| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | false |
| `spec` | ServiceSpec describes the attributes that a user creates on a service.<br/>More info: https://kubernetes.io/docs/concepts/services-networking/service/ | _[ServiceSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#servicespec-v1-core)_ | true |
| `useAsDefault` | UseAsDefault applies changes from given service definition to the main object Service<br/>Changing from headless service to clusterIP or loadbalancer may break cross-component communication | _boolean_ | false |
AlertmanagerWebConfig defines web server configuration for alertmanager
_Appears in:_
- [VMAlertmanagerSpec](#vmalertmanagerspec)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `basic_auth_users` | BasicAuthUsers Usernames and hashed passwords that have full access to the web server<br/>Passwords must be hashed with bcrypt | _object (keys:string, values:string)_ | false |
| `http_server_config` | HTTPServerConfig defines http server configuration for alertmanager web server | _[AlertmanagerHTTPConfig](#alertmanagerhttpconfig)_ | false |
| `tls_server_config` | TLSServerConfig defines server TLS configuration for alertmanager | _[TLSServerConfig](#tlsserverconfig)_ | false |
| `node` | Node instructs vmagent to add node specific metadata from service discovery<br/>Valid for roles: pod, endpoints, endpointslice. | _boolean_ | false |
| `credentials` | Reference to the secret with value for authorization | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | true |
| `port` | The port to scrape metrics from. If using the public IP address, this must<br/>instead be specified in the relabeling rule. | _integer_ | false |
| `resourceGroup` | Optional resource group name. Limits discovery to this resource group. | _string_ | false |
| `password` | Password defines reference for secret with password value<br/>The secret needs to be in the same namespace as scrape object | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `password_file` | PasswordFile defines path to password file at disk<br/>must be pre-mounted | _string_ | false |
| `username` | Username defines reference for secret with username value<br/>The secret needs to be in the same namespace as scrape object | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `cert_file` | CertFile defines path to the pre-mounted file with certificate<br/>mutually exclusive with CertSecretRef | _string_ | false |
| `cert_secret_ref` | CertSecretRef defines reference for secret with certificate content under given key<br/>mutually exclusive with CertFile | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `key_file` | KeyFile defines path to the pre-mounted file with certificate key<br/>mutually exclusive with KeySecretRef | _string_ | false |
| `key_secret_ref` | Key defines reference for secret with certificate key content under given key<br/>mutually exclusive with KeyFile | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `affinity` | Affinity If specified, the pod's scheduling constraints. | _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#affinity-v1-core)_ | false |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `hostNetwork` | HostNetwork controls whether the pod may use the node network namespace | _boolean_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `priorityClassName` | PriorityClassName class assigned to the Pods | _string_ | false |
| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `runtimeClassName` | RuntimeClassName - defines runtime class for kubernetes pod.<br/>https://kubernetes.io/docs/concepts/containers/runtime-class/ | _string_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
#### CommonConfigReloaderParams
_Appears in:_
- [VMAgentSpec](#vmagentspec)
- [VMAlertSpec](#vmalertspec)
- [VMAlertmanagerSpec](#vmalertmanagerspec)
- [VMAuthSpec](#vmauthspec)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `configReloaderExtraArgs` | ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container<br/>for example resyncInterval: "30s" | _object (keys:string, values:string)_ | false |
| `configReloaderResources` | ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `useVMConfigReloader` | UseVMConfigReloader replaces prometheus-like config-reloader<br/>with vm one. It uses secrets watch instead of file watch<br/>which greatly increases speed of config updates | _boolean_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
ConfigMapKeyReference refers to a key in a ConfigMap.
_Appears in:_
- [VMAlertmanagerSpec](#vmalertmanagerspec)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `key` | The ConfigMap key to refer to. | _string_ | true |
| `name` | Name of the referent.<br/>This field is effectively required, but due to backwards compatibility is<br/>allowed to be empty. Instances of this type with an empty value here are<br/>almost certainly wrong.<br/>TODO: Add other useful fields. apiVersion, kind, uid?<br/>More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names<br/>TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | _string_ | false |
| `allowStale` | Allow stale Consul results (see https://developer.hashicorp.com/consul/api-docs/features/consistency). Will reduce load on Consul.<br/>If unset, use its default value. | _boolean_ | false |
| `tokenRef` | Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
ContainerSecurityContext defines security context for each application container
_Appears in:_
- [SecurityContext](#securitycontext)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `allowPrivilegeEscalation` | AllowPrivilegeEscalation controls whether a process can gain more<br/>privileges than its parent process. This bool directly controls if<br/>the no_new_privs flag will be set on the container process.<br/>AllowPrivilegeEscalation is true always when the container is:<br/>1) run as Privileged<br/>2) has CAP_SYS_ADMIN<br/>Note that this field cannot be set when spec.os.name is windows. | _boolean_ | false |
| `capabilities` | The capabilities to add/drop when running containers.<br/>Defaults to the default set of capabilities granted by the container runtime.<br/>Note that this field cannot be set when spec.os.name is windows. | _[Capabilities](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#capabilities-v1-core)_ | false |
| `privileged` | Run containers in privileged mode.<br/>Processes in privileged containers are essentially equivalent to root on the host.<br/>Note that this field cannot be set when spec.os.name is windows. | _boolean_ | false |
| `procMount` | procMount denotes the type of proc mount to use for the containers.<br/>The default is DefaultProcMount which uses the container runtime defaults for<br/>readonly paths and masked paths.<br/>This requires the ProcMountType feature flag to be enabled.<br/>Note that this field cannot be set when spec.os.name is windows. | _[ProcMountType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#procmounttype-v1-core)_ | false |
| `readOnlyRootFilesystem` | Whether this containers has a read-only root filesystem.<br/>Default is false.<br/>Note that this field cannot be set when spec.os.name is windows. | _boolean_ | false |
| `webhook_url_secret` | URLSecret defines secret name and key at the CRD namespace.<br/>It must contain the webhook URL.<br/>one of `urlSecret` and `url` must be defined. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `accessKey` | AccessKey is the AWS API key. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `filters` | Filters can be used optionally to filter the instance list by other criteria.<br/>Available filter criteria can be found here:<br/>https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html<br/>Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html | _[EC2Filter](#ec2filter) array_ | false |
| `port` | The port to scrape metrics from. If using the public IP address, this must<br/>instead be specified in the relabeling rule. | _integer_ | false |
| `region` | The AWS region | _string_ | false |
| `roleARN` | AWS Role ARN, an alternative to using AWS API keys. | _string_ | false |
| `secretKey` | SecretKey is the AWS API secret. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `auth_secret` | AuthSecret defines secrent name and key at CRD namespace.<br/>It must contain the CRAM-MD5 secret. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `from` | The sender address.<br/>fallback to global setting if empty | _string_ | false |
| `headers` | Further headers email header key/value pairs. Overrides any headers<br/>previously set by the notification implementation. | _object (keys:string, values:string)_ | true |
| `annotations` | Annotations is an unstructured key value map stored with a resource that may be<br/>set by external tools to store and retrieve arbitrary metadata. They are not<br/>queryable and should be preserved when modifying objects.<br/>More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations | _object (keys:string, values:string)_ | false |
| `class_name` | ClassName defines ingress class name for VMAuth | _string_ | false |
| `extraRules` | ExtraRules - additional rules for ingress,<br/>must be checked for correctness by user. | _[IngressRule](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#ingressrule-v1-networking) array_ | false |
| `extraTls` | ExtraTLS - additional TLS configuration for ingress<br/>must be checked for correctness by user. | _[IngressTLS](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#ingresstls-v1-networking) array_ | false |
| `host` | Host defines ingress host parameter for default rule<br/>It will be used, only if TlsHosts is empty | _string_ | false |
| `labels` | Labels Map of string keys and values that can be used to organize and categorize<br/>(scope and select) objects. May match selectors of replication controllers<br/>and services.<br/>More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | _object (keys:string, values:string)_ | false |
| `name` | Name must be unique within a namespace. Is required when creating resources, although<br/>some resources may allow a client to request the generation of an appropriate name<br/>automatically. Name is primarily intended for creation idempotence and configuration<br/>definition.<br/>Cannot be updated.<br/>More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names | _string_ | false |
| `tlsHosts` | TlsHosts configures TLS access for ingress, tlsSecretName must be defined for it. | _string array_ | true |
| `tlsSecretName` | TlsSecretName defines secretname at the VMAuth namespace with cert and key<br/>https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | _string_ | false |
| `annotations` | Annotations is an unstructured key value map stored with a resource that may be<br/>set by external tools to store and retrieve arbitrary metadata. They are not<br/>queryable and should be preserved when modifying objects.<br/>More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations | _object (keys:string, values:string)_ | false |
| `labels` | Labels Map of string keys and values that can be used to organize and categorize<br/>(scope and select) objects. May match selectors of replication controllers<br/>and services.<br/>More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | _object (keys:string, values:string)_ | false |
| `name` | Name must be unique within a namespace. Is required when creating resources, although<br/>some resources may allow a client to request the generation of an appropriate name<br/>automatically. Name is primarily intended for creation idempotence and configuration<br/>definition.<br/>Cannot be updated.<br/>More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names | _string_ | false |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | false |
| `spec` | Spec defines the desired characteristics of a volume requested by a pod author.<br/>More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | _[PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#persistentvolumeclaimspec-v1-core)_ | false |
| `maxUnavailable` | An eviction is allowed if at most "maxUnavailable" pods selected by<br/>"selector" are unavailable after the eviction, i.e. even in absence of<br/>the evicted pod. For example, one can prevent all voluntary evictions<br/>by specifying 0. This is a mutually exclusive setting with "minAvailable". | _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#intorstring-intstr-util)_ | false |
| `minAvailable` | An eviction is allowed if at least "minAvailable" pods selected by<br/>"selector" will still be available after the eviction, i.e. even in the<br/>absence of the evicted pod. So for example you can prevent all voluntary<br/>evictions by specifying "100%". | _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#intorstring-intstr-util)_ | false |
| `selectorLabels` | replaces default labels selector generated by operator<br/>it's useful when you need to create custom budget | _object (keys:string, values:string)_ | false |
| `livenessProbe` | LivenessProbe that will be added CRD pod | _[Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#probe-v1-core)_ | false |
| `readinessProbe` | ReadinessProbe that will be added CRD pod | _[Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#probe-v1-core)_ | false |
| `startupProbe` | StartupProbe that will be added to CRD pod | _[Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#probe-v1-core)_ | false |
| `basicAuth` | BasicAuth allow an endpoint to authenticate over basic authentication | _[BasicAuth](#basicauth)_ | false |
