apiVersion: v1 kind: Pod metadata: annotations: kubectl.kubernetes.io/default-container: prometheus creationTimestamp: "2026-06-10T14:58:52Z" generateName: prometheus-kube-prometheus-stack-prometheus- labels: app.kubernetes.io/instance: kube-prometheus-stack-prometheus app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus app.kubernetes.io/version: 2.51.2 apps.kubernetes.io/pod-index: "0" controller-revision-hash: prometheus-kube-prometheus-stack-prometheus-bf5dff6d7 operator.prometheus.io/name: kube-prometheus-stack-prometheus operator.prometheus.io/shard: "0" prometheus: kube-prometheus-stack-prometheus statefulset.kubernetes.io/pod-name: prometheus-kube-prometheus-stack-prometheus-0 name: prometheus-kube-prometheus-stack-prometheus-0 namespace: monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: prometheus-kube-prometheus-stack-prometheus uid: 4d96e35b-7b50-4cda-bb6c-9ccb4090ce63 resourceVersion: "5096" uid: fa71ccb9-1084-4262-b920-ba3659ac003a spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - prometheus - key: app.kubernetes.io/instance operator: In values: - kube-prometheus-stack-prometheus topologyKey: kubernetes.io/hostname weight: 100 automountServiceAccountToken: true containers: - args: - --config.file=/etc/prometheus/config_out/prometheus.env.yaml - --web.console.templates=/etc/prometheus/consoles - --web.console.libraries=/etc/prometheus/console_libraries - --web.enable-lifecycle - --web.external-url=http://prometheus.199-204-45-238.nip.io/ - --web.route-prefix=/ - --storage.tsdb.retention.time=10d - --storage.tsdb.path=/prometheus - --storage.tsdb.wal-compression - --web.config.file=/etc/prometheus/web_config/web-config.yaml image: harbor.atmosphere.dev/quay.io/prometheus/prometheus:v2.51.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: path: /-/healthy port: http-web scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus ports: - containerPort: 9090 name: http-web protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /-/ready port: http-web scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true startupProbe: failureThreshold: 60 httpGet: path: /-/ready port: http-web scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config_out name: config-out readOnly: true - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true - mountPath: /prometheus name: prometheus-kube-prometheus-stack-prometheus-db subPath: prometheus-db - mountPath: /certs name: certs - mountPath: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert name: secret-kube-prometheus-stack-etcd-client-cert readOnly: true - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 readOnly: true - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lc2vw readOnly: true - args: - --listen-address=:8080 - --reload-url=http://127.0.0.1:9090/-/reload - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.88.0 imagePullPolicy: IfNotPresent name: config-reloader ports: - containerPort: 8080 name: reloader-web protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lc2vw readOnly: true - args: - --template=/config/certificate-template.yml - --ca-path=/certs/ca.crt - --cert-path=/certs/tls.crt - --key-path=/certs/tls.key env: - name: POD_UID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.uid - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar:v1.0.0 imagePullPolicy: IfNotPresent name: pod-tls-sidecar resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /config name: kube-prometheus-stack-prometheus-tls - mountPath: /certs name: certs - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lc2vw readOnly: true - envFrom: - secretRef: name: kube-prometheus-stack-prometheus-oauth2-proxy image: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: oauth2-proxy scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: oauth2-proxy ports: - containerPort: 8081 name: oauth2-proxy protocol: TCP - containerPort: 8082 name: oauth2-metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: oauth2-proxy scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: limits: cpu: 100m memory: 300Mi requests: cpu: 100m memory: 300Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/ssl/certs/ca-certificates.crt name: ca-certificates readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lc2vw readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: prometheus-kube-prometheus-stack-prometheus-0 initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.88.0 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-init protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lc2vw