web-config secret: defaultMode: 420 secretName: alertmanager-main-web-config - emptyDir: {} name: alertmanager-main-db - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: alertmanager-trusted-ca-bundle name: alertmanager-trusted-ca-bundle updateStrategy: type: RollingUpdate status: availableReplicas: 2 collisionCount: 0 currentReplicas: 2 currentRevision: alertmanager-main-57f9dc686 observedGeneration: 1 readyReplicas: 2 replicas: 2 updateRevision: alertmanager-main-57f9dc686 updatedReplicas: 2 - apiVersion: apps/v1 kind: StatefulSet metadata: annotations: operator.prometheus.io/controller-id: openshift-monitoring/prometheus-operator prometheus-operator-input-hash: "17800845991324345004" creationTimestamp: "2025-10-11T10:40:09Z" generation: 1 labels: app.kubernetes.io/component: prometheus app.kubernetes.io/instance: k8s app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 2.55.1 managed-by: prometheus-operator operator.prometheus.io/mode: server operator.prometheus.io/name: k8s operator.prometheus.io/shard: "0" managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:operator.prometheus.io/controller-id: {} f:prometheus-operator-input-hash: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:managed-by: {} f:operator.prometheus.io/mode: {} f:operator.prometheus.io/name: {} f:operator.prometheus.io/shard: {} f:ownerReferences: .: {} k:{"uid":"659ced36-7859-4ac8-959a-797d15f58d96"}: {} f:spec: f:persistentVolumeClaimRetentionPolicy: .: {} f:whenDeleted: {} f:whenScaled: {} f:podManagementPolicy: {} f:replicas: {} f:revisionHistoryLimit: {} f:selector: {} f:serviceName: {} f:template: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:operator.prometheus.io/name: {} f:operator.prometheus.io/shard: {} f:prometheus: {} f:spec: f:affinity: .: {} f:podAntiAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-thanos"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10903,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prometheus"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:readinessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:startupProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/metrics-client-ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/secrets/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/metrics-client-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/prometheus"}: .: {} f:mountPath: {} f:name: {} k:{"name":"thanos-sidecar"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10901,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":10902,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/thanos/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:shareProcessNamespace: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-k8s-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-0"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-thanos-sidecar-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"thanos-prometheus-http-client-file"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} f:updateStrategy: f:type: {} manager: PrometheusOperator operation: Update time: "2025-10-11T10:40:09Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:collisionCount: {} f:currentReplicas: {} f:currentRevision: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} f:updateRevision: {} f:updatedReplicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:41:10Z" name: prometheus-k8s namespace: openshift-monitoring ownerReferences: - apiVersion: monitoring.coreos.com/v1 blockOwnerDeletion: true controller: true kind: Prometheus name: k8s uid: 659ced36-7859-4ac8-959a-797d15f58d96 resourceVersion: "21560" uid: c70524ca-267b-4393-b7ee-c2bb5089f823 spec: persistentVolumeClaimRetentionPolicy: whenDeleted: Retain whenScaled: Retain podManagementPolicy: Parallel replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: k8s app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus operator.prometheus.io/name: k8s operator.prometheus.io/shard: "0" prometheus: k8s serviceName: prometheus-operated template: metadata: annotations: kubectl.kubernetes.io/default-container: prometheus openshift.io/required-scc: nonroot target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app.kubernetes.io/component: prometheus app.kubernetes.io/instance: k8s app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 2.55.1 operator.prometheus.io/name: k8s operator.prometheus.io/shard: "0" prometheus: k8s spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: prometheus app.kubernetes.io/instance: k8s app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: openshift-monitoring namespaces: - openshift-monitoring topologyKey: kubernetes.io/hostname automountServiceAccountToken: true containers: - args: - --web.console.templates=/etc/prometheus/consoles - --web.console.libraries=/etc/prometheus/console_libraries - --config.file=/etc/prometheus/config_out/prometheus.env.yaml - --web.enable-lifecycle - --enable-feature=delayed-compaction - --web.external-url=https://console-openshift-console.apps.ocp.openstack.lab/monitoring - --web.route-prefix=/ - --web.listen-address=127.0.0.1:9090 - --storage.tsdb.retention.time=15d - --storage.tsdb.path=/prometheus - --web.config.file=/etc/prometheus/web_config/web-config.yaml - --scrape.timestamp-tolerance=15ms