diff --git a/docs/operator/CHANGELOG.md b/docs/operator/CHANGELOG.md index 69b63cc432..21e2188fb1 100644 --- a/docs/operator/CHANGELOG.md +++ b/docs/operator/CHANGELOG.md @@ -16,7 +16,18 @@ aliases: ## Next release +- [vmalertmanager](./api.html#vmalertmanagerconfig): fix `VMAlertmanagerConfig` discovery according to [the docs](https://docs.victoriametrics.com/operator/resources/vmalertmanager.html#using-vmalertmanagerconfig). +- [vmoperator](./README.md): add alerting rules for operator itself. See [this issue](https://github.com/VictoriaMetrics/operator/issues/526) for details. +- [vmoperator](./README.md): add `revisionHistoryLimitCount` field for victoriametrics workload CRDs. See [this issue](https://github.com/VictoriaMetrics/operator/pull/834) for details. Thanks [@gidesh](https://github.com/gidesh) +- [vmuser](./api.md#vmuser): add new fields to VMUser: `drop_src_path_prefix_parts`, `tls_insecure_skip_verify`, `metric_labels` and `load_balancing_policy`. See [specifications](https://docs.victoriametrics.com/operator/api.html#vmuserspec) and [vmauth docs](https://docs.victoriametrics.com/vmauth.htm) for more details. +- [vmoperator](./README.md): add CRD support for discord_configs, msteams_configs, sns_configs and webex_configs receiver types in VMAlertmanagerConfig. See [this issue](https://github.com/VictoriaMetrics/operator/issues/808) + + +## [v0.39.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.4) - 13 Dec 2023 + +- update VictoriaMetrics image tags to [v1.96.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.96.0). - [vmalertmanagerconfig](./api.html#vmalertmanagerconfig): add fields `entity`, `actions` and `update_alerts` for opsgenie_configs according to https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config. +- [vmoperator](./README.md): remove vmalert notifier null check, since `-notifier.url` is optional and is needed only if there are alerting rules. ## [v0.39.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.3) - 16 Nov 2023 diff --git a/docs/operator/FAQ.md b/docs/operator/FAQ.md index a4d809172e..eb2e48bee9 100644 --- a/docs/operator/FAQ.md +++ b/docs/operator/FAQ.md @@ -81,6 +81,10 @@ or [CHANGELOG](https://github.com/VictoriaMetrics/operator/blob/master/docs/CHAN See this document for details: [Configuration -> Namespaced mode](./configuration.md#namespaced-mode). +## How to configure VMAgent and VMServiceScrape for using with [Istio Service Mesh](https://istio.io/) and its mTLS? + +See this example in operator repository: https://github.com/VictoriaMetrics/operator/blob/master/config/examples/vmagent-istio.yaml + ## What versions of Kubernetes is the operator compatible with? Operator tested at kubernetes versions from 1.16 to 1.27. diff --git a/docs/operator/api.md b/docs/operator/api.md index 299d67ffcb..d81082e445 100644 --- a/docs/operator/api.md +++ b/docs/operator/api.md @@ -6,6 +6,8 @@ menu: docs: parent: "operator" weight: 12 +aliases: + - /operator/api.html --- @@ -21,11 +23,13 @@ This Document documents the types introduced by the VictoriaMetrics to be consum * [VMAlertmanagerList](#vmalertmanagerlist) * [VMAlertmanagerSpec](#vmalertmanagerspec) * [VMAlertmanagerStatus](#vmalertmanagerstatus) +* [DiscordConfig](#discordconfig) * [EmailConfig](#emailconfig) * [HTTPConfig](#httpconfig) * [ImageConfig](#imageconfig) * [InhibitRule](#inhibitrule) * [LinkConfig](#linkconfig) +* [MSTeamsConfig](#msteamsconfig) * [MuteTimeInterval](#mutetimeinterval) * [OpsGenieConfig](#opsgenieconfig) * [OpsGenieConfigResponder](#opsgenieconfigresponder) @@ -33,10 +37,12 @@ This Document documents the types introduced by the VictoriaMetrics to be consum * [PushoverConfig](#pushoverconfig) * [Receiver](#receiver) * [Route](#route) +* [Sigv4Config](#sigv4config) * [SlackAction](#slackaction) * [SlackConfig](#slackconfig) * [SlackConfirmationField](#slackconfirmationfield) * [SlackField](#slackfield) +* [SnsConfig](#snsconfig) * [TelegramConfig](#telegramconfig) * [TimeInterval](#timeinterval) * [TimeRange](#timerange) @@ -46,6 +52,7 @@ This Document documents the types introduced by the VictoriaMetrics to be consum * [VMAlertmanagerConfigStatus](#vmalertmanagerconfigstatus) * [VictorOpsConfig](#victoropsconfig) * [WeChatConfig](#wechatconfig) +* [WebexConfig](#webexconfig) * [WebhookConfig](#webhookconfig) * [VMAgent](#vmagent) * [VMAgentList](#vmagentlist) @@ -53,6 +60,7 @@ This Document documents the types introduced by the VictoriaMetrics to be consum * [VMAgentRemoteWriteSpec](#vmagentremotewritespec) * [VMAgentSpec](#vmagentspec) * [VMAgentStatus](#vmagentstatus) +* [AdditionalServiceSpec](#additionalservicespec) * [BasicAuth](#basicauth) * [BearerAuth](#bearerauth) * [ConfigMapKeyReference](#configmapkeyreference) @@ -65,7 +73,6 @@ This Document documents the types introduced by the VictoriaMetrics to be consum * [HTTPAuth](#httpauth) * [KeyValue](#keyvalue) * [License](#license) -* [ServiceSpec](#servicespec) * [StorageSpec](#storagespec) * [StreamAggrConfig](#streamaggrconfig) * [StreamAggrRule](#streamaggrrule) @@ -183,7 +190,9 @@ VMAlertmanagerSpec is a specification of the desired behavior of the VMAlertmana | configSecret | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAlertmanager object, which contains configuration for this VMAlertmanager, configuration must be inside secret key: alertmanager.yaml. It must be created by user. instance. Defaults to 'vmalertmanager-<alertmanager-name>' The secret is mounted into /etc/alertmanager/config. | string | false | | logLevel | Log level for VMAlertmanager to be configured with. | string | false | | logFormat | LogFormat for VMAlertmanager to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | | replicaCount | ReplicaCount Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected | *int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | | retention | Retention Time duration VMAlertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms\|s\|m\|h)` (milliseconds seconds minutes hours). | string | false | | storage | Storage is the definition of how storage will be used by the VMAlertmanager instances. | *[StorageSpec](#storagespec) | false | | volumes | Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | @@ -211,13 +220,13 @@ VMAlertmanagerSpec is a specification of the desired behavior of the VMAlertmana | additionalPeers | AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. | []string | false | | clusterAdvertiseAddress | ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 | string | false | | portName | PortName used