Chapter 10. ServiceMonitor [monitoring.coreos.com/v1]

attachMetadata

object

attachMetadata defines additional metadata which is added to the discovered targets.

It requires Prometheus >= v2.37.0.

bodySizeLimit

string

When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus.

It requires Prometheus >= v2.28.0.

endpoints

array

List of endpoints part of this ServiceMonitor. Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels.

endpoints[]

object

Endpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.

jobLabel

string

jobLabel selects the label from the associated Kubernetes Service object which will be used as the job label for all metrics.

For example if jobLabel is set to foo and the Kubernetes Service object is labeled with foo: bar, then Prometheus adds the job="bar" label to all ingested metrics.

If the value of this field is empty or if the label doesn’t exist for the given Service, the job label of the metrics defaults to the name of the associated Kubernetes Service.

keepDroppedTargets

integer

Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.

It requires Prometheus >= v2.47.0.

labelLimit

integer

Per-scrape limit on number of labels that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelNameLengthLimit

integer

Per-scrape limit on length of labels name that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

labelValueLengthLimit

integer

Per-scrape limit on length of labels value that will be accepted for a sample.

It requires Prometheus >= v2.27.0.

namespaceSelector

object

namespaceSelector defines in which namespace(s) Prometheus should discover the services. By default, the services are discovered in the same namespace as the ServiceMonitor object but it is possible to select pods across different/all namespaces.

nativeHistogramBucketLimit

integer

If there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0.

nativeHistogramMinBucketFactor

integer-or-string

If the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0.

podTargetLabels

array (string)

podTargetLabels defines the labels which are transferred from the associated Kubernetes Pod object onto the ingested metrics.

sampleLimit

integer

sampleLimit defines a per-scrape limit on the number of scraped samples that will be accepted.

scrapeClass

string

The scrape class to apply.

scrapeClassicHistograms

boolean

Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0.

scrapeProtocols

array (string)

scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred).

If unset, Prometheus uses its default value.

It requires Prometheus >= v2.49.0.

selector

object

Label selector to select the Kubernetes Endpoints objects to scrape metrics from.

targetLabels

array (string)

targetLabels defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

targetLimit

integer

targetLimit defines a limit on the number of scraped targets that will be accepted.

node

boolean

When set to true, Prometheus attaches node metadata to the discovered targets.

The Prometheus service account must have the list and watch permissions on the Nodes objects.

authorization

object

authorization configures the Authorization header credentials to use when scraping the target.

Cannot be set at the same time as basicAuth, or oauth2.

basicAuth

object

basicAuth configures the Basic Authentication credentials to use when scraping the target.

Cannot be set at the same time as authorization, or oauth2.

bearerTokenFile

string

File to read bearer token for scraping the target.

Deprecated: use authorization instead.

bearerTokenSecret

object

bearerTokenSecret specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator.

Deprecated: use authorization instead.

enableHttp2

boolean

enableHttp2 can be used to disable HTTP2 when scraping the target.

filterRunning

boolean

When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery.

If unset, the filtering is enabled.

More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase

followRedirects

boolean

followRedirects defines whether the scrape requests should follow HTTP 3xx redirects.

honorLabels

boolean

When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.

honorTimestamps

boolean

honorTimestamps controls whether Prometheus preserves the timestamps when exposed by the target.

interval

string

Interval at which Prometheus scrapes the metrics from the target.

If empty, Prometheus uses the global scrape interval.

metricRelabelings

array

metricRelabelings configures the relabeling rules to apply to the samples before ingestion.

metricRelabelings[]

object

RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

oauth2

object

oauth2 configures the OAuth2 settings to use when scraping the target.

It requires Prometheus >= 2.27.0.

Cannot be set at the same time as authorization, or basicAuth.

params

object

params define optional HTTP URL parameters.

params{}

array (string)

path

string

HTTP path from which to scrape for metrics.

If empty, Prometheus uses the default value (e.g. /metrics).

port

string

Name of the Service port which this endpoint refers to.

It takes precedence over targetPort.

proxyUrl

string

proxyURL configures the HTTP Proxy URL (e.g. "http://proxyserver:2195") to go through when scraping the target.

relabelings

array

relabelings configures the relabeling rules to apply the target’s metadata labels.

The Operator automatically adds relabelings for a few standard Kubernetes fields.

The original scrape job’s name is available via the \__tmp_prometheus_job_name label.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

relabelings[]

object

RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

scheme

string

HTTP scheme to use for scraping.

http and https are the expected values unless you rewrite the scheme label via relabeling.

If empty, Prometheus uses the default value http.

scrapeTimeout

string

Timeout after which Prometheus considers the scrape to be failed.

If empty, Prometheus uses the global scrape timeout unless it is less than the target’s scrape interval value in which the latter is used.

targetPort

integer-or-string

Name or number of the target port of the Pod object behind the Service. The port must be specified with the container’s port property.

tlsConfig

object

TLS configuration to use when scraping the target.

trackTimestampsStaleness

boolean

trackTimestampsStaleness defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if honorTimestamps is false.

It requires Prometheus >= v2.48.0.

credentials

object

Selects a key of a Secret in the namespace that contains the credentials for authentication.

type

string

Defines the authentication type. The value is case-insensitive.