readOnly: true nodeName: instance nodeSelector: openstack-control-plane: enabled preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 2000 runAsGroup: 2000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault serviceAccount: kube-prometheus-stack-prometheus serviceAccountName: kube-prometheus-stack-prometheus shareProcessNamespace: false subdomain: prometheus-operated terminationGracePeriodSeconds: 600 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: prometheus-kube-prometheus-stack-prometheus-db persistentVolumeClaim: claimName: prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0 - name: config secret: defaultMode: 420 secretName: prometheus-kube-prometheus-stack-prometheus - name: tls-assets projected: defaultMode: 420 sources: - secret: name: prometheus-kube-prometheus-stack-prometheus-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-kube-prometheus-stack-etcd-client-cert secret: defaultMode: 420 secretName: kube-prometheus-stack-etcd-client-cert - configMap: defaultMode: 420 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 optional: true name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - configMap: defaultMode: 420 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 optional: true name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 - configMap: defaultMode: 420 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 optional: true name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 - name: web-config secret: defaultMode: 420 secretName: prometheus-kube-prometheus-stack-prometheus-web-config - hostPath: path: /etc/ssl/certs/ca-certificates.crt type: "" name: ca-certificates - emptyDir: medium: Memory name: certs - configMap: defaultMode: 420 name: kube-prometheus-stack-prometheus-tls name: kube-prometheus-stack-prometheus-tls - name: kube-api-access-lc2vw projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-10T14:59:03Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-10T14:59:29Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-10T14:59:29Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-10T14:58:58Z" status: "True" type: PodScheduled containerStatuses: - containerID: containerd://2f18f6c496d491df464806689861dc77ef05a66717597cb4337fa094128e8cec image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.88.0 imageID: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader@sha256:501a47205f61acf8ad11b1caeb0bd117b135932728b17eb5cd5914a33f0ce704 lastState: {} name: config-reloader ready: true restartCount: 0 started: true state: running: startedAt: "2026-06-10T14:59:08Z" - containerID: containerd://15cfebf4310b24859c8ba6820fd278f083a610a62f96bebe38a68d09082ba222 image: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 imageID: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy@sha256:dcb6ff8dd21bf3058f6a22c6fa385fa5b897a9cd3914c88a2cc2bb0a85f8065d lastState: {} name: oauth2-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-06-10T14:59:15Z" - containerID: containerd://24cea04a7ea19f6136c4118d8fa3757cf1e4d07c11e43f73bea3ada4e30a4224 image: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar:v1.0.0 imageID: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar@sha256:7a030f8b86c1503006e7d82312a3c8e98769c3b8e3a2e834aee3c60df184161a lastState: {} name: pod-tls-sidecar ready: true restartCount: 0 started: true state: running: startedAt: "2026-06-10T14:59:09Z" - containerID: containerd://8e635c300a67a20b009ce8928bfbf694a2e1f77324d64702f46083c688d953fa image: harbor.atmosphere.dev/quay.io/prometheus/prometheus:v2.51.2 imageID: harbor.atmosphere.dev/quay.io/prometheus/prometheus@sha256:4f6c47e39a9064028766e8c95890ed15690c30f00c4ba14e7ce6ae1ded0295b1 lastState: {} name: prometheus ready: true restartCount: 0 started: true state: running: startedAt: "2026-06-10T14:59:08Z" hostIP: 199.204.45.238 initContainerStatuses: - containerID: containerd://10594905f6fda13480b163c3d914362f473b04c9772d1ddd9b02d60aa084d047 image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.88.0 imageID: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader@sha256:501a47205f61acf8ad11b1caeb0bd117b135932728b17eb5cd5914a33f0ce704 lastState: {} name: init-config-reloader ready: true restartCount: 0 started: false state: terminated: containerID: containerd://10594905f6fda13480b163c3d914362f473b04c9772d1ddd9b02d60aa084d047 exitCode: 0 finishedAt: "2026-06-10T14:59:03Z" reason: Completed startedAt: "2026-06-10T14:59:03Z" phase: Running podIP: 10.0.0.186 podIPs: - ip: 10.0.0.186 qosClass: Burstable startTime: "2026-06-10T14:58:58Z"