| `bearerTokenFile` | File to read bearer token for scraping targets. | _string_ | false |
| `bearerTokenSecret` | Secret to mount to read bearer token for scraping targets. The secret<br/>needs to be in the same namespace as the scrape object and accessible by<br/>the victoria-metrics operator. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `path` | HTTP path to scrape for metrics. | _string_ | false |
| `port` | Name of the port exposed at Service. | _string_ | false |
| `proxyURL` | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | _string_ | false |
| `relabelConfigs` | RelabelConfigs to apply to samples during service discovery. | _[RelabelConfig](#relabelconfig) array_ | false |
| `sampleLimit` | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | _integer_ | false |
| `scheme` | HTTP scheme to use for scraping. | _string_ | false |
| `scrapeTimeout` | Timeout after which the scrape is ended | _string_ | false |
| `scrape_interval` | ScrapeInterval is the same as Interval and has priority over it.<br/>one of scrape_interval or interval can be used | _string_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
| `targetPort` | TargetPort<br/>Name or number of the pod port this endpoint refers to. Mutually exclusive with port. | _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#intorstring-intstr-util)_ | false |
| `tlsConfig` | TLSConfig configuration to use when scraping the endpoint | _[TLSConfig](#tlsconfig)_ | false |
| `basicAuth` | BasicAuth allow an endpoint to authenticate over basic authentication | _[BasicAuth](#basicauth)_ | false |
| `bearerTokenFile` | File to read bearer token for scraping targets. | _string_ | false |
| `bearerTokenSecret` | Secret to mount to read bearer token for scraping targets. The secret<br/>needs to be in the same namespace as the scrape object and accessible by<br/>the victoria-metrics operator. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `path` | HTTP path to scrape for metrics. | _string_ | false |
| `proxyURL` | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | _string_ | false |
| `sampleLimit` | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | _integer_ | false |
| `scheme` | HTTP scheme to use for scraping. | _string_ | false |
| `scrapeTimeout` | Timeout after which the scrape is ended | _string_ | false |
| `scrape_interval` | ScrapeInterval is the same as Interval and has priority over it.<br/>one of scrape_interval or interval can be used | _string_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
ExternalConfig defines external source of configuration
_Appears in:_
- [VMAuthSpec](#vmauthspec)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `localPath` | LocalPath contains static path to a config, which is managed externally for cases<br/>when using secrets is not applicable, e.g.: Vault sidecar. | _string_ | false |
| `secretRef` | SecretRef defines selector for externally managed secret which contains configuration | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `filter` | Filter can be used optionally to filter the instance list by other criteria<br/>Syntax of this filter is described in the filter query parameter section:<br/>https://cloud.google.com/compute/docs/reference/latest/instances/list | _string_ | false |
| `port` | The port to scrape metrics from. If using the public IP address, this must<br/>instead be specified in the relabeling rule. | _integer_ | false |
| `project` | The Google Cloud Project ID | _string_ | true |
| `tagSeparator` | The tag separator is used to separate the tags on concatenation | _string_ | false |
| `zone` | The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs. | _string_ | true |
| `headers` | Headers allow configuring custom http headers<br/>Must be in form of semicolon separated header with value<br/>e.g.<br/>headerName:headerValue<br/>vmalert supports it since 1.79.0 version | _string array_ | false |
| `authorization` | Authorization header configuration for the client.<br/>This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | _[Authorization](#authorization)_ | false |
| `basic_auth` | BasicAuth for the client. | _[BasicAuth](#basicauth)_ | false |
| `bearer_token_secret` | The secret's key that contains the bearer token<br/>It must be at them same namespace as CRD | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `equal` | Labels that must have an equal value in the source and target alert for<br/>the inhibition to take effect. | _string array_ | false |
| `source_matchers` | SourceMatchers defines a list of matchers for which one or more alerts have<br/>to exist for the inhibition to take effect. | _string array_ | false |
| `target_matchers` | TargetMatchers defines a list of matchers that have to be fulfilled by the target<br/>alerts to be muted. | _string array_ | false |
| `apiServer` | The API server address consisting of a hostname or IP address followed<br/>by an optional port number.<br/>If left empty, assuming process is running inside<br/>of the cluster. It will discover API servers automatically and use the pod's<br/>CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. | _string_ | false |
| `attach_metadata` | AttachMetadata configures metadata attaching from service discovery | _[AttachMetadata](#attachmetadata)_ | false |
| `authorization` | Authorization header to use on every scrape request. | _[Authorization](#authorization)_ | false |
| `basicAuth` | BasicAuth information to use on every scrape request. | _[BasicAuth](#basicauth)_ | false |
| `key` | Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise).<br/>To request a trial license, [go to](https://victoriametrics.com/products/enterprise/trial) | _string_ | true |
| `keyRef` | KeyRef is reference to secret with license key for enterprise features. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | true |
| `webhook_url_secret` | URLSecret defines secret name and key at the CRD namespace.<br/>It must contain the webhook URL.<br/>one of `urlSecret` and `url` must be defined. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `names` | List of namespaces where to watch for resources.<br/>If empty and `ownNamespace` isn't true, watch for resources in all namespaces. | _string array_ | false |
| `ownNamespace` | Includes the namespace in which the pod exists to the list of watched namespaces. | _boolean_ | false |
| `allTenants` | Whether the service discovery should list all instances for all projects.<br/>It is only relevant for the 'instance' role and usually requires admin permissions. | _boolean_ | false |
| `applicationCredentialName` | The ApplicationCredentialID or ApplicationCredentialName fields are<br/>required if using an application credential to authenticate. Some providers<br/>allow you to create an application credential to authenticate rather than a<br/>password. | _string_ | false |
| `applicationCredentialSecret` | The applicationCredentialSecret field is required if using an application<br/>credential to authenticate. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `availability` | Availability of the endpoint to connect to. | _string_ | false |
| `domainID` | DomainID | _string_ | false |
| `domainName` | At most one of domainId and domainName must be provided if using username<br/>with Identity V3. Otherwise, either are optional. | _string_ | false |
| `identityEndpoint` | IdentityEndpoint specifies the HTTP endpoint that is required to work with<br/>the Identity API of the appropriate version. | _string_ | false |
| `password` | Password for the Identity V2 and V3 APIs. Consult with your provider's<br/>control panel to discover your account's preferred method of authentication. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `port` | The port to scrape metrics from. If using the public IP address, this must<br/>instead be specified in the relabeling rule. | _integer_ | false |
| `projectID` | ProjectID | _string_ | false |
| `projectName` | The ProjectId and ProjectName fields are optional for the Identity V2 API.<br/>Some providers allow you to specify a ProjectName instead of the ProjectId.<br/>Some require both. Your provider's authentication policies will determine<br/>how these fields influence authentication. | _string_ | false |
| `role` | The OpenStack role of entities that should be discovered. | _string_ | true |
| `tlsConfig` | TLS configuration to use on every scrape request | _[TLSConfig](#tlsconfig)_ | false |
| `userid` | UserID | _string_ | false |
| `username` | Username is required if using Identity V2 API. Consult with your provider's<br/>control panel to discover your account's username.<br/>In Identity V3, either userid or a combination of username<br/>and domainId or domainName are needed | _string_ | false |
| `api_key` | The secret's key that contains the OpsGenie API key.<br/>It must be at them same namespace as CRD<br/>fallback to global setting if empty | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `source` | Backlink to the sender of the notification. | _string_ | false |
| `tags` | Comma separated list of tags attached to the notifications. | _string_ | false |
| `update_alerts` | Whether to update message and description of the alert in OpsGenie if it already exists<br/>By default, the alert is never updated in OpsGenie, the new message only appears in activity log. | _boolean_ | true |
| `routing_key` | The secret's key that contains the PagerDuty integration key (when using<br/>Events API v2). Either this field or `serviceKey` needs to be defined.<br/>It must be at them same namespace as CRD | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `service_key` | The secret's key that contains the PagerDuty service key (when using<br/>integration type "Prometheus"). Either this field or `routingKey` needs to<br/>be defined.<br/>It must be at them same namespace as CRD | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `bearerTokenSecret` | Secret to mount to read bearer token for scraping targets. The secret<br/>needs to be in the same namespace as the scrape object and accessible by<br/>the victoria-metrics operator. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `filterRunning` | FilterRunning applies filter with pod status == running<br/>it prevents from scrapping metrics at failed or succeed state pods.<br/>enabled by default | _boolean_ | false |
| `scheme` | HTTP scheme to use for scraping. | _string_ | false |
| `scrapeTimeout` | Timeout after which the scrape is ended | _string_ | false |
| `scrape_interval` | ScrapeInterval is the same as Interval and has priority over it.<br/>one of scrape_interval or interval can be used | _string_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
| `targetPort` | TargetPort<br/>Name or number of the pod port this endpoint refers to. Mutually exclusive with port. | _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#intorstring-intstr-util)_ | false |
| `token` | The secret's key that contains the registered application’s API token, see https://pushover.net/apps.<br/>It must be at them same namespace as CRD | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | true |
| `user_key` | The secret's key that contains the recipient user’s user key.<br/>It must be at them same namespace as CRD | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | true |
| `labels` | Labels is used together with Match for `action: graphite` | _object (keys:string, values:string)_ | false |
| `match` | Match is used together with Labels for `action: graphite` | _string_ | false |
| `modulus` | Modulus to take of the hash of the source label values. | _integer_ | false |
| `regex` | Regular expression against which the extracted value is matched. Default is '(.*)'<br/>victoriaMetrics supports multiline regex joined with \|<br/>https://docs.victoriametrics.com/vmagent/#relabeling-enhancements | _[StringOrArray](#stringorarray)_ | false |
| `replacement` | Replacement value against which a regex replace is performed if the<br/>regular expression matches. Regex capture groups are available. Default is '$1' | _string_ | false |
| `separator` | Separator placed between concatenated source label values. default is ';'. | _string_ | false |
| `sourceLabels` | The source labels select values from existing labels. Their content is concatenated<br/>using the configured separator and matched against the configured regular expression<br/>for the replace, keep, and drop actions. | _string array_ | false |
| `source_labels` | UnderScoreSourceLabels - additional form of source labels source_labels<br/>for compatibility with original relabel config.<br/>if set both sourceLabels and source_labels, sourceLabels has priority.<br/>for details https://github.com/VictoriaMetrics/operator/issues/131 | _string array_ | false |
| `targetLabel` | Label to which the resulting value is written in a replace action.<br/>It is mandatory for replace actions. Regex capture groups are available. | _string_ | false |
| `target_label` | UnderScoreTargetLabel - additional form of target label - target_label<br/>for compatibility with original relabel config.<br/>if set both targetLabel and target_label, targetLabel has priority.<br/>for details https://github.com/VictoriaMetrics/operator/issues/131 | _string_ | false |
| `active_time_intervals` | ActiveTimeIntervals Times when the route should be active<br/>These must match the name at time_intervals | _string array_ | false |
| `continue` | Continue indicating whether an alert should continue matching subsequent<br/>sibling nodes. It will always be true for the first-level route if disableRouteContinueEnforce for vmalertmanager not set. | _boolean_ | false |