for the pods and governing service. This defaults to web | string | false | -| serviceSpec | ServiceSpec that will be added to vmalertmanager service spec | *[ServiceSpec](#servicespec) | false | +| serviceSpec | ServiceSpec that will be added to vmalertmanager service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | | serviceScrapeSpec | ServiceScrapeSpec that will be added to vmalertmanager VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | | podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | | livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | | readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | | startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector. with selectAllScrapes: true and undefined ConfigSelector and ConfigNamespaceSelector Operator selects all exist alertManagerConfigs with selectAllScrapes: false - selects nothing | bool | false | +| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector. with selectAllByDefault: true and undefined ConfigSelector and ConfigNamespaceSelector Operator selects all exist alertManagerConfigs with selectAllByDefault: false - selects nothing | bool | false | | configSelector | ConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | | configNamespaceSelector | \n ConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig.\nWorks in combination with Selector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | | extraArgs | ExtraArgs that will be passed to VMAlertmanager pod for example log.level: debug | map[string]string | false | @@ -246,6 +255,21 @@ VMAlertmanagerStatus is the most recent observed status of the VMAlertmanager cl [Back to TOC](#table-of-contents) +## DiscordConfig + + + +| Field | Description | Scheme | Required | +| ----- | ----------- | ------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | +| webhook_url | The discord webhook URL one of `urlSecret` and `url` must be defined. | *string | false | +| webhook_url_secret | URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of `urlSecret` and `url` must be defined. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| title | The message title template | string | false | +| message | The message body template | string | false | +| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | + +[Back to TOC](#table-of-contents) + ## EmailConfig EmailConfig configures notifications via Email. @@ -318,6 +342,21 @@ LinkConfig is used to attach text links to the incident. See https://developer.p [Back to TOC](#table-of-contents) +## MSTeamsConfig + + + +| Field | Description | Scheme | Required | +| ----- | ----------- | ------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | +| webhook_url | The incoming webhook URL one of `urlSecret` and `url` must be defined. | *string | false | +| webhook_url_secret | URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of `urlSecret` and `url` must be defined. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| title | The title of the teams notification. | string | false | +| text | The text body of the teams notification. | string | false | +| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | + +[Back to TOC](#table-of-contents) + ## MuteTimeInterval MuteTimeInterval for alerts @@ -428,6 +467,10 @@ Receiver defines one or more notification integrations. | victorops_configs | VictorOpsConfigs defines victor ops notification configurations. | [][VictorOpsConfig](#victoropsconfig) | false | | wechat_configs | WeChatConfigs defines wechat notification configurations. | [][WeChatConfig](#wechatconfig) | false | | telegram_configs | | [][TelegramConfig](#telegramconfig) | false | +| msteams_configs | | [][MSTeamsConfig](#msteamsconfig) | false | +| discord_configs | | [][DiscordConfig](#discordconfig) | false | +| sns_configs | | [][SnsConfig](#snsconfig) | false | +| webex_configs | | [][WebexConfig](#webexconfig) | false | [Back to TOC](#table-of-contents) @@ -450,6 +493,21 @@ Route defines a node in the routing tree. [Back to TOC](#table-of-contents) +## Sigv4Config + + + +| Field | Description | Scheme | Required | +| ----- | ----------- | ------ | -------- | +| region | AWS region, if blank the region from the default credentials chain is used | string | false | +| access_key | The AWS API keys. Both access_key and secret_key must be supplied or both must be blank. If blank the environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` are used. | string | true | +| access_key_selector | secret key selector to get the keys from a Kubernetes Secret | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | true | +| secret_key_selector | secret key selector to get the keys from a Kubernetes Secret | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| profile | Named AWS profile used to authenticate | string | false | +| role_arn | AWS Role ARN, an alternative to using AWS API keys | string | false | + +[Back to TOC](#table-of-contents) + ## SlackAction SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. @@ -522,6 +580,25 @@ SlackField configures a single Slack field that is sent with each notification. [Back to TOC](#table-of-contents) +## SnsConfig + + + +| Field | Description | Scheme | Required | +| ----- | ----------- | ------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | +| api_url | The api URL | string | false | +| sigv4 | Configure the AWS Signature Verification 4 signing process | *[Sigv4Config](#sigv4config) | false | +| topic_arn | SNS topic ARN, either specify this, phone_number or target_arn | string | false | +| subject | The subject line if message is delivered to an email endpoint. | string | false | +| phone_number | Phone number if message is delivered via SMS Specify this, topic_arn or target_arn | string | false | +| target_arn | Mobile platform endpoint ARN if message is delivered via mobile notifications Specify this, topic_arn or phone_number | string | false | +| message | The message content of the SNS notification. | string | false | +| attributes | SNS message attributes | map[string]string | false | +| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | + +[Back to TOC](#table-of-contents) + ## TelegramConfig @@ -651,6 +728,20 @@ WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs [Back to TOC](#table-of-contents) +## WebexConfig + + + +| Field | Description | Scheme | Required | +| ----- | ----------- | ------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | +| api_url | The Webex Teams API URL, i.e. https://webexapis.com/v1/messages | *string | false | +| room_id | The ID