Chapter 10. ServiceMonitor [monitoring.coreos.com/v1]
- Description
- ServiceMonitor defines monitoring for a set of services.
- Type
-
object
- Required
-
spec
-
10.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| Specification of desired Service selection for target discovery by Prometheus. |
10.1.1. .spec
- Description
- Specification of desired Service selection for target discovery by Prometheus.
- Type
-
object
- Required
-
selector
-
Property | Type | Description |
---|---|---|
|
|
It requires Prometheus >= v2.37.0. |
|
| When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. It requires Prometheus >= v2.28.0. |
|
| List of endpoints part of this ServiceMonitor. |
|
| Endpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus. |
|
|
For example if
If the value of this field is empty or if the label doesn’t exist for the given Service, the |
|
| Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. |
|
| Per-scrape limit on number of labels that will be accepted for a sample. It requires Prometheus >= v2.27.0. |
|
| Per-scrape limit on length of labels name that will be accepted for a sample. It requires Prometheus >= v2.27.0. |
|
| Per-scrape limit on length of labels value that will be accepted for a sample. It requires Prometheus >= v2.27.0. |
|
|
Selector to select which namespaces the Kubernetes |
|
|
|
|
|
|
|
| The scrape class to apply. |
|
|
If unset, Prometheus uses its default value. It requires Prometheus >= v2.49.0. |
|
|
Label selector to select the Kubernetes |
|
|
|
|
|
|
10.1.2. .spec.attachMetadata
- Description
attachMetadata
defines additional metadata which is added to the discovered targets.It requires Prometheus >= v2.37.0.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
When set to true, Prometheus must have the |
10.1.3. .spec.endpoints
- Description
- List of endpoints part of this ServiceMonitor.
- Type
-
array
10.1.4. .spec.endpoints[]
- Description
- Endpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
Cannot be set at the same time as |
|
|
Cannot be set at the same time as |
|
| File to read bearer token for scraping the target.
Deprecated: use |
|
|
Deprecated: use |
|
|
|
|
| When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. If unset, the filtering is enabled. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase |
|
|
|
|
|
When true, |
|
|
|
|
| Interval at which Prometheus scrapes the metrics from the target. If empty, Prometheus uses the global scrape interval. |
|
|
|
|
| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
|
|
It requires Prometheus >= 2.27.0.
Cannot be set at the same time as |
|
| params define optional HTTP URL parameters. |
|
| |
|
| HTTP path from which to scrape for metrics.
If empty, Prometheus uses the default value (e.g. |
|
| Name of the Service port which this endpoint refers to.
It takes precedence over |
|
|
|
|
|
The Operator automatically adds relabelings for a few standard Kubernetes fields.
The original scrape job’s name is available via the More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
|
| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
|
| HTTP scheme to use for scraping.
If empty, Prometheus uses the default value |
|
| Timeout after which Prometheus considers the scrape to be failed. If empty, Prometheus uses the global scrape timeout unless it is less than the target’s scrape interval value in which the latter is used. |
|
|
Name or number of the target port of the |
|
| TLS configuration to use when scraping the target. |
|
|
It requires Prometheus >= v2.48.0. |
10.1.5. .spec.endpoints[].authorization
- Description
authorization
configures the Authorization header credentials to use when scraping the target.Cannot be set at the same time as
basicAuth
, oroauth2
.- Type
-
object
Property | Type | Description |
---|---|---|
|
| Selects a key of a Secret in the namespace that contains the credentials for authentication. |
|
| Defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. Default: "Bearer" |
10.1.6. .spec.endpoints[].authorization.credentials
- Description
- Selects a key of a Secret in the namespace that contains the credentials for authentication.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the Secret or its key must be defined |
10.1.7. .spec.endpoints[].basicAuth
- Description
basicAuth
configures the Basic Authentication credentials to use when scraping the target.Cannot be set at the same time as
authorization
, oroauth2
.- Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
10.1.8. .spec.endpoints[].basicAuth.password
- Description
-
password
specifies a key of a Secret containing the password for authentication. - Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the Secret or its key must be defined |
10.1.9. .spec.endpoints[].basicAuth.username
- Description
-
username
specifies a key of a Secret containing the username for authentication. - Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the Secret or its key must be defined |
10.1.10. .spec.endpoints[].bearerTokenSecret
- Description
bearerTokenSecret
specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator.Deprecated: use
authorization
instead.- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the Secret or its key must be defined |
10.1.11. .spec.endpoints[].metricRelabelings
- Description
-
metricRelabelings
configures the relabeling rules to apply to the samples before ingestion. - Type
-
array
10.1.12. .spec.endpoints[].metricRelabelings[]
- Description
RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Action to perform based on the regex matching.
Default: "Replace" |
|
| Modulus to take of the hash of the source label values.
Only applicable when the action is |
|
| Regular expression against which the extracted value is matched. |
|
| Replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. |
|
| Separator is the string between concatenated SourceLabels. |
|
| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. |
|
| Label to which the resulting string is written in a replacement.
It is mandatory for Regex capture groups are available. |
10.1.13. .spec.endpoints[].oauth2
- Description
oauth2
configures the OAuth2 settings to use when scraping the target.It requires Prometheus >= 2.27.0.