| `group_by` | List of labels to group by. | _string array_ | false |
| `group_interval` | How long to wait before sending an updated notification. | _string_ | false |
| `group_wait` | How long to wait before sending the initial notification. | _string_ | false |
| `matchers` | List of matchers that the alert’s labels should match. For the first<br/>level route, the operator adds a namespace: "CRD_NS" matcher.<br/>https://prometheus.io/docs/alerting/latest/configuration/#matcher | _string array_ | false |
| `alert` | Alert is a name for alert | _string_ | false |
| `annotations` | Annotations will be added to rule configuration | _object (keys:string, values:string)_ | false |
| `debug` | Debug enables logging for rule<br/>it useful for tracking | _boolean_ | false |
| `expr` | Expr is query, that will be evaluated at dataSource | _string_ | false |
| `for` | For evaluation interval in time.Duration format<br/>30s, 1m, 1h or nanoseconds | _string_ | false |
| `keep_firing_for` | KeepFiringFor will make alert continue firing for this long<br/>even when the alerting expression no longer has results.<br/>Use time.Duration format, 30s, 1m, 1h or nanoseconds | _string_ | false |
| `labels` | Labels will be added to rule configuration | _object (keys:string, values:string)_ | false |
| `record` | Record represents a query, that will be recorded to dataSource | _string_ | false |
| `update_entries_limit` | UpdateEntriesLimit defines max number of rule's state updates stored in memory.<br/>Overrides `-rule.updateEntriesLimit` in vmalert. | _integer_ | false |
| `concurrency` | Concurrency defines how many rules execute at once. | _integer_ | false |
| `eval_alignment` | Optional<br/>The evaluation timestamp will be aligned with group's interval,<br/>instead of using the actual timestamp that evaluation happens at.<br/>It is enabled by default to get more predictable results<br/>and to visually align with graphs plotted via Grafana or vmui. | _boolean_ | true |
| `eval_delay` | Optional<br/>Adjust the `time` parameter of group evaluation requests to compensate intentional query delay from the datasource. | _string_ | true |
| `eval_offset` | Optional<br/>Group will be evaluated at the exact offset in the range of [0...interval]. | _string_ | true |
| `extra_filter_labels` | ExtraFilterLabels optional list of label filters applied to every rule's<br/>request within a group. Is compatible only with VM datasource.<br/>See more details [here](https://docs.victoriametrics.com/#prometheus-querying-api-enhancements)<br/>Deprecated, use params instead | _object (keys:string, values:string)_ | false |
| `headers` | Headers contains optional HTTP headers added to each rule request<br/>Must be in form `header-name: value`<br/>For example:<br/> headers:<br/> - "CustomHeader: foo"<br/> - "CustomHeader2: bar" | _string array_ | false |
| `interval` | evaluation interval for group | _string_ | false |
| `labels` | Labels optional list of labels added to every rule within a group.<br/>It has priority over the external labels.<br/>Labels are commonly used for adding environment<br/>or tenant-specific tag. | _object (keys:string, values:string)_ | false |
| `limit` | Limit the number of alerts an alerting rule and series a recording<br/>rule can produce | _integer_ | false |
| `name` | Name of group | _string_ | true |
| `notifier_headers` | NotifierHeaders contains optional HTTP headers added to each alert request which will send to notifier<br/>Must be in form `header-name: value`<br/>For example:<br/> headers:<br/> - "CustomHeader: foo"<br/> - "CustomHeader2: bar" | _string array_ | false |
| `params` | Params optional HTTP URL parameters added to each rule request | _[Values](#values)_ | false |
| `rules` | Rules list of alert rules | _[Rule](#rule) array_ | true |
| `tenant` | Tenant id for group, can be used only with enterprise version of vmalert.<br/>See more details [here](https://docs.victoriametrics.com/vmalert#multitenancy). | _string_ | false |
| `configMap` | ConfigMap containing data to use for the targets. | _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#configmapkeyselector-v1-core)_ | false |
| `secret` | Secret containing data to use for the targets. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `access_key` | The AWS API keys. Both access_key and secret_key must be supplied or both must be blank.<br/>If blank the environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` are used. | _string_ | false |
| `access_key_selector` | secret key selector to get the keys from a Kubernetes Secret | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `secret_key_selector` | secret key selector to get the keys from a Kubernetes Secret | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `api_url` | The secret's key that contains the Slack webhook URL.<br/>It must be at them same namespace as CRD<br/>fallback to global setting if empty | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `sigv4` | Configure the AWS Signature Verification 4 signing process | _[Sigv4Config](#sigv4config)_ | true |
| `subject` | The subject line if message is delivered to an email endpoint. | _string_ | false |
| `target_arn` | Mobile platform endpoint ARN if message is delivered via mobile notifications<br/>Specify this, topic_arn or phone_number | _string_ | false |
| `topic_arn` | SNS topic ARN, either specify this, phone_number or target_arn | _string_ | false |
StorageSpec defines the configured storage for a group Prometheus servers.
If neither `emptyDir` nor `volumeClaimTemplate` is specified, then by default an [EmptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) will be used.
| `disableMountSubPath` | Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary.<br/>DisableMountSubPath allows to remove any subPath usage in volume mounts. | _boolean_ | false |
| `emptyDir` | EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More<br/>info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | _[EmptyDirVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#emptydirvolumesource-v1-core)_ | false |
| `volumeClaimTemplate` | A PVC spec to be used by the VMAlertManager StatefulSets. | _[EmbeddedPersistentVolumeClaim](#embeddedpersistentvolumeclaim)_ | false |
| `dedupInterval` | Allows setting different de-duplication intervals per each configured remote storage | _string_ | false |
| `dropInput` | Allow drop all the input samples after the aggregation | _boolean_ | false |
| `dropInputLabels` | labels to drop from samples for aggregator before stream de-duplication and aggregation | _string array_ | false |
| `ignoreFirstIntervals` | IgnoreFirstIntervals instructs to ignore first interval | _integer_ | false |
| `ignoreOldSamples` | IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval. | _boolean_ | false |
| `keepInput` | Allows writing both raw and aggregate data | _boolean_ | false |
| `by` | By is an optional list of labels for grouping input series.<br/><br/>See also Without.<br/><br/>If neither By nor Without are set, then the Outputs are calculated<br/>individually per each input time series. | _string array_ | false |
| `dedup_interval` | DedupInterval is an optional interval for deduplication. | _string_ | false |
| `drop_input_labels` | DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.<br/><br/>Labels are dropped before de-duplication and aggregation. | _string_ | false |
| `flush_on_shutdown` | FlushOnShutdown defines whether to flush the aggregation state on process termination<br/>or config reload. Is `false` by default.<br/>It is not recommended changing this setting, unless unfinished aggregations states<br/>are preferred to missing data points. | _boolean_ | false |
| `ignore_first_intervals` | | _integer_ | true |
| `ignore_old_samples` | IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval. | _boolean_ | false |
| `input_relabel_configs` | InputRelabelConfigs is an optional relabeling rules, which are applied on the input<br/>before aggregation. | _[RelabelConfig](#relabelconfig) array_ | false |
| `interval` | Interval is the interval between aggregations. | _string_ | true |
| `keep_metric_names` | KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix. | _boolean_ | false |
| `match` | Match is a label selector (or list of label selectors) for filtering time series for the given selector.<br/><br/>If the match isn't set, then all the input time series are processed. | _[StringOrArray](#stringorarray)_ | false |
| `no_align_flush_to_interval` | NoAlignFlushToInterval disables aligning of flushes to multiples of Interval.<br/>By default flushes are aligned to Interval. | _boolean_ | false |
| `output_relabel_configs` | OutputRelabelConfigs is an optional relabeling rules, which are applied<br/>on the aggregated output before being sent to remote storage. | _[RelabelConfig](#relabelconfig) array_ | false |
| `outputs` | Outputs is a list of output aggregate functions to produce.<br/><br/>The following names are allowed:<br/><br/>- total - aggregates input counters<br/>- increase - counts the increase over input counters<br/>- count_series - counts the input series<br/>- count_samples - counts the input samples<br/>- sum_samples - sums the input samples<br/>- last - the last biggest sample value<br/>- min - the minimum sample value<br/>- max - the maximum sample value<br/>- avg - the average value across all the samples<br/>- stddev - standard deviation across all the samples<br/>- stdvar - standard variance across all the samples<br/>- histogram_bucket - creates VictoriaMetrics histogram for input samples<br/>- quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1]<br/><br/>The output time series will have the following names:<br/><br/> input_name:aggr_<interval>_<output> | _string array_ | true |
| `staleness_interval` | Staleness interval is interval after which the series state will be reset if no samples have been sent during it.<br/>The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket. | _string_ | false |
| `ignore_first_sample_interval` | IgnoreFirstSampleInterval specifies the interval after which the agent begins sending samples.<br/>By default, it is set to the `staleness_interval`. It helps reducing the initial sample load after the agent restart.<br/>This parameter is relevant only for the following outputs: total, total_prometheus, increase, increase_prometheus, and histogram_bucket. We recommend setting it to 0s unless you observe unexpected spikes in produced values. | _string_ | false |
| `without` | Without is an optional list of labels, which must be excluded when grouping input series.<br/><br/>See also By.<br/><br/>If neither By nor Without are set, then the Outputs are calculated<br/>individually per each input time series. | _string array_ | false |
| `ca_file` | CAFile defines path to the pre-mounted file with CA<br/>mutually exclusive with CASecretRef | _string_ | false |
| `ca_secret_ref` | CA defines reference for secret with CA content under given key<br/>mutually exclusive with CAFile | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `cert_file` | CertFile defines path to the pre-mounted file with certificate<br/>mutually exclusive with CertSecretRef | _string_ | false |
| `cert_secret_ref` | CertSecretRef defines reference for secret with certificate content under given key<br/>mutually exclusive with CertFile | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `insecure_skip_verify` | Cert defines reference for secret with CA content under given key<br/>mutually exclusive with CertFile | _boolean_ | false |
| `key_file` | KeyFile defines path to the pre-mounted file with certificate key<br/>mutually exclusive with KeySecretRef | _string_ | false |
| `key_secret_ref` | Key defines reference for secret with certificate key content under given key<br/>mutually exclusive with KeyFile | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `server_name` | ServerName indicates a name of a server | _string_ | false |
| `cert_file` | CertFile defines path to the pre-mounted file with certificate<br/>mutually exclusive with CertSecretRef | _string_ | false |
| `cert_secret_ref` | CertSecretRef defines reference for secret with certificate content under given key<br/>mutually exclusive with CertFile | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `cipher_suites` | CipherSuites defines list of supported cipher suites for TLS versions up to TLS 1.2<br/>https://golang.org/pkg/crypto/tls/#pkg-constants | _string array_ | false |
| `client_auth_type` | Cert defines reference for secret with CA content under given key<br/>mutually exclusive with CertFile<br/>ClientAuthType defines server policy for client authentication<br/>If you want to enable client authentication (aka mTLS), you need to use RequireAndVerifyClientCert<br/>Note, mTLS is supported only at enterprise version of VictoriaMetrics components | _string_ | false |
| `client_ca_file` | ClientCAFile defines path to the pre-mounted file with CA<br/>mutually exclusive with ClientCASecretRef | _string_ | false |
| `client_ca_secret_ref` | ClientCASecretRef defines reference for secret with CA content under given key<br/>mutually exclusive with ClientCAFile | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `curve_preferences` | CurvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference order.<br/>https://golang.org/pkg/crypto/tls/#CurveID | _string array_ | false |
| `key_file` | KeyFile defines path to the pre-mounted file with certificate key<br/>mutually exclusive with KeySecretRef | _string_ | false |