of the Webex Teams room where to send the messages | string | false | +| message | The message body template | string | false | +| http_config | HTTP client configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. | *[HTTPConfig](#httpconfig) | false | + +[Back to TOC](#table-of-contents) + ## WebhookConfig WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config @@ -737,7 +828,9 @@ VMAgentSpec defines the desired state of VMAgent | configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/configs | []string | false | | logLevel | LogLevel for VMAgent to be configured with. INFO, WARN, ERROR, FATAL, PANIC | string | false | | logFormat | LogFormat for VMAgent to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | | replicaCount | ReplicaCount is the expected size of the VMAgent cluster. The controller will eventually make the size of the running cluster equal to the expected size. NOTE enable VMSingle deduplication for replica usage | *int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | | volumes | Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | | volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output deploy definition. VolumeMounts specified will be appended to other VolumeMounts in the vmagent container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | | resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not specified - default setting will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | @@ -768,7 +861,7 @@ VMAgentSpec defines the desired state of VMAgent | remoteWriteSettings | RemoteWriteSettings defines global settings for all remoteWrite urls. | *[VMAgentRemoteWriteSettings](#vmagentremotewritesettings) | false | | relabelConfig | RelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig This relabeling is applied to all the collected metrics before sending them to remote storage. | *v1.ConfigMapKeySelector | false | | inlineRelabelConfig | InlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD. | [][RelabelConfig](#relabelconfig) | false | -| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector. with selectAllScrapes: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector Operator selects all exist serviceScrapes with selectAllScrapes: false - selects nothing | bool | false | +| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector. with selectAllByDefault: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing | bool | false | | serviceScrapeSelector | ServiceScrapeSelector defines ServiceScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | | serviceScrapeNamespaceSelector | ServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | | podScrapeSelector | PodScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | @@ -786,7 +879,7 @@ VMAgentSpec defines the desired state of VMAgent | port | Port listen address | string | false | | extraArgs | ExtraArgs that will be passed to VMAgent pod for example remoteWrite.tmpDataPath: /tmp it would be converted to flag --remoteWrite.tmpDataPath=/tmp | map[string]string | false | | extraEnvs | ExtraEnvs that will be added to VMAgent pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be added to vmagent service spec | *[ServiceSpec](#servicespec) | false | +| serviceSpec | ServiceSpec that will be added to vmagent service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | | serviceScrapeSpec | ServiceScrapeSpec that will be added to vmagent VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | | shardCount | ShardCount - numbers of shards of VMAgent in this case operator will use 1 deployment/sts per shard with replicas count according to spec.replicas, see https://docs.victoriametrics.com/vmagent.html#scraping-big-number-of-targets | *int | false | | updateStrategy | UpdateStrategy - overrides default update strategy. works only for deployments, statefulset always use OnDelete. | *[appsv1.DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#deploymentstrategy-v1-apps) | false | @@ -830,6 +923,17 @@ VMAgentStatus defines the observed state of VMAgent [Back to TOC](#table-of-contents) +## AdditionalServiceSpec + +ServiceSpec defines additional service for CRD with user-defined params. by default, some of fields can be inherited from default service definition for the CRD: labels,selector, ports. if metadata.name is not defined, service will have format {{CRD_TYPE}}-{{CRD_NAME}}-additional-service. + +| Field | Description | Scheme | Required | +| ----- | ----------- | ------ | -------- | +| metadata | EmbeddedObjectMetadata defines objectMeta for additional service. | [EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| spec | ServiceSpec describes the attributes that a user creates on a service. More info: https://kubernetes.io/docs/concepts/services-networking/service/ | v1.ServiceSpec | true | + +[Back to TOC](#table-of-contents) + ## BasicAuth BasicAuth allow an endpoint to authenticate over basic authentication @@ -972,17 +1076,6 @@ License holds license key for enterprise features. Using license key is supporte [Back to TOC](#table-of-contents) -## ServiceSpec - -ServiceSpec defines additional service for CRD with user-defined params. by default, some of fields can be inherited from default service definition for the CRD: labels,selector, ports. if metadata.name is not defined, service will have format {{CRD_TYPE}}-{{CRD_NAME}}-additional-service. - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | EmbeddedObjectMetadata defines objectMeta for additional service. | [EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| spec | ServiceSpec describes the attributes that a user creates on a service. More info: https://kubernetes.io/docs/concepts/services-networking/service/ | v1.ServiceSpec | true | - -[Back to TOC](#table-of-contents) - ## StorageSpec StorageSpec defines the configured storage for a group Prometheus servers. If neither `emptyDir` nor `volumeClaimTemplate` is specified, then by default an [EmptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) will be used. @@ -1131,7 +1224,9 @@ VMAlertSpec defines the desired state of VMAlert | configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | | logFormat | LogFormat for VMAlert to be configured with. default or json | string | false | | logLevel | LogLevel for VMAlert to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | | replicaCount | ReplicaCount is the expected size of the VMAlert cluster. The controller will eventually make the size of the running cluster equal to the expected