"Basic" is not a supported value.

Default: "Bearer"

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

password

object

password specifies a key of a Secret containing the password for authentication.

username

object

username specifies a key of a Secret containing the username for authentication.

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

action

string

Action to perform based on the regex matching.

Uppercase and Lowercase actions require Prometheus >= v2.36.0. DropEqual and KeepEqual actions require Prometheus >= v2.41.0.

Default: "Replace"

modulus

integer

Modulus to take of the hash of the source label values.

Only applicable when the action is HashMod.

regex

string

Regular expression against which the extracted value is matched.

replacement

string

Replacement value against which a Replace action is performed if the regular expression matches.

Regex capture groups are available.

separator

string

Separator is the string between concatenated SourceLabels.

sourceLabels

array (string)

The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.

targetLabel

string

Label to which the resulting string is written in a replacement.

It is mandatory for Replace, HashMod, Lowercase, Uppercase, KeepEqual and DropEqual actions.

Regex capture groups are available.

clientId

object

clientId specifies a key of a Secret or ConfigMap containing the OAuth2 client’s ID.

clientSecret

object

clientSecret specifies a key of a Secret containing the OAuth2 client’s secret.

endpointParams

object (string)

endpointParams configures the HTTP parameters to append to the token URL.

noProxy

string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader

object

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyConnectHeader{}

array

proxyConnectHeader{}[]

object

SecretKeySelector selects a key of a Secret.

proxyFromEnvironment

boolean

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

proxyUrl

string

proxyURL defines the HTTP proxy server to use.

scopes

array (string)

scopes defines the OAuth2 scopes used for the token request.

tlsConfig

object

TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0.

tokenUrl

string

tokenURL configures the URL to fetch the token from.

configMap

object

ConfigMap containing data to use for the targets.

secret

object

Secret containing data to use for the targets.

key

string

The key to select.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ca

object

Certificate authority used when verifying server certificates.

cert

object

Client certificate to present when doing client-authentication.

insecureSkipVerify

boolean

Disable target certificate validation.

keySecret

object

Secret containing the client key file for the targets.

maxVersion

string

Maximum acceptable TLS version.

It requires Prometheus >= v2.41.0.

minVersion

string

Minimum acceptable TLS version.

It requires Prometheus >= v2.35.0.

serverName

string

Used to verify the hostname for the targets.

configMap

object

ConfigMap containing data to use for the targets.

secret

object

Secret containing data to use for the targets.

key

string

The key to select.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

configMap

object

ConfigMap containing data to use for the targets.

secret

object

Secret containing data to use for the targets.

key

string

The key to select.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

action

string

Action to perform based on the regex matching.

Uppercase and Lowercase actions require Prometheus >= v2.36.0. DropEqual and KeepEqual actions require Prometheus >= v2.41.0.

Default: "Replace"

modulus

integer

Modulus to take of the hash of the source label values.

Only applicable when the action is HashMod.

regex

string

Regular expression against which the extracted value is matched.

replacement

string

Replacement value against which a Replace action is performed if the regular expression matches.

Regex capture groups are available.

separator

string

Separator is the string between concatenated SourceLabels.

sourceLabels

array (string)

The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.

targetLabel

string

Label to which the resulting string is written in a replacement.

It is mandatory for Replace, HashMod, Lowercase, Uppercase, KeepEqual and DropEqual actions.

Regex capture groups are available.

ca

object

Certificate authority used when verifying server certificates.

caFile

string

Path to the CA cert in the Prometheus container to use for the targets.

cert

object

Client certificate to present when doing client-authentication.

certFile

string

Path to the client cert file in the Prometheus container for the targets.

insecureSkipVerify

boolean

Disable target certificate validation.

keyFile

string

Path to the client key file in the Prometheus container for the targets.

keySecret

object

Secret containing the client key file for the targets.

maxVersion

string

Maximum acceptable TLS version.

It requires Prometheus >= v2.41.0.

minVersion

string

Minimum acceptable TLS version.

It requires Prometheus >= v2.35.0.

serverName

string

Used to verify the hostname for the targets.

configMap

object

ConfigMap containing data to use for the targets.

secret

object

Secret containing data to use for the targets.

key

string

The key to select.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

configMap

object

ConfigMap containing data to use for the targets.

secret

object

Secret containing data to use for the targets.

key

string

The key to select.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

any

boolean

Boolean describing whether all namespaces are selected in contrast to a list restricting them.

matchNames

array (string)

List of namespace names to select from.

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

200 - OK

ServiceMonitorList schema

401 - Unauthorized

Empty

200 - OK

Status schema

401 - Unauthorized

Empty

200 - OK

ServiceMonitorList schema

401 - Unauthorized

Empty

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

body

ServiceMonitor schema

200 - OK

ServiceMonitor schema

201 - Created

ServiceMonitor schema

202 - Accepted

ServiceMonitor schema

401 - Unauthorized

Empty

name

string

name of the ServiceMonitor

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

200 - OK

ServiceMonitor schema

401 - Unauthorized

Empty

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

200 - OK

ServiceMonitor schema

401 - Unauthorized

Empty

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

body

ServiceMonitor schema

200 - OK

ServiceMonitor schema

201 - Created

ServiceMonitor schema

401 - Unauthorized

Empty