| `key_secret_ref` | Key defines reference for secret with certificate key content under given key<br/>mutually exclusive with KeyFile | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `max_version` | MaxVersion maximum TLS version that is acceptable. | _string_ | false |
| `min_version` | MinVersion minimum TLS version that is acceptable. | _string_ | false |
| `prefer_server_cipher_suites` | PreferServerCipherSuites controls whether the server selects the<br/>client's most preferred ciphersuite | _boolean_ | false |
| `bearerTokenSecret` | Secret to mount to read bearer token for scraping targets. The secret<br/>needs to be in the same namespace as the scrape object and accessible by<br/>the victoria-metrics operator. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `path` | HTTP path to scrape for metrics. | _string_ | false |
| `proxyURL` | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | _string_ | false |
| `relabelConfigs` | RelabelConfigs to apply to samples during service discovery. | _[RelabelConfig](#relabelconfig) array_ | false |
| `sampleLimit` | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | _integer_ | false |
| `scheme` | HTTP scheme to use for scraping. | _string_ | false |
| `scrapeTimeout` | Timeout after which the scrape is ended | _string_ | false |
| `scrape_interval` | ScrapeInterval is the same as Interval and has priority over it.<br/>one of scrape_interval or interval can be used | _string_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
| `targets` | Targets static targets addresses in form of ["192.122.55.55:9100","some-name:9100"]. | _string array_ | true |
| `tlsConfig` | TLSConfig configuration to use when scraping the endpoint | _[TLSConfig](#tlsconfig)_ | false |
| `static` | Static - user defined url for traffic forward,<br/>for instance http://vmsingle:8429 | _[StaticRef](#staticref)_ | false |
| `targetRefBasicAuth` | TargetRefBasicAuth allow an target endpoint to authenticate over basic authentication | _[TargetRefBasicAuth](#targetrefbasicauth)_ | false |
| `target_path_suffix` | TargetPathSuffix allows to add some suffix to the target path<br/>It allows to hide tenant configuration from user with crd as ref.<br/>it also may contain any url encoded params. | _string_ | false |
| `password` | The secret in the service scrape namespace that contains the password<br/>for authentication.<br/>It must be at them same namespace as CRD | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | true |
| `username` | The secret in the service scrape namespace that contains the username<br/>for authentication.<br/>It must be at them same namespace as CRD | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | true |
| `days_of_month` | DayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted.<br/>for example, ['1:5', '-3:-1'] | _string array_ | false |
| `location` | Location in golang time location form, e.g. UTC | _string_ | false |
| `months` | Months defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1.<br/>For example, ['1:3', 'may:august', 'december'] | _string array_ | false |
| `times` | Times defines time range for mute | _[TimeRange](#timerange) array_ | false |
| `weekdays` | Weekdays defines list of days of the week, where the week begins on Sunday and ends on Saturday. | _string array_ | false |
| `years` | Years defines numerical list of years, ranges are accepted.<br/>For example, ['2020:2022', '2030'] | _string array_ | false |
| `drop_src_path_prefix_parts` | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.<br/>See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. | _integer_ | false |
| `headers` | RequestHeaders represent additional http headers, that vmauth uses<br/>in form of ["header_key: header_value"]<br/>multiple values for header key:<br/>["header_key: value1,value2"]<br/>it's available since 1.68.0 version of vmauth | _string array_ | false |
| `response_headers` | ResponseHeaders represent additional http headers, that vmauth adds for request response<br/>in form of ["header_key: header_value"]<br/>multiple values for header key:<br/>["header_key: value1,value2"]<br/>it's available since 1.93.0 version of vmauth | _string array_ | false |
| `retry_status_codes` | RetryStatusCodes defines http status codes in numeric format for request retries<br/>Can be defined per target or at VMUser.spec level<br/>e.g. [429,503] | _integer array_ | false |
| `src_headers` | SrcHeaders is an optional list of headers, which must match request headers. | _string array_ | true |
| `src_query_args` | SrcQueryArgs is an optional list of query args, which must match request URL query args. | _string array_ | true |
| `drop_src_path_prefix_parts` | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.<br/>See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. | _integer_ | false |
| `headers` | Headers represent additional http headers, that vmauth uses<br/>in form of ["header_key: header_value"]<br/>multiple values for header key:<br/>["header_key: value1,value2"]<br/>it's available since 1.68.0 version of vmauth | _string array_ | false |
| `ip_filters` | IPFilters defines per target src ip filters<br/>supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth/#ip-filters) | _[VMUserIPFilters](#vmuseripfilters)_ | false |
| `load_balancing_policy` | LoadBalancingPolicy defines load balancing policy to use for backend urls.<br/>Supported policies: least_loaded, first_available.<br/>See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") | _string_ | false |
| `max_concurrent_requests` | MaxConcurrentRequests defines max concurrent requests per user<br/>300 is default value for vmauth | _integer_ | false |
| `response_headers` | ResponseHeaders represent additional http headers, that vmauth adds for request response<br/>in form of ["header_key: header_value"]<br/>multiple values for header key:<br/>["header_key: value1,value2"]<br/>it's available since 1.93.0 version of vmauth | _string array_ | false |
| `retry_status_codes` | RetryStatusCodes defines http status codes in numeric format for request retries<br/>e.g. [429,503] | _integer array_ | false |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `spec` | | _[VLogsSpec](#vlogsspec)_ | true |
#### VLogsSpec
VLogsSpec defines the desired state of VLogs
_Appears in:_
- [VLogs](#vlogs)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `affinity` | Affinity If specified, the pod's scheduling constraints. | _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#affinity-v1-core)_ | false |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `futureRetention` | FutureRetention for the stored logs<br/>Log entries with timestamps bigger than now+futureRetention are rejected during data ingestion; see https://docs.victoriametrics.com/victorialogs/#retention | _string_ | true |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `hostNetwork` | HostNetwork controls whether the pod may use the node network namespace | _boolean_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `image` | Image - docker image settings<br/>if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `logFormat` | LogFormat for VLogs to be configured with. | _string_ | false |
| `logIngestedRows` | Whether to log all the ingested log entries; this can be useful for debugging of data ingestion; see https://docs.victoriametrics.com/victorialogs/data-ingestion/ | _boolean_ | true |
| `logLevel` | LogLevel for VictoriaLogs to be configured with. | _string_ | false |
| `logNewStreams` | LogNewStreams Whether to log creation of new streams; this can be useful for debugging of high cardinality issues with log streams; see https://docs.victoriametrics.com/victorialogs/keyconcepts/#stream-fields | _boolean_ | true |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `podMetadata` | PodMetadata configures Labels and Annotations which are propagated to the VLogs pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `retentionPeriod` | RetentionPeriod for the stored logs | _string_ | true |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `serviceAccountName` | ServiceAccountName is the name of the ServiceAccount to use to run the pods | _string_ | false |
| `serviceScrapeSpec` | ServiceScrapeSpec that will be added to vlogs VMServiceScrape spec | _[VMServiceScrapeSpec](#vmservicescrapespec)_ | false |
| `serviceSpec` | ServiceSpec that will be added to vlogs service spec | _[AdditionalServiceSpec](#additionalservicespec)_ | false |
| `storage` | Storage is the definition of how storage will be used by the VLogs<br/>by default it`s empty dir | _[PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#persistentvolumeclaimspec-v1-core)_ | false |
| `storageDataPath` | StorageDataPath disables spec.storage option and overrides arg for victoria-logs binary --storageDataPath,<br/>its users responsibility to mount proper device into given path. | _string_ | false |
| `storageMetadata` | StorageMeta defines annotations and labels attached to PVC for given vlogs CR | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `flushInterval` | Interval for flushing the data to remote storage. (default 1s) | _string_ | false |
| `label` | Labels in the form 'name=value' to add to all the metrics before sending them. This overrides the label if it already exists. | _object (keys:string, values:string)_ | false |
| `maxBlockSize` | The maximum size in bytes of unpacked request to send to remote storage | _integer_ | false |
| `maxDiskUsagePerURL` | The maximum file-based buffer size in bytes at -remoteWrite.tmpDataPath | _integer_ | false |
| `queues` | The number of concurrent queues | _integer_ | false |
| `showURL` | Whether to show -remoteWrite.url in the exported metrics. It is hidden by default, since it can contain sensitive auth info | _boolean_ | false |
| `tmpDataPath` | Path to directory where temporary data for remote write component is stored (default vmagent-remotewrite-data) | _string_ | false |
| `useMultiTenantMode` | Configures vmagent accepting data via the same multitenant endpoints as vminsert at VictoriaMetrics cluster does,<br/>see [here](https://docs.victoriametrics.com/vmagent/#multitenancy).<br/>it's global setting and affects all remote storage configurations | _boolean_ | false |
| `headers` | Headers allow configuring custom http headers<br/>Must be in form of semicolon separated header with value<br/>e.g.<br/>headerName: headerValue<br/>vmagent supports since 1.79.0 version | _string array_ | false |
| `inlineUrlRelabelConfig` | InlineUrlRelabelConfig defines relabeling config for remoteWriteURL, it can be defined at crd spec. | _[RelabelConfig](#relabelconfig) array_ | false |
| `url` | URL of the endpoint to send samples to. | _string_ | true |
| `urlRelabelConfig` | ConfigMap with relabeling config which is applied to metrics before sending them to the corresponding -remoteWrite.url | _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#configmapkeyselector-v1-core)_ | false |
VMAgentSecurityEnforcements defines security configuration for endpoint scrapping
_Appears in:_
- [VMAgentSpec](#vmagentspec)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `arbitraryFSAccessThroughSMs` | ArbitraryFSAccessThroughSMs configures whether configuration<br/>based on EndpointAuth can access arbitrary files on the file system<br/>of the VMAgent container e.g. bearer token files, basic auth, tls certs | _[ArbitraryFSAccessThroughSMsConfig](#arbitraryfsaccessthroughsmsconfig)_ | false |
| `enforcedNamespaceLabel` | EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert<br/>and metric that is user created. The label value will always be the namespace of the object that is<br/>being created. | _string_ | false |
| `ignoreNamespaceSelectors` | IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from<br/>scrape objects, and they will only discover endpoints<br/>within their current namespace. Defaults to false. | _boolean_ | false |
| `overrideHonorLabels` | OverrideHonorLabels if set to true overrides all user configured honor_labels.<br/>If HonorLabels is set in scrape objects to true, this overrides honor_labels to false. | _boolean_ | false |
| `overrideHonorTimestamps` | OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. | _boolean_ | false |
| `aPIServerConfig` | APIServerConfig allows specifying a host and auth methods to access apiserver.<br/>If left empty, VMAgent is assumed to run inside of the cluster<br/>and will discover API servers automatically and use the pod's CA certificate<br/>and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. | _[APIServerConfig](#apiserverconfig)_ | false |
| `additionalScrapeConfigs` | AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it<br/>is valid. Note that using this feature may expose the possibility to<br/>break upgrades of VMAgent. It is advised to review VMAgent release<br/>notes to ensure that no incompatible scrape configs are going to break<br/>VMAgent after the upgrade. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `affinity` | Affinity If specified, the pod's scheduling constraints. | _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#affinity-v1-core)_ | false |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `configReloaderExtraArgs` | ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container<br/>for example resyncInterval: "30s" | _object (keys:string, values:string)_ | false |
| `configReloaderResources` | ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `enforcedNamespaceLabel` | EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert<br/>and metric that is user created. The label value will always be the namespace of the object that is<br/>being created. | _string_ | false |