size. | *int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | | volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | | volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAlert container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | | resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | @@ -1154,8 +1249,8 @@ VMAlertSpec defines the desired state of VMAlert | ruleSelector | RuleSelector selector to select which VMRules to mount for loading alerting rules from. Works in combination with NamespaceSelector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | | ruleNamespaceSelector | RuleNamespaceSelector to be selected for VMRules discovery. Works in combination with Selector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | | port | Port for listen | string | false | -| notifier | Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | *[VMAlertNotifierSpec](#vmalertnotifierspec) | false | -| notifiers | Notifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | [][VMAlertNotifierSpec](#vmalertnotifierspec) | false | +| notifier | Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | *[VMAlertNotifierSpec](#vmalertnotifierspec) | false | +| notifiers | Notifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | [][VMAlertNotifierSpec](#vmalertnotifierspec) | false | | notifierConfigRef | NotifierConfigRef reference for secret with notifier configuration for vmalert only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | | remoteWrite | RemoteWrite Optional URL to remote-write compatible storage to persist vmalert state and rule results to. Rule results will be persisted according to each rule. Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE see -remoteWrite.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 | *[VMAlertRemoteWriteSpec](#vmalertremotewritespec) | false | | remoteRead | RemoteRead Optional URL to read vmalert state (persisted via RemoteWrite) This configuration only makes sense if alerts state has been successfully persisted (via RemoteWrite) before. see -remoteRead.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 | *[VMAlertRemoteReadSpec](#vmalertremotereadspec) | false | @@ -1164,7 +1259,7 @@ VMAlertSpec defines the desired state of VMAlert | extraArgs | ExtraArgs that will be passed to VMAlert pod for example -remoteWrite.tmpDataPath=/tmp | map[string]string | false | | extraEnvs | ExtraEnvs that will be added to VMAlert pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | | externalLabels | ExternalLabels in the form 'name: value' to add to all generated recording rules and alerts. | map[string]string | false | -| serviceSpec | ServiceSpec that will be added to vmalert service spec | *[ServiceSpec](#servicespec) | false | +| serviceSpec | ServiceSpec that will be added to vmalert service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | | serviceScrapeSpec | ServiceScrapeSpec that will be added to vmalert VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | | updateStrategy | UpdateStrategy - overrides default update strategy. | *[appsv1.DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#deploymentstrategy-v1-apps) | false | | rollingUpdate | RollingUpdate - overrides deployment update params. | *[appsv1.RollingUpdateDeployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#rollingupdatedeployment-v1-apps) | false | @@ -1231,6 +1326,7 @@ VMSingleSpec defines the desired state of VMSingle | logLevel | LogLevel for victoria metrics single to be configured with. | string | false | | logFormat | LogFormat for VMSingle to be configured with. | string | false | | replicaCount | ReplicaCount is the expected size of the VMSingle it can be 0 or 1 if you need more - use vm cluster | *int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | | storageDataPath | StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath, its users responsibility to mount proper device into given path. | string | false | | storage | Storage is the definition of how storage will be used by the VMSingle by default it`s empty dir | *[v1.PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaimspec-v1-core) | false | | storageMetadata | StorageMeta defines annotations and labels attached to PVC for given vmsingle CR | [EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | @@ -1260,7 +1356,7 @@ VMSingleSpec defines the desired state of VMSingle | license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | *[License](#license) | false | | extraArgs | ExtraArgs that will be passed to VMSingle pod for example remoteWrite.tmpDataPath: /tmp | map[string]string | false | | extraEnvs | ExtraEnvs that will be added to VMSingle pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be added to vmsingle service spec | *[ServiceSpec](#servicespec) | false | +| serviceSpec | ServiceSpec that will be added to vmsingle service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | | serviceScrapeSpec | ServiceScrapeSpec that will be added to vmsingle VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | | livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | | readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | @@ -1781,7 +1877,9 @@ VMClusterStatus defines the observed state of VMCluster | configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | | logFormat | LogFormat for VMSelect to be configured with. default or json | string | false | | logLevel | LogLevel for VMSelect to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | | replicaCount | ReplicaCount is the expected size of the VMInsert cluster. The controller will eventually make the size of the running cluster equal to the expected size. | *int32 | true | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | | volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | | volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | | resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | @@ -1802,7 +1900,7 @@ VMClusterStatus defines the observed state of VMCluster | schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | | runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | | extraEnvs | ExtraEnvs that will be added to VMSelect pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be added to vminsert service spec | *[ServiceSpec](#servicespec) | false | +| serviceSpec | ServiceSpec that will be added to vminsert service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | | serviceScrapeSpec | ServiceScrapeSpec that will be added to vminsert VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | | updateStrategy | UpdateStrategy - overrides default