image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b7ea005d75360221e268ef4a671bd1a5eb15acc98b32c7c716176ad5b6cd73d imagePullPolicy: IfNotPresent livenessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/healthy; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/healthy; else exit 1; fi failureThreshold: 6 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus readinessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 resources: requests: cpu: 70m memory: 1Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true startupProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 60 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem/ name: prometheus-trusted-ca-bundle - mountPath: /etc/prometheus/config_out name: config-out readOnly: true - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true - mountPath: /prometheus name: prometheus-k8s-db - mountPath: /etc/prometheus/secrets/prometheus-k8s-tls name: secret-prometheus-k8s-tls readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/prometheus/secrets/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web name: secret-prometheus-k8s-kube-rbac-proxy-web readOnly: true - mountPath: /etc/prometheus/secrets/metrics-client-certs name: secret-metrics-client-certs readOnly: true - mountPath: /etc/prometheus/configmaps/serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/metrics-client-ca name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - args: - --listen-address=localhost:8080 - --web-config-file=/etc/prometheus/web_config/web-config.yaml - --reload-url=http://localhost:9090/-/reload - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d26267190f13ef59cf0f8f5eee729694c7faccc36ab1294566192272625a58af imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - args: - sidecar - --prometheus.url=http://localhost:9090/ - --tsdb.path=/prometheus - --http-address=127.0.0.1:10902 - --grpc-server-tls-cert=/etc/tls/grpc/server.crt - --grpc-server-tls-key=/etc/tls/grpc/server.key - --grpc-server-tls-client-ca=/etc/tls/grpc/ca.crt image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d24c4db9f6f0e9fb8ffdf9dd2b08101c37316b989e6709d13783e7d6d3baef73 imagePullPolicy: IfNotPresent name: thanos-sidecar ports: - containerPort: 10902 name: http protocol: TCP - containerPort: 10901 name: grpc protocol: TCP resources: requests: cpu: 1m memory: 25Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /etc/thanos/config name: thanos-prometheus-http-client-file - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/kube-rbac-proxy name: secret-prometheus-k8s-kube-rbac-proxy-web - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9090 - --allow-paths=/metrics,/federate - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy - args: - --secure-listen-address=[$(POD_IP)]:10903 - --upstream=http://127.0.0.1:10902 - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/metrics - --tls-min-version=VersionTLS12 env: - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-thanos ports: - containerPort: 10903 name: thanos-proxy protocol: TCP resources: requests: cpu: 1m memory: 10Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true dnsPolicy: ClusterFirst initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d26267190f13ef59cf0f8f5eee729694c7faccc36ab1294566192272625a58af imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-web protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 serviceAccount: prometheus-k8s serviceAccountName: prometheus-k8s shareProcessNamespace: false terminationGracePeriodSeconds: 600 volumes: - name: config secret: defaultMode: 420 secretName: prometheus-k8s - name: tls-assets projected: defaultMode: 420 sources: - secret: name: prometheus-k8s-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-prometheus-k8s-tls secret: defaultMode: 420 secretName: prometheus-k8s-tls - name: secret-prometheus-k8s-thanos-sidecar-tls secret: defaultMode: 420 secretName: prometheus-k8s-thanos-sidecar-tls - name: secret-kube-rbac-proxy secret: defaultMode: 420 secretName: kube-rbac-proxy - name: secret-prometheus-k8s-kube-rbac-proxy-web secret: defaultMode: 420 secretName: prometheus-k8s-kube-rbac-proxy-web - name: secret-metrics-client-certs secret: defaultMode: 420 secretName: metrics-client-certs - configMap: defaultMode: 420 name: serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - configMap: defaultMode: 420 name: metrics-client-ca name: configmap-metrics-client-ca - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - name: web-config secret: defaultMode: 420 secretName: prometheus-k8s-web-config - name: thanos-prometheus-http-client-file secret: defaultMode: 420 secretName: prometheus-k8s-thanos-prometheus-http-client-file - emptyDir: {} name: prometheus-k8s-db - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: prometheus-trusted-ca-bundle name: prometheus-trusted-ca-bundle - name: secret-grpc-tls secret: defaultMode: 420 secretName: prometheus-k8s-grpc-tls-6sqva262urci3 updateStrategy: type: RollingUpdate status: availableReplicas: 2 collisionCount: 0 currentReplicas: 2 currentRevision: prometheus-k8s-94687c566 observedGeneration: 1 readyReplicas: 2 replicas: 2 updateRevision: prometheus-k8s-94687c566 updatedReplicas: 2 kind: StatefulSetList metadata: resourceVersion: "64487"