| `externalLabels` | ExternalLabels The labels to add to any time series scraped by vmagent.<br/>it doesn't affect metrics ingested directly by push API's | _object (keys:string, values:string)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `ignoreNamespaceSelectors` | IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from<br/>scrape objects, and they will only discover endpoints<br/>within their current namespace. Defaults to false. | _boolean_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `ingestOnlyMode` | IngestOnlyMode switches vmagent into unmanaged mode<br/>it disables any config generation for scraping<br/>Currently it prevents vmagent from managing tls and auth options for remote write | _boolean_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `inlineRelabelConfig` | InlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD. | _[RelabelConfig](#relabelconfig) array_ | false |
| `inlineScrapeConfig` | InlineScrapeConfig As scrape configs are appended, the user is responsible to make sure it<br/>is valid. Note that using this feature may expose the possibility to<br/>break upgrades of VMAgent. It is advised to review VMAgent release<br/>notes to ensure that no incompatible scrape configs are going to break<br/>VMAgent after the upgrade.<br/>it should be defined as single yaml file.<br/>inlineScrapeConfig: \|<br/> - job_name: "prometheus"<br/> static_configs:<br/> - targets: ["localhost:9090"] | _string_ | false |
| `insertPorts` | InsertPorts - additional listen ports for data ingestion. | _[InsertPorts](#insertports)_ | true |
| `license` | License allows to configure license key to be used for enterprise features.<br/>Using license key is supported starting from VictoriaMetrics v1.94.0.<br/>See [here](https://docs.victoriametrics.com/enterprise) | _[License](#license)_ | false |
| `logFormat` | LogFormat for VMAgent to be configured with. | _string_ | false |
| `logLevel` | LogLevel for VMAgent to be configured with.<br/>INFO, WARN, ERROR, FATAL, PANIC | _string_ | false |
| `maxScrapeInterval` | MaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes<br/>If interval is higher than defined limit, `maxScrapeInterval` will be used. | _string_ | true |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `minScrapeInterval` | MinScrapeInterval allows limiting minimal scrape interval for VMServiceScrape, VMPodScrape and other scrapes<br/>If interval is lower than defined limit, `minScrapeInterval` will be used. | _string_ | true |
| `nodeScrapeNamespaceSelector` | NodeScrapeNamespaceSelector defines Namespaces to be selected for VMNodeScrape discovery.<br/>Works in combination with Selector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `nodeScrapeRelabelTemplate` | NodeScrapeRelabelTemplate defines relabel config, that will be added to each VMNodeScrape.<br/>it's useful for adding specific labels to all targets | _[RelabelConfig](#relabelconfig) array_ | false |
| `nodeScrapeSelector` | NodeScrapeSelector defines VMNodeScrape to be selected for scraping.<br/>Works in combination with NamespaceSelector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `overrideHonorLabels` | OverrideHonorLabels if set to true overrides all user configured honor_labels.<br/>If HonorLabels is set in scrape objects to true, this overrides honor_labels to false. | _boolean_ | false |
| `overrideHonorTimestamps` | OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. | _boolean_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false |
| `podMetadata` | PodMetadata configures Labels and Annotations which are propagated to the vmagent pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | false |
| `podScrapeNamespaceSelector` | PodScrapeNamespaceSelector defines Namespaces to be selected for VMPodScrape discovery.<br/>Works in combination with Selector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `podScrapeRelabelTemplate` | PodScrapeRelabelTemplate defines relabel config, that will be added to each VMPodScrape.<br/>it's useful for adding specific labels to all targets | _[RelabelConfig](#relabelconfig) array_ | false |
| `podScrapeSelector` | PodScrapeSelector defines PodScrapes to be selected for target discovery.<br/>Works in combination with NamespaceSelector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `probeNamespaceSelector` | ProbeNamespaceSelector defines Namespaces to be selected for VMProbe discovery.<br/>Works in combination with Selector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `probeScrapeRelabelTemplate` | ProbeScrapeRelabelTemplate defines relabel config, that will be added to each VMProbeScrape.<br/>it's useful for adding specific labels to all targets | _[RelabelConfig](#relabelconfig) array_ | false |
| `probeSelector` | ProbeSelector defines VMProbe to be selected for target probing.<br/>Works in combination with NamespaceSelector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `relabelConfig` | RelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig<br/>This relabeling is applied to all the collected metrics before sending them to remote storage. | _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#configmapkeyselector-v1-core)_ | false |
| `remoteWrite` | RemoteWrite list of victoria metrics /some other remote write system<br/>for vm it must looks like: http://victoria-metrics-single:8429/api/v1/write<br/>or for cluster different url<br/>https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent#splitting-data-streams-among-multiple-systems | _[VMAgentRemoteWriteSpec](#vmagentremotewritespec) array_ | true |
| `remoteWriteSettings` | RemoteWriteSettings defines global settings for all remoteWrite urls. | _[VMAgentRemoteWriteSettings](#vmagentremotewritesettings)_ | false |
| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `scrapeConfigNamespaceSelector` | ScrapeConfigNamespaceSelector defines Namespaces to be selected for VMScrapeConfig discovery.<br/>Works in combination with Selector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `scrapeConfigRelabelTemplate` | ScrapeConfigRelabelTemplate defines relabel config, that will be added to each VMScrapeConfig.<br/>it's useful for adding specific labels to all targets | _[RelabelConfig](#relabelconfig) array_ | false |
| `scrapeConfigSelector` | ScrapeConfigSelector defines VMScrapeConfig to be selected for target discovery.<br/>Works in combination with NamespaceSelector. | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `serviceScrapeNamespaceSelector` | ServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery.<br/>Works in combination with Selector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `serviceScrapeRelabelTemplate` | ServiceScrapeRelabelTemplate defines relabel config, that will be added to each VMServiceScrape.<br/>it's useful for adding specific labels to all targets | _[RelabelConfig](#relabelconfig) array_ | false |
| `serviceScrapeSelector` | ServiceScrapeSelector defines ServiceScrapes to be selected for target discovery.<br/>Works in combination with NamespaceSelector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `shardCount` | ShardCount - numbers of shards of VMAgent<br/>in this case operator will use 1 deployment/sts per shard with<br/>replicas count according to spec.replicas,<br/>see [here](https://docs.victoriametrics.com/vmagent/#scraping-big-number-of-targets) | _integer_ | false |
| `staticScrapeNamespaceSelector` | StaticScrapeNamespaceSelector defines Namespaces to be selected for VMStaticScrape discovery.<br/>Works in combination with NamespaceSelector.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `staticScrapeRelabelTemplate` | StaticScrapeRelabelTemplate defines relabel config, that will be added to each VMStaticScrape.<br/>it's useful for adding specific labels to all targets | _[RelabelConfig](#relabelconfig) array_ | false |
| `staticScrapeSelector` | StaticScrapeSelector defines PodScrapes to be selected for target discovery.<br/>Works in combination with NamespaceSelector.<br/>If both nil - match everything.<br/>NamespaceSelector nil - only objects at VMAgent namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces. | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `updateStrategy` | UpdateStrategy - overrides default update strategy.<br/>works only for deployments, statefulset always use OnDelete. | _[DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#deploymentstrategytype-v1-apps)_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `vmAgentExternalLabelName` | VMAgentExternalLabelName Name of vmAgent external label used to denote vmAgent instance<br/>name. Defaults to the value of `prometheus`. External label will<br/>_not_ be added when value is set to empty string (`""`). | _string_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `headers` | Headers allow configuring custom http headers<br/>Must be in form of semicolon separated header with value<br/>e.g.<br/>headerName:headerValue<br/>vmalert supports it since 1.79.0 version | _string array_ | false |
| `headers` | Headers allow configuring custom http headers<br/>Must be in form of semicolon separated header with value<br/>e.g.<br/>headerName:headerValue<br/>vmalert supports it since 1.79.0 version | _string array_ | false |
| `oauth2` | | _[OAuth2](#oauth2)_ | false |
| `selector` | Selector allows service discovery for alertmanager<br/>in this case all matched vmalertmanager replicas will be added into vmalert notifier.url<br/>as statefulset pod.fqdn | _[DiscoverySelector](#discoveryselector)_ | false |
| `headers` | Headers allow configuring custom http headers<br/>Must be in form of semicolon separated header with value<br/>e.g.<br/>headerName:headerValue<br/>vmalert supports it since 1.79.0 version | _string array_ | false |
| `lookback` | Lookback defines how far to look into past for alerts timeseries. For example, if lookback=1h then range from now() to now()-1h will be scanned. (default 1h0m0s)<br/>Applied only to RemoteReadSpec | _string_ | false |
| `concurrency` | Defines number of readers that concurrently write into remote storage (default 1) | _integer_ | false |
| `flushInterval` | Defines interval of flushes to remote write endpoint (default 5s) | _string_ | false |
| `headers` | Headers allow configuring custom http headers<br/>Must be in form of semicolon separated header with value<br/>e.g.<br/>headerName:headerValue<br/>vmalert supports it since 1.79.0 version | _string array_ | false |
| `maxBatchSize` | Defines defines max number of timeseries to be flushed at once (default 1000) | _integer_ | false |
| `maxQueueSize` | Defines the max number of pending datapoints to remote write endpoint (default 100000) | _integer_ | false |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `configReloaderExtraArgs` | ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container<br/>for example resyncInterval: "30s" | _object (keys:string, values:string)_ | false |
| `configReloaderResources` | ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `enforcedNamespaceLabel` | EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert<br/>and metric that is user created. The label value will always be the namespace of the object that is<br/>being created. | _string_ | false |
| `evaluationInterval` | EvaluationInterval defines how often to evaluate rules by default | _string_ | false |
| `externalLabels` | ExternalLabels in the form 'name: value' to add to all generated recording rules and alerts. | _object (keys:string, values:string)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `image` | Image - docker image settings<br/>if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `license` | License allows to configure license key to be used for enterprise features.<br/>Using license key is supported starting from VictoriaMetrics v1.94.0.<br/>See [here](https://docs.victoriametrics.com/enterprise) | _[License](#license)_ | false |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `notifier` | Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093<br/>If specified both notifier and notifiers, notifier will be added as last element to notifiers.<br/>only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | _[VMAlertNotifierSpec](#vmalertnotifierspec)_ | false |
| `notifierConfigRef` | NotifierConfigRef reference for secret with notifier configuration for vmalert<br/>only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `notifiers` | Notifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093<br/>If specified both notifier and notifiers, notifier will be added as last element to notifiers.<br/>only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | _[VMAlertNotifierSpec](#vmalertnotifierspec) array_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false |
| `podMetadata` | PodMetadata configures Labels and Annotations which are propagated to the VMAlert pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | true |
| `remoteRead` | RemoteRead Optional URL to read vmalert state (persisted via RemoteWrite)<br/>This configuration only makes sense if alerts state has been successfully<br/>persisted (via RemoteWrite) before.<br/>see -remoteRead.url docs in vmalerts for details.<br/>E.g. http://127.0.0.1:8428 | _[VMAlertRemoteReadSpec](#vmalertremotereadspec)_ | false |
| `remoteWrite` | RemoteWrite Optional URL to remote-write compatible storage to persist<br/>vmalert state and rule results to.<br/>Rule results will be persisted according to each rule.<br/>Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE<br/>see -remoteWrite.url docs in vmalerts for details.<br/>E.g. http://127.0.0.1:8428 | _[VMAlertRemoteWriteSpec](#vmalertremotewritespec)_ | false |
| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `ruleNamespaceSelector` | RuleNamespaceSelector to be selected for VMRules discovery.<br/>Works in combination with Selector.<br/>If both nil - behaviour controlled by selectAllByDefault<br/>NamespaceSelector nil - only objects at VMAlert namespace. | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `rulePath` | RulePath to the file with alert rules.<br/>Supports patterns. Flag can be specified multiple times.<br/>Examples:<br/>-rule /path/to/file. Path to a single file with alerting rules<br/>-rule dir/*.yaml -rule /*.yaml. Relative path to all .yaml files in folder,<br/>absolute path to all .yaml files in root.<br/>by default operator adds /etc/vmalert/configs/base/vmalert.yaml | _string array_ | false |
| `ruleSelector` | RuleSelector selector to select which VMRules to mount for loading alerting<br/>rules from.<br/>Works in combination with NamespaceSelector.<br/>If both nil - behaviour controlled by selectAllByDefault<br/>NamespaceSelector nil - only objects at VMAlert namespace. | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `spec` | Specification of the desired behavior of the VMAlertmanager cluster. More info:<br/>https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | _[VMAlertmanagerSpec](#vmalertmanagerspec)_ | true |
#### VMAlertmanagerConfig
VMAlertmanagerConfig is the Schema for the vmalertmanagerconfigs API
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `additionalPeers` | AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. | _string array_ | true |
| `clusterAdvertiseAddress` | ClusterAdvertiseAddress is the explicit address to advertise in cluster.<br/>Needs to be provided for non RFC1918 [1] (public) addresses.<br/>[1] RFC1918: https://tools.ietf.org/html/rfc1918 | _string_ | false |
| `clusterDomainName` | ClusterDomainName defines domain name suffix for in-cluster dns addresses<br/>aka .cluster.local<br/>used to build pod peer addresses for in-cluster communication | _string_ | false |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `configNamespaceSelector` | ConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig.<br/>Works in combination with Selector.<br/>NamespaceSelector nil - only objects at VMAlertmanager namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `configRawYaml` | ConfigRawYaml - raw configuration for alertmanager,<br/>it helps it to start without secret.<br/>priority -> hardcoded ConfigRaw -> ConfigRaw, provided by user -> ConfigSecret. | _string_ | false |
| `configReloaderExtraArgs` | ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container<br/>for example resyncInterval: "30s" | _object (keys:string, values:string)_ | false |
| `configReloaderResources` | ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `configSecret` | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the<br/>VMAlertmanager object, which contains configuration for this VMAlertmanager,<br/>configuration must be inside secret key: alertmanager.yaml.<br/>It must be created by user.<br/>instance. Defaults to 'vmalertmanager-<alertmanager-name>'<br/>The secret is mounted into /etc/alertmanager/config. | _string_ | false |
| `configSelector` | ConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config.<br/>Works in combination with NamespaceSelector.<br/>NamespaceSelector nil - only objects at VMAlertmanager namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `disableNamespaceMatcher` | DisableNamespaceMatcher disables top route namespace label matcher for VMAlertmanagerConfig<br/>It may be useful if alert doesn't have namespace label for some reason | _boolean_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `enforcedTopRouteMatchers` | EnforcedTopRouteMatchers defines label matchers to be added for the top route<br/>of VMAlertmanagerConfig<br/>It allows to make some set of labels required for alerts.<br/>https://prometheus.io/docs/alerting/latest/configuration/#matcher | _string array_ | true |
| `externalURL` | ExternalURL the VMAlertmanager instances will be available under. This is<br/>necessary to generate correct URLs. This is necessary if VMAlertmanager is not<br/>served from root of a DNS name. | _string_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `image` | Image - docker image settings<br/>if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `listenLocal` | ListenLocal makes the VMAlertmanager server listen on loopback, so that it<br/>does not bind against the Pod IP. Note this is only for the VMAlertmanager<br/>UI, not the gossip communication. | _boolean_ | false |
| `logFormat` | LogFormat for VMAlertmanager to be configured with. | _string_ | false |
| `logLevel` | Log level for VMAlertmanager to be configured with. | _string_ | false |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false |
| `podMetadata` | PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | false |
| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `retention` | Retention Time duration VMAlertmanager shall retain data for. Default is '120h',<br/>and must match the regular expression `[0-9]+(ms\|s\|m\|h)` (milliseconds seconds minutes hours). | _string_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `rollingUpdateStrategy` | RollingUpdateStrategy defines strategy for application updates<br/>Default is OnDelete, in this case operator handles update process<br/>Can be changed for RollingUpdate | _[StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#statefulsetupdatestrategytype-v1-apps)_ | false |
| `routePrefix` | RoutePrefix VMAlertmanager registers HTTP handlers for. This is useful,<br/>if using ExternalURL and a proxy is rewriting HTTP routes of a request,<br/>and the actual ExternalURL is still true, but the server serves requests<br/>under a different route prefix. For example for use with `kubectl proxy`. | _string_ | false |
| `runtimeClassName` | RuntimeClassName - defines runtime class for kubernetes pod.<br/>https://kubernetes.io/docs/concepts/containers/runtime-class/ | _string_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `serviceScrapeSpec` | ServiceScrapeSpec that will be added to vmalertmanager VMServiceScrape spec | _[VMServiceScrapeSpec](#vmservicescrapespec)_ | false |
| `serviceSpec` | ServiceSpec that will be added to vmalertmanager service spec | _[AdditionalServiceSpec](#additionalservicespec)_ | false |
| `storage` | Storage is the definition of how storage will be used by the VMAlertmanager<br/>instances. | _[StorageSpec](#storagespec)_ | false |
| `templates` | Templates is a list of ConfigMap key references for ConfigMaps in the same namespace as the VMAlertmanager<br/>object, which shall be mounted into the VMAlertmanager Pods.<br/>The Templates are mounted into /etc/vm/templates/<configmap-name>/<configmap-key>. | _[ConfigMapKeyReference](#configmapkeyreference) array_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
VMAuthLoadBalancerSpec defines configuration spec for VMAuth used as load-balancer
for VMCluster component
_Appears in:_
- [VMAuthLoadBalancer](#vmauthloadbalancer)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `affinity` | Affinity If specified, the pod's scheduling constraints. | _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#affinity-v1-core)_ | false |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `disableSelfServiceScrape` | DisableSelfServiceScrape controls creation of VMServiceScrape by operator<br/>for the application.<br/>Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable | _boolean_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `hostNetwork` | HostNetwork controls whether the pod may use the node network namespace | _boolean_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `image` | Image - docker image settings<br/>if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `logFormat` | LogFormat for vmauth<br/>default or json | _string_ | false |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false |
| `podMetadata` | Common params for scheduling<br/>PodMetadata configures Labels and Annotations which are propagated to the vmauth lb pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | true |
| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `runtimeClassName` | RuntimeClassName - defines runtime class for kubernetes pod.<br/>https://kubernetes.io/docs/concepts/containers/runtime-class/ | _string_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `serviceScrapeSpec` | ServiceScrapeSpec that will be added to vmauthlb VMServiceScrape spec | _[VMServiceScrapeSpec](#vmservicescrapespec)_ | false |
| `serviceSpec` | AdditionalServiceSpec defines service override configuration for vmauth lb deployment<br/>it'll be only applied to vmclusterlb- service | _[AdditionalServiceSpec](#additionalservicespec)_ | true |
| `terminationGracePeriodSeconds` | TerminationGracePeriodSeconds period for container graceful termination | _integer_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `configReloaderExtraArgs` | ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container<br/>for example resyncInterval: "30s" | _object (keys:string, values:string)_ | false |
| `configReloaderResources` | ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `configSecret` | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the<br/>VMAuth object, which contains auth configuration for vmauth,<br/>configuration must be inside secret key: config.yaml.<br/>It must be created and managed manually.<br/>If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders<br/>Deprecated, use externalConfig.secretRef instead | _string_ | true |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `drop_src_path_prefix_parts` | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.<br/>See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. | _integer_ | false |
| `externalConfig` | ExternalConfig defines a source of external VMAuth configuration.<br/>If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders | _[ExternalConfig](#externalconfig)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `headers` | Headers represent additional http headers, that vmauth uses<br/>in form of ["header_key: header_value"]<br/>multiple values for header key:<br/>["header_key: value1,value2"]<br/>it's available since 1.68.0 version of vmauth | _string array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `image` | Image - docker image settings<br/>if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `ip_filters` | IPFilters defines per target src ip filters<br/>supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth/#ip-filters) | _[VMUserIPFilters](#vmuseripfilters)_ | false |
| `license` | License allows to configure license key to be used for enterprise features.<br/>Using license key is supported starting from VictoriaMetrics v1.94.0.<br/>See [here](https://docs.victoriametrics.com/enterprise) | _[License](#license)_ | false |
| `load_balancing_policy` | LoadBalancingPolicy defines load balancing policy to use for backend urls.<br/>Supported policies: least_loaded, first_available.<br/>See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") | _string_ | false |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false |
| `podMetadata` | PodMetadata configures Labels and Annotations which are propagated to the VMAuth pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `response_headers` | ResponseHeaders represent additional http headers, that vmauth adds for request response<br/>in form of ["header_key: header_value"]<br/>multiple values for header key:<br/>["header_key: value1,value2"]<br/>it's available since 1.93.0 version of vmauth | _string array_ | false |
| `retry_status_codes` | RetryStatusCodes defines http status codes in numeric format for request retries<br/>e.g. [429,503] | _integer array_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `userNamespaceSelector` | UserNamespaceSelector Namespaces to be selected for VMAuth discovery.<br/>Works in combination with Selector.<br/>NamespaceSelector nil - only objects at VMAuth namespace.<br/>Selector nil - only objects at NamespaceSelector namespaces.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `userSelector` | UserSelector defines VMUser to be selected for config file generation.<br/>Works in combination with NamespaceSelector.<br/>NamespaceSelector nil - only objects at VMAuth namespace.<br/>If both nil - behaviour controlled by selectAllByDefault | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `acceptEULA` | AcceptEULA accepts enterprise feature usage, must be set to true.<br/>otherwise backupmanager cannot be added to single/cluster version.<br/>https://victoriametrics.com/legal/esa/ | _boolean_ | false |
| `concurrency` | Defines number of concurrent workers. Higher concurrency may reduce backup duration (default 10) | _integer_ | false |
| `credentialsSecret` | CredentialsSecret is secret in the same namespace for access to remote storage<br/>The secret is mounted into /etc/vm/creds. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container,<br/>that are generated as a result of StorageSpec objects. | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | false |
| `clusterDomainName` | ClusterDomainName defines domain name suffix for in-cluster dns addresses<br/>aka .cluster.local<br/>used by vminsert and vmselect to build vmstorage address | _string_ | false |
| `clusterVersion` | ClusterVersion defines default images tag for all components.<br/>it can be overwritten with component specific image.tag value. | _string_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `license` | License allows to configure license key to be used for enterprise features.<br/>Using license key is supported starting from VictoriaMetrics v1.94.0.<br/>See [here](https://docs.victoriametrics.com/enterprise) | _[License](#license)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `replicationFactor` | ReplicationFactor defines how many copies of data make among<br/>distinct storage nodes | _integer_ | false |
| `requestsLoadBalancer` | RequestsLoadBalancer configures load-balancing for vminsert and vmselect requests<br/>it helps to evenly spread load across pods<br/>usually it's not possible with kubernetes TCP based service | _[VMAuthLoadBalancer](#vmauthloadbalancer)_ | true |
| `retentionPeriod` | RetentionPeriod for the stored metrics<br/>Note VictoriaMetrics has data/ and indexdb/ folders<br/>metrics from data/ removed eventually as soon as partition leaves retention period<br/>reverse index data at indexdb rotates once at the half of configured<br/>[retention period](https://docs.victoriametrics.com/Single-server-VictoriaMetrics/#retention) | _string_ | true |
| `serviceAccountName` | ServiceAccountName is the name of the ServiceAccount to use to run the<br/>VMSelect, VMStorage and VMInsert Pods. | _string_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `disableSelfServiceScrape` | DisableSelfServiceScrape controls creation of VMServiceScrape by operator<br/>for the application.<br/>Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable | _boolean_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `hostNetwork` | HostNetwork controls whether the pod may use the node network namespace | _boolean_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `image` | Image - docker image settings<br/>if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `insertPorts` | InsertPorts - additional listen ports for data ingestion. | _[InsertPorts](#insertports)_ | true |
| `logFormat` | LogFormat for VMInsert to be configured with.<br/>default or json | _string_ | false |
| `logLevel` | LogLevel for VMInsert to be configured with. | _string_ | false |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false |
| `podMetadata` | PodMetadata configures Labels and Annotations which are propagated to the VMInsert pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | true |
| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `serviceScrapeSpec` | ServiceScrapeSpec that will be added to vminsert VMServiceScrape spec | _[VMServiceScrapeSpec](#vmservicescrapespec)_ | false |
| `serviceSpec` | ServiceSpec that will be added to vminsert service spec | _[AdditionalServiceSpec](#additionalservicespec)_ | false |
| `terminationGracePeriodSeconds` | TerminationGracePeriodSeconds period for container graceful termination | _integer_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `bearerTokenSecret` | Secret to mount to read bearer token for scraping targets. The secret<br/>needs to be in the same namespace as the scrape object and accessible by<br/>the victoria-metrics operator. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `path` | HTTP path to scrape for metrics. | _string_ | false |
| `port` | Name of the port exposed at Node. | _string_ | false |
| `proxyURL` | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | _string_ | false |
| `relabelConfigs` | RelabelConfigs to apply to samples during service discovery. | _[RelabelConfig](#relabelconfig) array_ | false |
| `sampleLimit` | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | _integer_ | false |
| `scheme` | HTTP scheme to use for scraping. | _string_ | false |
| `scrapeTimeout` | Timeout after which the scrape is ended | _string_ | false |
| `scrape_interval` | ScrapeInterval is the same as Interval and has priority over it.<br/>one of scrape_interval or interval can be used | _string_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
| `targetLabels` | TargetLabels transfers labels on the Kubernetes Node onto the target. | _string array_ | false |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | false |
VMPodScrapeSpec defines the desired state of VMPodScrape
_Appears in:_
- [VMPodScrape](#vmpodscrape)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `attach_metadata` | AttachMetadata configures metadata attaching from service discovery | _[AttachMetadata](#attachmetadata)_ | false |
| `jobLabel` | The label to use to retrieve the job name from. | _string_ | false |
| `namespaceSelector` | Selector to select which namespaces the Endpoints objects are discovered from. | _[NamespaceSelector](#namespaceselector)_ | false |
| `podMetricsEndpoints` | A list of endpoints allowed as part of this PodMonitor. | _[PodMetricsEndpoint](#podmetricsendpoint) array_ | true |
| `podTargetLabels` | PodTargetLabels transfers labels on the Kubernetes Pod onto the target. | _string array_ | false |
| `sampleLimit` | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | _integer_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
#### VMProbe
VMProbe defines a probe for targets, that will be executed with prober,
like blackbox exporter.
It helps to monitor reachability of target with various checks.
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | false |
| `bearerTokenSecret` | Secret to mount to read bearer token for scraping targets. The secret<br/>needs to be in the same namespace as the scrape object and accessible by<br/>the victoria-metrics operator. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `module` | The module to use for probing specifying how to probe the target.<br/>Example module configuring in the blackbox exporter:<br/>https://github.com/prometheus/blackbox_exporter/blob/master/example.yml | _string_ | true |
| `scrape_interval` | ScrapeInterval is the same as Interval and has priority over it.<br/>one of scrape_interval or interval can be used | _string_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
| `targets` | Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. | _[VMProbeTargets](#vmprobetargets)_ | true |
| `tlsConfig` | TLSConfig configuration to use when scraping the endpoint | _[TLSConfig](#tlsconfig)_ | false |
| `vmProberSpec` | Specification for the prober to use for probing targets.<br/>The prober.URL parameter is required. Targets cannot be probed if left empty. | _[VMProberSpec](#vmproberspec)_ | true |
VMProbeTargetStaticConfig defines the set of static targets considered for probing.
_Appears in:_
- [VMProbeTargets](#vmprobetargets)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `labels` | Labels assigned to all metrics scraped from the targets. | _object (keys:string, values:string)_ | true |
| `relabelingConfigs` | RelabelConfigs to apply to samples during service discovery. | _[RelabelConfig](#relabelconfig) array_ | true |
| `targets` | Targets is a list of URLs to probe using the configured prober. | _string array_ | true |
#### VMProbeTargets
VMProbeTargets defines a set of static and dynamically discovered targets for the prober.
_Appears in:_
- [VMProbeSpec](#vmprobespec)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `ingress` | Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. | _[ProbeTargetIngress](#probetargetingress)_ | true |
| `staticConfig` | StaticConfig defines static targets which are considers for probing. | _[VMProbeTargetStaticConfig](#vmprobetargetstaticconfig)_ | true |
#### VMProberSpec
VMProberSpec contains specification parameters for the Prober used for probing.
_Appears in:_
- [VMProbeSpec](#vmprobespec)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `path` | Path to collect metrics from.<br/>Defaults to `/probe`. | _string_ | true |
| `scheme` | HTTP scheme to use for scraping.<br/>Defaults to `http`. | _string_ | false |
| `url` | Mandatory URL of the prober. | _string_ | true |
#### VMRestore
_Appears in:_
- [VMBackup](#vmbackup)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `onStart` | OnStart defines configuration for restore on pod start | _[VMRestoreOnStartConfig](#vmrestoreonstartconfig)_ | false |
#### VMRestoreOnStartConfig
_Appears in:_
- [VMRestore](#vmrestore)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `enabled` | Enabled defines if restore on start enabled | _boolean_ | false |
#### VMRule
VMRule defines rule records for vmalert application
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `basicAuth` | BasicAuth allow an endpoint to authenticate over basic authentication | _[BasicAuth](#basicauth)_ | false |
| `bearerTokenFile` | File to read bearer token for scraping targets. | _string_ | false |
| `bearerTokenSecret` | Secret to mount to read bearer token for scraping targets. The secret<br/>needs to be in the same namespace as the scrape object and accessible by<br/>the victoria-metrics operator. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `consulSDConfigs` | ConsulSDConfigs defines a list of Consul service discovery configurations. | _[ConsulSDConfig](#consulsdconfig) array_ | false |
| `digitalOceanSDConfigs` | DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations. | _[DigitalOceanSDConfig](#digitaloceansdconfig) array_ | false |
| `dnsSDConfigs` | DNSSDConfigs defines a list of DNS service discovery configurations. | _[DNSSDConfig](#dnssdconfig) array_ | false |
| `ec2SDConfigs` | EC2SDConfigs defines a list of EC2 service discovery configurations. | _[EC2SDConfig](#ec2sdconfig) array_ | false |
| `fileSDConfigs` | FileSDConfigs defines a list of file service discovery configurations. | _[FileSDConfig](#filesdconfig) array_ | false |
| `kubernetesSDConfigs` | KubernetesSDConfigs defines a list of Kubernetes service discovery configurations. | _[KubernetesSDConfig](#kubernetessdconfig) array_ | false |
| `openstackSDConfigs` | OpenStackSDConfigs defines a list of OpenStack service discovery configurations. | _[OpenStackSDConfig](#openstacksdconfig) array_ | false |
| `scheme` | HTTP scheme to use for scraping. | _string_ | false |
| `scrapeTimeout` | Timeout after which the scrape is ended | _string_ | false |
| `scrape_interval` | ScrapeInterval is the same as Interval and has priority over it.<br/>one of scrape_interval or interval can be used | _string_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
| `staticConfigs` | StaticConfigs defines a list of static targets with a common label set. | _[StaticConfig](#staticconfig) array_ | false |
| `headers` | Headers allows sending custom headers to scrape targets<br/>must be in of semicolon separated header with it's value<br/>eg:<br/>headerName: headerValue<br/>vmagent supports since 1.79.0 version | _string array_ | false |
| `affinity` | Affinity If specified, the pod's scheduling constraints. | _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#affinity-v1-core)_ | false |
| `cacheMountPath` | CacheMountPath allows to add cache persistent for VMSelect,<br/>will use "/cache" as default if not specified. | _string_ | false |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `disableSelfServiceScrape` | DisableSelfServiceScrape controls creation of VMServiceScrape by operator<br/>for the application.<br/>Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable | _boolean_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `hostNetwork` | HostNetwork controls whether the pod may use the node network namespace | _boolean_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `hpa` | Configures horizontal pod autoscaling.<br/>Note, enabling this option disables vmselect to vmselect communication. In most cases it's not an issue. | _[EmbeddedHPA](#embeddedhpa)_ | false |
| `image` | Image - docker image settings<br/>if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `logFormat` | LogFormat for VMSelect to be configured with.<br/>default or json | _string_ | false |
| `logLevel` | LogLevel for VMSelect to be configured with. | _string_ | false |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `persistentVolume` | Storage - add persistent volume for cacheMountPath<br/>its useful for persistent cache<br/>use storage instead of persistentVolume. | _[StorageSpec](#storagespec)_ | false |
| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false |
| `podMetadata` | PodMetadata configures Labels and Annotations which are propagated to the VMSelect pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | true |
| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `rollingUpdateStrategy` | RollingUpdateStrategy defines strategy for application updates<br/>Default is OnDelete, in this case operator handles update process<br/>Can be changed for RollingUpdate | _[StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#statefulsetupdatestrategytype-v1-apps)_ | false |
| `runtimeClassName` | RuntimeClassName - defines runtime class for kubernetes pod.<br/>https://kubernetes.io/docs/concepts/containers/runtime-class/ | _string_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `serviceScrapeSpec` | ServiceScrapeSpec that will be added to vmselect VMServiceScrape spec | _[VMServiceScrapeSpec](#vmservicescrapespec)_ | false |
| `serviceSpec` | ServiceSpec that will be added to vmselect service spec | _[AdditionalServiceSpec](#additionalservicespec)_ | false |
| `storage` | StorageSpec - add persistent volume claim for cacheMountPath<br/>its needed for persistent cache | _[StorageSpec](#storagespec)_ | false |