update strategy. | *[appsv1.DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#deploymentstrategy-v1-apps) | false | | rollingUpdate | RollingUpdate - overrides deployment update params. | *[appsv1.RollingUpdateDeployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#rollingupdatedeployment-v1-apps) | false | @@ -1850,7 +1948,9 @@ VMClusterStatus defines the observed state of VMCluster | configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | | logFormat | LogFormat for VMSelect to be configured with. default or json | string | false | | logLevel | LogLevel for VMSelect to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | | replicaCount | ReplicaCount is the expected size of the VMSelect cluster. The controller will eventually make the size of the running cluster equal to the expected size. | *int32 | true | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | | volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | | volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | | resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | @@ -1873,7 +1973,7 @@ VMClusterStatus defines the observed state of VMCluster | clusterNativeListenPort | ClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup | string | false | | schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | | runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | -| serviceSpec | ServiceSpec that will be added to vmselect service spec | *[ServiceSpec](#servicespec) | false | +| serviceSpec | ServiceSpec that will be added to vmselect service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | | serviceScrapeSpec | ServiceScrapeSpec that will be added to vmselect VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | | podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | | livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | @@ -1895,6 +1995,7 @@ VMClusterStatus defines the observed state of VMCluster | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | | name | Name is deprecated and will be removed at 0.22.0 release | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | | podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMSelect pods. | *[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | | image | Image - docker image settings for VMStorage | [Image](#image) | false | | secrets | Secrets is a list of Secrets in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. | []string | false | @@ -1902,6 +2003,7 @@ VMClusterStatus defines the observed state of VMCluster | logFormat | LogFormat for VMSelect to be configured with. default or json | string | false | | logLevel | LogLevel for VMSelect to be configured with. | string | false | | replicaCount | ReplicaCount is the expected size of the VMStorage cluster. The controller will eventually make the size of the running cluster equal to the expected size. | *int32 | true | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | | volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | | volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | | resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | @@ -1926,7 +2028,7 @@ VMClusterStatus defines the observed state of VMCluster | vmBackup | VMBackup configuration for backup | *[VMBackup](#vmbackup) | false | | extraArgs | | map[string]string | false | | extraEnvs | ExtraEnvs that will be added to VMSelect pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be create additional service for vmstorage | *[ServiceSpec](#servicespec) | false | +| serviceSpec | ServiceSpec that will be create additional service for vmstorage | *[AdditionalServiceSpec](#additionalservicespec) | false | | serviceScrapeSpec | ServiceScrapeSpec that will be added to vmstorage VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | | podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | | livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | @@ -2033,6 +2135,8 @@ TargetRef describes target for user traffic forwarding. one of target types can | headers | Headers represent additional http headers, that vmauth uses in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.68.0 version of vmauth | []string | false | | response_headers | ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.93.0 version of vmauth | []string | false | | retry_status_codes | RetryStatusCodes defines http status codes in numeric format for request retries Can be defined per target or at VMUser.spec level e.g. [429,503] | []int | false | +| load_balancing_policy | LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default \"least_loaded\") | *string | false | +| drop_src_path_prefix_parts | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. | *int | false | [Back to TOC](#table-of-contents) @@ -2090,6 +2194,10 @@ VMUserSpec defines the desired state of VMUser | response_headers | ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.93.0 version of vmauth | []string | false | | retry_status_codes | RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503] | []int | false | | max_concurrent_requests | MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth | *int | false | +| load_balancing_policy | LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default \"least_loaded\") | *string | false | +| drop_src_path_prefix_parts | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. | *int | false | +| tls_insecure_skip_verify | TLSInsecureSkipVerify - whether to skip TLS verification when connecting to backend over HTTPS. See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup | bool | false | +| metric_labels | MetricLabels - additional labels for metrics exported by vmauth for given user. | map[string]string | false | | disable_secret_creation | DisableSecretCreation skips related secret creation for vmuser | bool | false | [Back to TOC](#table-of-contents) @@ -2148,7 +2256,9 @@ VMAuthSpec defines the desired state of VMAuth | configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods. | []string | false | | logLevel | LogLevel for victoria metrics single to be configured with. | string | false | | logFormat | LogFormat for VMAuth to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | | replicaCount | ReplicaCount is the expected size of the VMAuth | *int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | | volumes | Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | | volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAuth container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | | resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | @@ -2173,7 +2283,7 @@ VMAuthSpec defines the desired state of VMAuth | userNamespaceSelector | UserNamespaceSelector Namespaces to be selected for VMAuth discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAuth namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | | extraArgs | ExtraArgs that will be passed to VMAuth pod for example remoteWrite.tmpDataPath: /tmp | map[string]string | false | | extraEnvs | ExtraEnvs that will be added to VMAuth pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be added to vmsingle service spec | *[ServiceSpec](#servicespec) | false | +| serviceSpec | ServiceSpec that will be added to vmsingle service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | | serviceScrapeSpec | ServiceScrapeSpec that will be added to vmauth VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | | podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | | ingress | Ingress enables ingress configuration for VMAuth. | *[EmbeddedIngress](#embeddedingress) | false | diff --git a/docs/operator/monitoring.md b/docs/operator/monitoring.md index 63642c32f4..24e57b69b9 100644 --- a/docs/operator/monitoring.md +++ b/docs/operator/monitoring.md @@ -18,13 +18,15 @@ These metrics can be scraped via [vmagent](./resources/vmagent.md) or Prometheus ## Dashboard -Official Grafana dashboard for vmoperator is available [here](https://grafana.com/grafana/dashboards/17869). +Official Grafana dashboard available for [vmoperator](https://grafana.com/grafana/dashboards/17869-victoriametrics-operator/). Graphs on the dashboards contain useful hints - hover the `i` icon in the top left corner of each graph to read it. - +## Alerting rules + +Alerting rules for VictoriaMetrics operator are available [here](https://github.com/VictoriaMetrics/operator/blob/master/config/alerting/vmoperator-rules.yaml). ## Configuration @@ -32,7 +34,7 @@ Graphs on the dashboards contain useful hints - hover the `i` icon in the top le In [victoria-metrics-k8s-stack](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-k8s-stack/README.md) helm-chart operator self-scrapes metrics by default. -This helm-chart also includes [official grafana dashboard for operator](#dashboard). +This helm-chart also includes [official grafana dashboard for operator](#dashboard) and [official alerting rules for operator](#alerting-rules). ### Helm-chart victoria-metrics-operator diff --git a/docs/operator/quick-start.md b/docs/operator/quick-start.md index 9c2b653433..30b77ada47 100644 --- a/docs/operator/quick-start.md +++ b/docs/operator/quick-start.md @@ -345,6 +345,8 @@ spec: namespaceSelector: matchNames: - vm + endpoints: + - port: http ``` After that you can deploy `vmservicescrape` resource to the kubernetes cluster: @@ -377,6 +379,7 @@ kind: VMAuth metadata: name: demo spec: + selectAllByDefault: true userNamespaceSelector: {} userSelector: {} ingress: @@ -423,6 +426,7 @@ spec: - "/prometheus/api/v1/query" - "/prometheus/api/v1/query_range" - "/prometheus/api/v1/series" + - "/prometheus/api/v1/status/.*" - "/prometheus/api/v1/label/" - "/prometheus/api/v1/label/[^/]+/values" ``` @@ -469,10 +473,10 @@ The remaining components will be needed for alerting. Let's start with [`vmalertmanager`](./resources/vmalertmanager.md). -Create file `vmuser.yaml` +Create file `vmalertmanager.yaml` ```shell -code vmuser.yaml +code vmalertmanager.yaml ``` with the following content: @@ -642,6 +646,7 @@ spec: - "/prometheus/api/v1/query" - "/prometheus/api/v1/query_range" - "/prometheus/api/v1/series" + - "/prometheus/api/v1/status/.*" - "/prometheus/api/v1/label/" - "/prometheus/api/v1/label/[^/]+/values" # vmalert diff --git a/docs/operator/resources/vmagent.md b/docs/operator/resources/vmagent.md index 3861c6dc20..11f45215cd 100644 --- a/docs/operator/resources/vmagent.md +++ b/docs/operator/resources/vmagent.md @@ -73,22 +73,22 @@ In addition to the above selectors, the filtering of objects in a cluster is aff Following rules are applied: -- If `*NamespaceSelector` and `*Selector` both undefined, then by default select nothing. With option set - `spec.selectAllByDefault: true`, select all objects of given type. -- If `*NamespaceSelector` defined, `*Selector` undefined, then all objects are matching at namespaces for given `*NamespaceSelector`. -- If `*NamespaceSelector` undefined, `*Selector` defined, then all objects at `VMAgent`'s namespaces are matching for given `*Selector`. -- If `*NamespaceSelector` and `*Selector` both defined, then only objects at namespaces matched `*NamespaceSelector` for given `*Selector` are matching. +- If `...NamespaceSelector` and `...Selector` both undefined, then by default select nothing. With option set - `spec.selectAllByDefault: true`, select all objects of given type. +- If `...NamespaceSelector` defined, `...Selector` undefined, then all objects are matching at namespaces for given `...NamespaceSelector`. +- If `...NamespaceSelector` undefined, `...Selector` defined, then all objects at `VMAgent`'s namespaces are matching for given `...Selector`. +- If `...NamespaceSelector` and `...Selector` both defined, then only objects at namespaces matched `...NamespaceSelector` for given `...Selector` are matching. Here's a more visual and more detailed view: -| `*NamespaceSelector` | `*Selector` | `selectAllByDefault` | `WATCH_NAMESPACE` | Selected objects | -|----------------------|-------------|----------------------|-------------------|-------------------------------------------------------------------------------------------------------| -| undefined | undefined | false | undefined | nothing | -| undefined | undefined | **true** | undefined | all objects of given type (`*`) in the cluster | -| **defined** | undefined | any | undefined | all objects of given type (`*`) at namespaces for given `*NamespaceSelector` | -| undefined | **defined** | any | undefined | all objects of given type (`*`) only at `VMAgent`'s namespace are matching for given `Selector | -| **defined** | **defined** | any | undefined | all objects of given type (`*`) only at namespaces matched `*NamespaceSelector` for given `*Selector` | -| any | undefined | any | **defined** | all objects of given type (`*`) only at `VMAgent`'s namespace | -| any | **defined** | any | **defined** | all objects of given type (`*`) only at `VMAgent`'s namespace for given `*Selector` | +| `...NamespaceSelector` | `...Selector` | `selectAllByDefault` | `WATCH_NAMESPACE` | Selected objects | +|------------------------|---------------|----------------------|-------------------|-------------------------------------------------------------------------------------------------------------| +| undefined | undefined | false | undefined | nothing | +| undefined | undefined | **true** | undefined | all objects of given type (`...