Cannot be set at the same time as
authorization
, orbasicAuth
.- Type
-
object
- Required
-
clientId
-
clientSecret
-
tokenUrl
-
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10.1.14. .spec.endpoints[].oauth2.clientId
- Description
-
clientId
specifies a key of a Secret or ConfigMap containing the OAuth2 client’s ID. - Type
-
object
Property | Type | Description |
---|---|---|
|
| ConfigMap containing data to use for the targets. |
|
| Secret containing data to use for the targets. |
10.1.15. .spec.endpoints[].oauth2.clientId.configMap
- Description
- ConfigMap containing data to use for the targets.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key to select. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the ConfigMap or its key must be defined |
10.1.16. .spec.endpoints[].oauth2.clientId.secret
- Description
- Secret containing data to use for the targets.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the Secret or its key must be defined |
10.1.17. .spec.endpoints[].oauth2.clientSecret
- Description
-
clientSecret
specifies a key of a Secret containing the OAuth2 client’s secret. - Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the Secret or its key must be defined |
10.1.18. .spec.endpoints[].params
- Description
- params define optional HTTP URL parameters.
- Type
-
object
10.1.19. .spec.endpoints[].relabelings
- Description
relabelings
configures the relabeling rules to apply the target’s metadata labels.The Operator automatically adds relabelings for a few standard Kubernetes fields.
The original scrape job’s name is available via the
\__tmp_prometheus_job_name
label.More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
- Type
-
array
10.1.20. .spec.endpoints[].relabelings[]
- Description
RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Action to perform based on the regex matching.
Default: "Replace" |
|
| Modulus to take of the hash of the source label values.
Only applicable when the action is |
|
| Regular expression against which the extracted value is matched. |
|
| Replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. |
|
| Separator is the string between concatenated SourceLabels. |
|
| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. |
|
| Label to which the resulting string is written in a replacement.
It is mandatory for Regex capture groups are available. |
10.1.21. .spec.endpoints[].tlsConfig
- Description
- TLS configuration to use when scraping the target.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Certificate authority used when verifying server certificates. |
|
| Path to the CA cert in the Prometheus container to use for the targets. |
|
| Client certificate to present when doing client-authentication. |
|
| Path to the client cert file in the Prometheus container for the targets. |
|
| Disable target certificate validation. |
|
| Path to the client key file in the Prometheus container for the targets. |
|
| Secret containing the client key file for the targets. |
|
| Used to verify the hostname for the targets. |
10.1.22. .spec.endpoints[].tlsConfig.ca
- Description
- Certificate authority used when verifying server certificates.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| ConfigMap containing data to use for the targets. |
|
| Secret containing data to use for the targets. |
10.1.23. .spec.endpoints[].tlsConfig.ca.configMap
- Description
- ConfigMap containing data to use for the targets.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key to select. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the ConfigMap or its key must be defined |
10.1.24. .spec.endpoints[].tlsConfig.ca.secret
- Description
- Secret containing data to use for the targets.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the Secret or its key must be defined |
10.1.25. .spec.endpoints[].tlsConfig.cert
- Description
- Client certificate to present when doing client-authentication.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| ConfigMap containing data to use for the targets. |
|
| Secret containing data to use for the targets. |
10.1.26. .spec.endpoints[].tlsConfig.cert.configMap
- Description
- ConfigMap containing data to use for the targets.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key to select. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the ConfigMap or its key must be defined |
10.1.27. .spec.endpoints[].tlsConfig.cert.secret
- Description
- Secret containing data to use for the targets.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the Secret or its key must be defined |
10.1.28. .spec.endpoints[].tlsConfig.keySecret
- Description
- Secret containing the client key file for the targets.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
|
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop |
|
| Specify whether the Secret or its key must be defined |
10.1.29. .spec.namespaceSelector
- Description
-
Selector to select which namespaces the Kubernetes
Endpoints
objects are discovered from. - Type
-
object
Property | Type | Description |
---|---|---|
|
| Boolean describing whether all namespaces are selected in contrast to a list restricting them. |
|
| List of namespace names to select from. |
10.1.30. .spec.selector
- Description
-
Label selector to select the Kubernetes
Endpoints
objects. - Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
10.1.31. .spec.selector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
10.1.32. .spec.selector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
10.2. API endpoints
The following API endpoints are available:
/apis/monitoring.coreos.com/v1/servicemonitors
-
GET
: list objects of kind ServiceMonitor
-
/apis/monitoring.coreos.com/v1/namespaces/{namespace}/servicemonitors
-
DELETE
: delete collection of ServiceMonitor -
GET
: list objects of kind ServiceMonitor -
POST
: create a ServiceMonitor
-
/apis/monitoring.coreos.com/v1/namespaces/{namespace}/servicemonitors/{name}
-
DELETE
: delete a ServiceMonitor -
GET
: read the specified ServiceMonitor -
PATCH
: partially update the specified ServiceMonitor -
PUT
: replace the specified ServiceMonitor
-
10.2.1. /apis/monitoring.coreos.com/v1/servicemonitors
- HTTP method
-
GET
- Description
- list objects of kind ServiceMonitor
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
10.2.2. /apis/monitoring.coreos.com/v1/namespaces/{namespace}/servicemonitors
- HTTP method
-
DELETE
- Description
- delete collection of ServiceMonitor
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind ServiceMonitor
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a ServiceMonitor
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
10.2.3. /apis/monitoring.coreos.com/v1/namespaces/{namespace}/servicemonitors/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the ServiceMonitor |
- HTTP method
-
DELETE
- Description
- delete a ServiceMonitor
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified ServiceMonitor
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified ServiceMonitor
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified ServiceMonitor
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |