apiVersion: v1 kind: Pod metadata: annotations: kubectl.kubernetes.io/default-container: prometheus creationTimestamp: "2026-04-21T18:26:30Z" generateName: prometheus-kube-prometheus-stack-prometheus- labels: app.kubernetes.io/instance: kube-prometheus-stack-prometheus app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus app.kubernetes.io/version: 2.51.2 apps.kubernetes.io/pod-index: "0" controller-revision-hash: prometheus-kube-prometheus-stack-prometheus-b95656794 operator.prometheus.io/name: kube-prometheus-stack-prometheus operator.prometheus.io/shard: "0" prometheus: kube-prometheus-stack-prometheus statefulset.kubernetes.io/pod-name: prometheus-kube-prometheus-stack-prometheus-0 name: prometheus-kube-prometheus-stack-prometheus-0 namespace: monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: prometheus-kube-prometheus-stack-prometheus uid: 9aeb5496-98f9-449d-840d-e52aaad794ea resourceVersion: "5566" uid: 3977fef6-f65b-415a-893e-92b1cb778845 spec: automountServiceAccountToken: true containers: - args: - --web.console.templates=/etc/prometheus/consoles - --web.console.libraries=/etc/prometheus/console_libraries - --config.file=/etc/prometheus/config_out/prometheus.env.yaml - --web.enable-lifecycle - --web.external-url=http://prometheus.199-19-213-191.nip.io/ - --web.route-prefix=/ - --storage.tsdb.retention.time=10d - --storage.tsdb.path=/prometheus - --storage.tsdb.wal-compression - --web.config.file=/etc/prometheus/web_config/web-config.yaml image: harbor.atmosphere.dev/quay.io/prometheus/prometheus:v2.51.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: path: /-/healthy port: http-web scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus ports: - containerPort: 9090 name: http-web protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /-/ready port: http-web scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true startupProbe: failureThreshold: 60 httpGet: path: /-/ready port: http-web scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config_out name: config-out readOnly: true - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true - mountPath: /prometheus name: prometheus-kube-prometheus-stack-prometheus-db subPath: prometheus-db - mountPath: /certs name: certs - mountPath: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert name: secret-kube-prometheus-stack-etcd-client-cert readOnly: true - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vzwz9 readOnly: true - args: - --listen-address=:8080 - --reload-url=http://127.0.0.1:9090/-/reload - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imagePullPolicy: IfNotPresent name: config-reloader ports: - containerPort: 8080 name: reloader-web protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vzwz9 readOnly: true - args: - --template=/config/certificate-template.yml - --ca-path=/certs/ca.crt - --cert-path=/certs/tls.crt - --key-path=/certs/tls.key env: - name: POD_UID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.uid - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar:v1.0.0@sha256:7a030f8b86c1503006e7d82312a3c8e98769c3b8e3a2e834aee3c60df184161a imagePullPolicy: IfNotPresent name: pod-tls-sidecar resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /config name: kube-prometheus-stack-prometheus-tls - mountPath: /certs name: certs - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vzwz9 readOnly: true - envFrom: - secretRef: name: kube-prometheus-stack-prometheus-oauth2-proxy image: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: oauth2-proxy scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: oauth2-proxy ports: - containerPort: 8081 name: oauth2-proxy protocol: TCP - containerPort: 8082 name: oauth2-metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: oauth2-proxy scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: limits: cpu: 100m memory: 300Mi requests: cpu: 100m memory: 300Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/ssl/certs/ca-certificates.crt name: ca-certificates readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vzwz9 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: prometheus-kube-prometheus-stack-prometheus-0 initContainers: - args: - --watch-interval=0 - --listen-address=:8080 - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8080 name: reloader-web protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vzwz9 readOnly: true nodeName: instance nodeSelector: openstack-control-plane: enabled preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 2000 runAsGroup: 2000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault serviceAccount: kube-prometheus-stack-prometheus serviceAccountName: kube-prometheus-stack-prometheus shareProcessNamespace: false subdomain: prometheus-operated terminationGracePeriodSeconds: 600 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: prometheus-kube-prometheus-stack-prometheus-db persistentVolumeClaim: claimName: prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0 - name: config secret: defaultMode: 420 secretName: prometheus-kube-prometheus-stack-prometheus - name: tls-assets projected: defaultMode: 420 sources: - secret: name: prometheus-kube-prometheus-stack-prometheus-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-kube-prometheus-stack-etcd-client-cert secret: defaultMode: 420 secretName: kube-prometheus-stack-etcd-client-cert - configMap: defaultMode: 420 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - name: web-config secret: defaultMode: 420 secretName: prometheus-kube-prometheus-stack-prometheus-web-config - hostPath: path: /etc/ssl/certs/ca-certificates.crt type: "" name: ca-certificates - emptyDir: medium: Memory name: certs - configMap: defaultMode: 420 name: kube-prometheus-stack-prometheus-tls name: kube-prometheus-stack-prometheus-tls - name: kube-api-access-vzwz9 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-21T18:26:43Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-21T18:27:06Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-21T18:27:06Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-21T18:26:35Z" status: "True" type: PodScheduled containerStatuses: - containerID: containerd://fd6d0e3747a2cf7b8fdd79c076ba7c74279319a71f3c4ec551b157b04742b6a8 image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imageID: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader@sha256:d0e5f8d12f8be6223c93bd13b6d2729ed8f1ae13a61ace8cd1eea3d165666140 lastState: {} name: config-reloader ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-21T18:26:57Z" - containerID: containerd://fe54fa4b4702b7438e8242f492b7a85c20d2efe8ae6642add96dc09610336d2f image: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 imageID: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy@sha256:dcb6ff8dd21bf3058f6a22c6fa385fa5b897a9cd3914c88a2cc2bb0a85f8065d lastState: {} name: oauth2-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-21T18:27:03Z" - containerID: containerd://67eb87906685df55d67414541ba1c430d74c8a2b25d172fffe95399381e50100 image: sha256:d77e74be3cf90e18d911d01e847752bafb5ef410d333ea65e75c882988122f5a imageID: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar@sha256:7a030f8b86c1503006e7d82312a3c8e98769c3b8e3a2e834aee3c60df184161a lastState: {} name: pod-tls-sidecar ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-21T18:26:57Z" - containerID: containerd://35a91b7792efd33626cfe3514b5fb35e49dc4d2000495e2446f1857d8d9d6332 image: harbor.atmosphere.dev/quay.io/prometheus/prometheus:v2.51.2 imageID: harbor.atmosphere.dev/quay.io/prometheus/prometheus@sha256:4f6c47e39a9064028766e8c95890ed15690c30f00c4ba14e7ce6ae1ded0295b1 lastState: {} name: prometheus ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-21T18:26:57Z" hostIP: 199.19.213.191 initContainerStatuses: - containerID: containerd://8aa20184bffd14b3d6c5c261c90c5eae923358c2be7aae9aea119a6cf78c9518 image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imageID: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader@sha256:d0e5f8d12f8be6223c93bd13b6d2729ed8f1ae13a61ace8cd1eea3d165666140 lastState: {} name: init-config-reloader ready: true restartCount: 0 started: false state: terminated: containerID: containerd://8aa20184bffd14b3d6c5c261c90c5eae923358c2be7aae9aea119a6cf78c9518 exitCode: 0 finishedAt: "2026-04-21T18:26:42Z" reason: Completed startedAt: "2026-04-21T18:26:42Z" phase: Running podIP: 10.0.0.55 podIPs: - ip: 10.0.0.55 qosClass: Burstable startTime: "2026-04-21T18:26:35Z"