`) in the cluster | +| **defined** | undefined | *any* | undefined | all objects of given type (`...`) at namespaces for given `...NamespaceSelector` | +| undefined | **defined** | *any* | undefined | all objects of given type (`...`) only at `VMAgent`'s namespace are matching for given `Selector | +| **defined** | **defined** | *any* | undefined | all objects of given type (`...`) only at namespaces matched `...NamespaceSelector` for given `...Selector` | +| *any* | undefined | *any* | **defined** | all objects of given type (`...`) only at `VMAgent`'s namespace | +| *any* | **defined** | *any* | **defined** | all objects of given type (`...`) only at `VMAgent`'s namespace for given `...Selector` | More details about `WATCH_NAMESPACE` variable you can read in [this doc](../configuration.md#namespaced-mode). @@ -713,6 +713,7 @@ spec: ## Examples ```yaml +apiVersion: operator.victoriametrics.com/v1beta1 kind: VMAgent metadata: name: vmagent-example diff --git a/docs/operator/resources/vmalert.md b/docs/operator/resources/vmalert.md index 72bdae4638..4b086084b6 100644 --- a/docs/operator/resources/vmalert.md +++ b/docs/operator/resources/vmalert.md @@ -72,11 +72,11 @@ Here's a more visual and more detailed view: |-------------------------|----------------|----------------------|-------------------|------------------------------------------------------------------------------------------------------| | undefined | undefined | false | undefined | nothing | | undefined | undefined | **true** | undefined | all vmrules in the cluster | -| **defined** | undefined | any | undefined | all vmrules are matching at namespaces for given `ruleNamespaceSelector` | -| undefined | **defined** | any | undefined | all vmrules only at `VMAlert`'s namespace are matching for given `ruleSelector` | -| **defined** | **defined** | any | undefined | all vmrules only at namespaces matched `ruleNamespaceSelector` for given `ruleSelector` are matching | -| any | undefined | any | **defined** | all vmrules only at `VMAlert`'s namespace | -| any | **defined** | any | **defined** | all vmrules only at `VMAlert`'s namespace for given `ruleSelector` are matching | +| **defined** | undefined | *any* | undefined | all vmrules are matching at namespaces for given `ruleNamespaceSelector` | +| undefined | **defined** | *any* | undefined | all vmrules only at `VMAlert`'s namespace are matching for given `ruleSelector` | +| **defined** | **defined** | *any* | undefined | all vmrules only at namespaces matched `ruleNamespaceSelector` for given `ruleSelector` are matching | +| *any* | undefined | *any* | **defined** | all vmrules only at `VMAlert`'s namespace | +| *any* | **defined** | *any* | **defined** | all vmrules only at `VMAlert`'s namespace for given `ruleSelector` are matching | More details about `WATCH_NAMESPACE` variable you can read in [this doc](../configuration.md#namespaced-mode). diff --git a/docs/operator/resources/vmalertmanager.md b/docs/operator/resources/vmalertmanager.md index 9a5adb83c1..482145edb6 100644 --- a/docs/operator/resources/vmalertmanager.md +++ b/docs/operator/resources/vmalertmanager.md @@ -114,6 +114,7 @@ For selecting rules from all namespaces you must specify it to empty value: ```yaml spec: + configSelector: {} configNamespaceSelector: {} ``` @@ -140,11 +141,11 @@ Here's a more visual and more detailed view: |---------------------------|------------------|----------------------|-------------------|------------------------------------------------------------------------------------------------------------------------| | undefined | undefined | false | undefined | nothing | | undefined | undefined | **true** | undefined | all vmalertmaangerconfigs in the cluster | -| **defined** | undefined | any | undefined | all vmalertmaangerconfigs are matching at namespaces for given `configNamespaceSelector` | -| undefined | **defined** | any | undefined | all vmalertmaangerconfigs only at `VMAlertmanager`'s namespace are matching for given `ruleSelector` | -| **defined** | **defined** | any | undefined | all vmalertmaangerconfigs only at namespaces matched `configNamespaceSelector` for given `configSelector` are matching | -| any | undefined | any | **defined** | all vmalertmaangerconfigs only at `VMAlertmanager`'s namespace | -| any | **defined** | any | **defined** | all vmalertmaangerconfigs only at `VMAlertmanager`'s namespace for given `configSelector` are matching | +| **defined** | undefined | *any* | undefined | all vmalertmaangerconfigs are matching at namespaces for given `configNamespaceSelector` | +| undefined | **defined** | *any* | undefined | all vmalertmaangerconfigs only at `VMAlertmanager`'s namespace are matching for given `ruleSelector` | +| **defined** | **defined** | *any* | undefined | all vmalertmaangerconfigs only at namespaces matched `configNamespaceSelector` for given `configSelector` are matching | +| *any* | undefined | *any* | **defined** | all vmalertmaangerconfigs only at `VMAlertmanager`'s namespace | +| *any* | **defined** | *any* | **defined** | all vmalertmaangerconfigs only at `VMAlertmanager`'s namespace for given `configSelector` are matching | More details about `WATCH_NAMESPACE` variable you can read in [this doc](../configuration.md#namespaced-mode). diff --git a/docs/operator/resources/vmauth.md b/docs/operator/resources/vmauth.md index a55377a773..44ca1cdb49 100644 --- a/docs/operator/resources/vmauth.md +++ b/docs/operator/resources/vmauth.md @@ -54,11 +54,11 @@ Here's a more visual and more detailed view: |-------------------------|----------------|----------------------|-------------------|------------------------------------------------------------------------------------------------------| | undefined | undefined | false | undefined | nothing | | undefined | undefined | **true** | undefined | all vmusers in the cluster | -| **defined** | undefined | any | undefined | all vmusers are matching at namespaces for given `userNamespaceSelector` | -| undefined | **defined** | any | undefined | all vmusers only at `VMAuth`'s namespace are matching for given `userSelector` | -| **defined** | **defined** | any | undefined | all vmusers only at namespaces matched `userNamespaceSelector` for given `userSelector` are matching | -| any | undefined | any | **defined** | all