| `terminationGracePeriodSeconds` | TerminationGracePeriodSeconds period for container graceful termination | _integer_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `attach_metadata` | AttachMetadata configures metadata attaching from service discovery | _[AttachMetadata](#attachmetadata)_ | false |
| `discoveryRole` | DiscoveryRole - defines kubernetes_sd role for objects discovery.<br/>by default, its endpoints.<br/>can be changed to service or endpointslices.<br/>note, that with service setting, you have to use port: "name"<br/>and cannot use targetPort for endpoints. | _string_ | false |
| `endpoints` | A list of endpoints allowed as part of this ServiceScrape. | _[Endpoint](#endpoint) array_ | true |
| `jobLabel` | The label to use to retrieve the job name from. | _string_ | false |
| `namespaceSelector` | Selector to select which namespaces the Endpoints objects are discovered from. | _[NamespaceSelector](#namespaceselector)_ | false |
| `podTargetLabels` | PodTargetLabels transfers labels on the Kubernetes Pod onto the target. | _string array_ | false |
| `sampleLimit` | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | _integer_ | false |
| `selector` | Selector to select Endpoints objects by corresponding Service labels. | _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
| `targetLabels` | TargetLabels transfers labels on the Kubernetes Service onto the target. | _string array_ | false |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `image` | Image - docker image settings<br/>if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `license` | License allows to configure license key to be used for enterprise features.<br/>Using license key is supported starting from VictoriaMetrics v1.94.0.<br/>See [here](https://docs.victoriametrics.com/enterprise) | _[License](#license)_ | false |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `podMetadata` | PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `retentionPeriod` | RetentionPeriod for the stored metrics<br/>Note VictoriaMetrics has data/ and indexdb/ folders<br/>metrics from data/ removed eventually as soon as partition leaves retention period<br/>reverse index data at indexdb rotates once at the half of configured [retention period](https://docs.victoriametrics.com/Single-server-VictoriaMetrics/#retention) | _string_ | true |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `serviceAccountName` | ServiceAccountName is the name of the ServiceAccount to use to run the pods | _string_ | false |
| `serviceScrapeSpec` | ServiceScrapeSpec that will be added to vmsingle VMServiceScrape spec | _[VMServiceScrapeSpec](#vmservicescrapespec)_ | false |
| `serviceSpec` | ServiceSpec that will be added to vmsingle service spec | _[AdditionalServiceSpec](#additionalservicespec)_ | false |
| `storage` | Storage is the definition of how storage will be used by the VMSingle<br/>by default it`s empty dir<br/>this option is ignored if storageDataPath is set | _[PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#persistentvolumeclaimspec-v1-core)_ | false |
| `storageDataPath` | StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath,<br/>its users responsibility to mount proper device into given path.<br/>It requires to provide spec.volumes and spec.volumeMounts with at least 1 value | _string_ | false |
| `storageMetadata` | StorageMeta defines annotations and labels attached to PVC for given vmsingle CR | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
VMStaticScrapeSpec defines the desired state of VMStaticScrape.
_Appears in:_
- [VMStaticScrape](#vmstaticscrape)
| Field | Description | Scheme | Required |
| --- | --- | --- | --- |
| `jobName` | JobName name of job. | _string_ | true |
| `sampleLimit` | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | _integer_ | false |
| `seriesLimit` | SeriesLimit defines per-scrape limit on number of unique time series<br/>a single target can expose during all the scrapes on the time window of 24h. | _integer_ | false |
| `targetEndpoints` | A list of target endpoints to scrape metrics from. | _[TargetEndpoint](#targetendpoint) array_ | true |
| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false |
| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.<br/>It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `disableSelfServiceScrape` | DisableSelfServiceScrape controls creation of VMServiceScrape by operator<br/>for the application.<br/>Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable | _boolean_ | false |
| `dnsConfig` | Specifies the DNS parameters of a pod.<br/>Parameters specified here will be merged to the generated DNS<br/>configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false |
| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false |
| `extraArgs` | ExtraArgs that will be passed to the application container<br/>for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false |
| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false |
| `hostAliases` | HostAliases provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `hostNetwork` | HostNetwork controls whether the pod may use the node network namespace | _boolean_ | false |
| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,<br/>that would be propagated to pod,<br/>cannot be used with HostNetwork.<br/>Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false |
| `image` | Image - docker image settings<br/>if no specified operator uses default version from operator config | _[Image](#image)_ | false |
| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace<br/>to use for pulling images from registries<br/>see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false |
| `initContainers` | InitContainers allows adding initContainers to the pod definition.<br/>Any errors during the execution of an initContainer will lead to a restart of the Pod.<br/>More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false |
| `logFormat` | LogFormat for VMStorage to be configured with.<br/>default or json | _string_ | false |
| `logLevel` | LogLevel for VMStorage to be configured with. | _string_ | false |
| `maintenanceInsertNodeIDs` | MaintenanceInsertNodeIDs - excludes given node ids from insert requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc.<br/>lets say, you have pod-0, pod-1, pod-2, pod-3. to exclude pod-0 and pod-3 from insert routing, define nodeIDs: [0,3].<br/>Useful at storage expanding, when you want to rebalance some data at cluster. | _integer array_ | false |
| `maintenanceSelectNodeIDs` | MaintenanceInsertNodeIDs - excludes given node ids from select requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. | _integer array_ | true |
| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod<br/>if previous in healthy state<br/>Has no effect for VLogs and VMSingle | _integer_ | false |
| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false |
| `paused` | Paused If set to true all actions on the underlying managed objects are not<br/>going to be performed, except for delete actions. | _boolean_ | false |
| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false |
| `podMetadata` | PodMetadata configures Labels and Annotations which are propagated to the VMStorage pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | true |
| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false |
| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/<br/>if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false |
| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or<br/>maximum number of revisions that will be maintained in the Deployment revision history.<br/>Has no effect at StatefulSets<br/>Defaults to 10. | _integer_ | false |
| `rollingUpdateStrategy` | RollingUpdateStrategy defines strategy for application updates<br/>Default is OnDelete, in this case operator handles update process<br/>Can be changed for RollingUpdate | _[StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#statefulsetupdatestrategytype-v1-apps)_ | false |
| `runtimeClassName` | RuntimeClassName - defines runtime class for kubernetes pod.<br/>https://kubernetes.io/docs/concepts/containers/runtime-class/ | _string_ | false |
| `secrets` | Secrets is a list of Secrets in the same namespace as the Application<br/>object, which shall be mounted into the Application container<br/>at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false |
| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.<br/>This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false |
| `serviceScrapeSpec` | ServiceScrapeSpec that will be added to vmstorage VMServiceScrape spec | _[VMServiceScrapeSpec](#vmservicescrapespec)_ | false |
| `serviceSpec` | ServiceSpec that will be create additional service for vmstorage | _[AdditionalServiceSpec](#additionalservicespec)_ | false |
| `storage` | Storage - add persistent volume for StorageDataPath<br/>its useful for persistent cache | _[StorageSpec](#storagespec)_ | false |
| `storageDataPath` | StorageDataPath - path to storage data | _string_ | false |
| `terminationGracePeriodSeconds` | TerminationGracePeriodSeconds period for container graceful termination | _integer_ | false |
| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false |
| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,<br/>controls how pods are spread across your cluster among failure-domains<br/>such as regions, zones, nodes, and other user-defined topology domains<br/>https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false |
| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component<br/>it restricts disk writes access<br/>uses non-root user out of the box<br/>drops not needed security permissions | _boolean_ | false |
| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.<br/>VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false |
| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.<br/>Volumes specified will be appended to other volumes that are generated.<br/>/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true |
| `metadata` | Refer to Kubernetes API documentation for fields of `metadata`. | _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | true |
| `drop_src_path_prefix_parts` | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.<br/>See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. | _integer_ | false |
| `generatePassword` | GeneratePassword instructs operator to generate password for user<br/>if spec.password if empty. | _boolean_ | false |
| `headers` | Headers represent additional http headers, that vmauth uses<br/>in form of ["header_key: header_value"]<br/>multiple values for header key:<br/>["header_key: value1,value2"]<br/>it's available since 1.68.0 version of vmauth | _string array_ | false |
| `ip_filters` | IPFilters defines per target src ip filters<br/>supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth/#ip-filters) | _[VMUserIPFilters](#vmuseripfilters)_ | false |
| `load_balancing_policy` | LoadBalancingPolicy defines load balancing policy to use for backend urls.<br/>Supported policies: least_loaded, first_available.<br/>See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") | _string_ | false |
| `passwordRef` | PasswordRef allows fetching password from user-create secret by its name and key. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `response_headers` | ResponseHeaders represent additional http headers, that vmauth adds for request response<br/>in form of ["header_key: header_value"]<br/>multiple values for header key:<br/>["header_key: value1,value2"]<br/>it's available since 1.93.0 version of vmauth | _string array_ | false |
| `retry_status_codes` | RetryStatusCodes defines http status codes in numeric format for request retries<br/>e.g. [429,503] | _integer array_ | false |
| `targetRefs` | TargetRefs - reference to endpoints, which user may access. | _[TargetRef](#targetref) array_ | true |
| `tokenRef` | TokenRef allows fetching token from user-created secrets by its name and key. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `username` | UserName basic auth user name for accessing protected endpoint,<br/>will be replaced with metadata.name of VMUser if omitted. | _string_ | false |
#### VictorOpsConfig
VictorOpsConfig configures notifications via VictorOps.
See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
| `api_key` | The secret's key that contains the API key to use when talking to the VictorOps API.<br/>It must be at them same namespace as CRD<br/>fallback to global setting if empty | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `api_secret` | The secret's key that contains the WeChat API key.<br/>The secret needs to be in the same namespace as the AlertmanagerConfig<br/>fallback to global alertmanager setting if empty | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
| `api_url` | The WeChat API URL.<br/>fallback to global alertmanager setting if empty | _string_ | false |
| `corp_id` | The corp id for authentication.<br/>fallback to global alertmanager setting if empty | _string_ | false |
| `api_url` | The Webex Teams API URL, i.e. https://webexapis.com/v1/messages | _string_ | false |
| `http_config` | HTTP client configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. | _[HTTPConfig](#httpconfig)_ | false |
| `message` | The message body template | _string_ | false |
| `room_id` | The ID of the Webex Teams room where to send the messages | _string_ | true |
| `url_secret` | URLSecret defines secret name and key at the CRD namespace.<br/>It must contain the webhook URL.<br/>one of `urlSecret` and `url` must be defined. | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false |
