apiVersion: v1 kind: Pod metadata: annotations: kubectl.kubernetes.io/default-container: prometheus creationTimestamp: "2026-04-24T21:04:20Z" generateName: prometheus-kube-prometheus-stack-prometheus- labels: app.kubernetes.io/instance: kube-prometheus-stack-prometheus app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus app.kubernetes.io/version: 2.51.2 apps.kubernetes.io/pod-index: "0" controller-revision-hash: prometheus-kube-prometheus-stack-prometheus-84fc8489d8 operator.prometheus.io/name: kube-prometheus-stack-prometheus operator.prometheus.io/shard: "0" prometheus: kube-prometheus-stack-prometheus statefulset.kubernetes.io/pod-name: prometheus-kube-prometheus-stack-prometheus-0 name: prometheus-kube-prometheus-stack-prometheus-0 namespace: monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: prometheus-kube-prometheus-stack-prometheus uid: 18a8f6d4-8937-4948-a727-1c1eee47eb97 resourceVersion: "5651" uid: 81391dd8-6745-404a-b2d7-41453afc3684 spec: automountServiceAccountToken: true containers: - args: - --web.console.templates=/etc/prometheus/consoles - --web.console.libraries=/etc/prometheus/console_libraries - --config.file=/etc/prometheus/config_out/prometheus.env.yaml - --web.enable-lifecycle - --web.external-url=http://prometheus.199-204-45-156.nip.io/ - --web.route-prefix=/ - --storage.tsdb.retention.time=10d - --storage.tsdb.path=/prometheus - --storage.tsdb.wal-compression - --web.config.file=/etc/prometheus/web_config/web-config.yaml image: harbor.atmosphere.dev/quay.io/prometheus/prometheus:v2.51.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: path: /-/healthy port: http-web scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus ports: - containerPort: 9090 name: http-web protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /-/ready port: http-web scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true startupProbe: failureThreshold: 60 httpGet: path: /-/ready port: http-web scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config_out name: config-out readOnly: true - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true - mountPath: /prometheus name: prometheus-kube-prometheus-stack-prometheus-db subPath: prometheus-db - mountPath: /certs name: certs - mountPath: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert name: secret-kube-prometheus-stack-etcd-client-cert readOnly: true - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mw5hc readOnly: true - args: - --listen-address=:8080 - --reload-url=http://127.0.0.1:9090/-/reload - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imagePullPolicy: IfNotPresent name: config-reloader ports: - containerPort: 8080 name: reloader-web protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mw5hc readOnly: true - args: - --template=/config/certificate-template.yml - --ca-path=/certs/ca.crt - --cert-path=/certs/tls.crt - --key-path=/certs/tls.key env: - name: POD_UID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.uid - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar:v1.0.0@sha256:7a030f8b86c1503006e7d82312a3c8e98769c3b8e3a2e834aee3c60df184161a imagePullPolicy: IfNotPresent name: pod-tls-sidecar resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /config name: kube-prometheus-stack-prometheus-tls - mountPath: /certs name: certs - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mw5hc readOnly: true - envFrom: - secretRef: name: kube-prometheus-stack-prometheus-oauth2-proxy image: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: oauth2-proxy scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: oauth2-proxy ports: - containerPort: 8081 name: oauth2-proxy protocol: TCP - containerPort: 8082 name: oauth2-metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: oauth2-proxy scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: limits: cpu: 100m memory: 300Mi requests: cpu: 100m memory: 300Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/ssl/certs/ca-certificates.crt name: ca-certificates readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mw5hc readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: prometheus-kube-prometheus-stack-prometheus-0 initContainers: - args: - --watch-interval=0 - --listen-address=:8080 - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8080 name: reloader-web protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mw5hc readOnly: true nodeName: instance nodeSelector: openstack-control-plane: enabled preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 2000 runAsGroup: 2000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault serviceAccount: kube-prometheus-stack-prometheus serviceAccountName: kube-prometheus-stack-prometheus shareProcessNamespace: false subdomain: prometheus-operated terminationGracePeriodSeconds: 600 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: prometheus-kube-prometheus-stack-prometheus-db persistentVolumeClaim: claimName: prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0 - name: config secret: defaultMode: 420 secretName: prometheus-kube-prometheus-stack-prometheus - name: tls-assets projected: defaultMode: 420 sources: - secret: name: prometheus-kube-prometheus-stack-prometheus-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-kube-prometheus-stack-etcd-client-cert secret: defaultMode: 420 secretName: kube-prometheus-stack-etcd-client-cert - configMap: defaultMode: 420 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - name: web-config secret: defaultMode: 420 secretName: prometheus-kube-prometheus-stack-prometheus-web-config - hostPath: path: /etc/ssl/certs/ca-certificates.crt type: "" name: ca-certificates - emptyDir: medium: Memory name: certs - configMap: defaultMode: 420 name: kube-prometheus-stack-prometheus-tls name: kube-prometheus-stack-prometheus-tls - name: kube-api-access-mw5hc projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-24T21:04:34Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-24T21:04:57Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-24T21:04:57Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-24T21:04:26Z" status: "True" type: PodScheduled containerStatuses: - containerID: containerd://77596d31deab6255988bf136dd359d646ab7f7d1574a61f7bcf6ac623c5e7ebc image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imageID: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader@sha256:d0e5f8d12f8be6223c93bd13b6d2729ed8f1ae13a61ace8cd1eea3d165666140 lastState: {} name: config-reloader ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-24T21:04:47Z" - containerID: containerd://d86d25973ac73e2c6b6c531773a5b4d27afe9470a4bec4378527712eeacf4dab image: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 imageID: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy@sha256:dcb6ff8dd21bf3058f6a22c6fa385fa5b897a9cd3914c88a2cc2bb0a85f8065d lastState: {} name: oauth2-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-24T21:04:54Z" - containerID: containerd://bce14d936afb6f52d09526918d657f2c1113541733a7962728063ac05d7d4d5e image: sha256:d77e74be3cf90e18d911d01e847752bafb5ef410d333ea65e75c882988122f5a imageID: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar@sha256:7a030f8b86c1503006e7d82312a3c8e98769c3b8e3a2e834aee3c60df184161a lastState: {} name: pod-tls-sidecar ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-24T21:04:47Z" - containerID: containerd://8d7a5898a0cb26796cae02ce375f4734d52dc0388902933ca72569ee77fc4c52 image: harbor.atmosphere.dev/quay.io/prometheus/prometheus:v2.51.2 imageID: harbor.atmosphere.dev/quay.io/prometheus/prometheus@sha256:4f6c47e39a9064028766e8c95890ed15690c30f00c4ba14e7ce6ae1ded0295b1 lastState: {} name: prometheus ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-24T21:04:46Z" hostIP: 199.204.45.156 initContainerStatuses: - containerID: containerd://8786fa0dfffb07271259c33a6816c1d09c8bcb513f0060c7384660f15598ce85 image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imageID: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader@sha256:d0e5f8d12f8be6223c93bd13b6d2729ed8f1ae13a61ace8cd1eea3d165666140 lastState: {} name: init-config-reloader ready: true restartCount: 0 started: false state: terminated: containerID: containerd://8786fa0dfffb07271259c33a6816c1d09c8bcb513f0060c7384660f15598ce85 exitCode: 0 finishedAt: "2026-04-24T21:04:33Z" reason: Completed startedAt: "2026-04-24T21:04:33Z" phase: Running podIP: 10.0.0.141 podIPs: - ip: 10.0.0.141 qosClass: Burstable startTime: "2026-04-24T21:04:26Z"