vmusers only at `VMAuth`'s namespace | -| any | **defined** | any | **defined** | all vmusers only at `VMAuth`'s namespace for given `userSelector` are matching | +| **defined** | undefined | *any* | undefined | all vmusers are matching at namespaces for given `userNamespaceSelector` | +| undefined | **defined** | *any* | undefined | all vmusers only at `VMAuth`'s namespace are matching for given `userSelector` | +| **defined** | **defined** | *any* | undefined | all vmusers only at namespaces matched `userNamespaceSelector` for given `userSelector` are matching | +| *any* | undefined | *any* | **defined** | all vmusers only at `VMAuth`'s namespace | +| *any* | **defined** | *any* | **defined** | all vmusers only at `VMAuth`'s namespace for given `userSelector` are matching | More details about `WATCH_NAMESPACE` variable you can read in [this doc](../configuration.md#namespaced-mode). @@ -101,8 +101,8 @@ metadata: name: vmauth-unauthorized-example spec: unauthorizedAccessConfig: - - src_paths: ["/metrics"] - url_prefix: + - paths: ["/metrics"] + urls: - http://vmsingle-example.default.svc:8428 ``` @@ -204,8 +204,8 @@ spec: - 5.6.7.8 # allow read vmsingle metrics without authorization for users from internal network unauthorizedAccessConfig: - - src_paths: ["/metrics"] - url_prefix: ["http://vmsingle-example.default.svc:8428"] + - paths: ["/metrics"] + urls: ["http://vmsingle-example.default.svc:8428"] ip_filters: allow_list: - 192.168.0.0/16 diff --git a/docs/operator/vars.md b/docs/operator/vars.md index f837664e9d..4135800705 100644 --- a/docs/operator/vars.md +++ b/docs/operator/vars.md @@ -10,7 +10,7 @@ menu: # Auto Generated vars for package config - updated at Tue Nov 28 15:49:38 UTC 2023 + updated at Tue Jan 23 15:16:59 UTC 2024 | varible name | variable default value | variable required | variable description | @@ -20,7 +20,7 @@ menu: | VM_CUSTOMCONFIGRELOADERIMAGE | victoriametrics/operator:config-reloader-v0.38.0 | false | - | | VM_PSPAUTOCREATEENABLED | false | false | - | | VM_VMALERTDEFAULT_IMAGE | victoriametrics/vmalert | false | - | -| VM_VMALERTDEFAULT_VERSION | v1.95.1 | false | - | +| VM_VMALERTDEFAULT_VERSION | v1.96.0 | false | - | | VM_VMALERTDEFAULT_PORT | 8080 | false | - | | VM_VMALERTDEFAULT_USEDEFAULTRESOURCES | true | false | - | | VM_VMALERTDEFAULT_RESOURCE_LIMIT_MEM | 500Mi | false | - | @@ -31,7 +31,7 @@ menu: | VM_VMALERTDEFAULT_CONFIGRELOADERMEMORY | 25Mi | false | - | | VM_VMALERTDEFAULT_CONFIGRELOADIMAGE | jimmidyson/configmap-reload:v0.3.0 | false | - | | VM_VMAGENTDEFAULT_IMAGE | victoriametrics/vmagent | false | - | -| VM_VMAGENTDEFAULT_VERSION | v1.95.1 | false | - | +| VM_VMAGENTDEFAULT_VERSION | v1.96.0 | false | - | | VM_VMAGENTDEFAULT_CONFIGRELOADIMAGE | quay.io/prometheus-operator/prometheus-config-reloader:v0.68.0 | false | - | | VM_VMAGENTDEFAULT_PORT | 8429 | false | - | | VM_VMAGENTDEFAULT_USEDEFAULTRESOURCES | true | false | - | @@ -42,7 +42,7 @@ menu: | VM_VMAGENTDEFAULT_CONFIGRELOADERCPU | 100m | false | - | | VM_VMAGENTDEFAULT_CONFIGRELOADERMEMORY | 25Mi | false | - | | VM_VMSINGLEDEFAULT_IMAGE | victoriametrics/victoria-metrics | false | - | -| VM_VMSINGLEDEFAULT_VERSION | v1.95.1 | false | - | +| VM_VMSINGLEDEFAULT_VERSION | v1.96.0 | false | - | | VM_VMSINGLEDEFAULT_PORT | 8429 | false | - | | VM_VMSINGLEDEFAULT_USEDEFAULTRESOURCES | true | false | - | | VM_VMSINGLEDEFAULT_RESOURCE_LIMIT_MEM | 1500Mi | false | - | @@ -53,14 +53,14 @@ menu: | VM_VMSINGLEDEFAULT_CONFIGRELOADERMEMORY | 25Mi | false | - | | VM_VMCLUSTERDEFAULT_USEDEFAULTRESOURCES | true | false | - | | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_IMAGE | victoriametrics/vmselect | false | - | -| VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_VERSION | v1.95.1-cluster | false | - | +| VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_VERSION | v1.96.0-cluster | false | - | | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_PORT | 8481 | false | - | | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_LIMIT_MEM | 1000Mi | false | - | | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_LIMIT_CPU | 500m | false | - | | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_REQUEST_MEM | 500Mi | false | - | | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_REQUEST_CPU | 100m | false | - | | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_IMAGE | victoriametrics/vmstorage | false | - | -| VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VERSION | v1.95.1-cluster | false | - | +| VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VERSION | v1.96.0-cluster | false | - | | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VMINSERTPORT | 8400 | false | - | | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VMSELECTPORT | 8401 | false | - | | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_PORT | 8482 | false | - | @@ -69,7 +69,7 @@ menu: | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_RESOURCE_REQUEST_MEM | 500Mi | false | - | | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_RESOURCE_REQUEST_CPU | 250m | false | - | | VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_IMAGE | victoriametrics/vminsert | false | - | -| VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_VERSION | v1.95.1-cluster | false | - | +| VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_VERSION | v1.96.0-cluster | false | - | | VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_PORT | 8480 | false | - | | VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_RESOURCE_LIMIT_MEM | 500Mi | false | - | | VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_RESOURCE_LIMIT_CPU | 500m | false | - | @@ -88,7 +88,7 @@ menu: | VM_VMALERTMANAGER_RESOURCE_REQUEST_CPU | 30m | false | - | | VM_DISABLESELFSERVICESCRAPECREATION | false | false | - | | VM_VMBACKUP_IMAGE | victoriametrics/vmbackupmanager | false | - | -| VM_VMBACKUP_VERSION | v1.95.1-enterprise | false | - | +| VM_VMBACKUP_VERSION | v1.96.0-enterprise | false | - | | VM_VMBACKUP_PORT | 8300 | false | - | | VM_VMBACKUP_USEDEFAULTRESOURCES | true | false | - | | VM_VMBACKUP_RESOURCE_LIMIT_MEM | 500Mi | false | - | @@ -97,7 +97,7 @@ menu: | VM_VMBACKUP_RESOURCE_REQUEST_CPU | 150m | false | - | | VM_VMBACKUP_LOGLEVEL | INFO | false | - | | VM_VMAUTHDEFAULT_IMAGE | victoriametrics/vmauth | false | - | -| VM_VMAUTHDEFAULT_VERSION | v1.95.1 | false | - | +| VM_VMAUTHDEFAULT_VERSION | v1.96.0 | false | - | | VM_VMAUTHDEFAULT_CONFIGRELOADIMAGE | quay.io/prometheus-operator/prometheus-config-reloader:v0.68.0 | false | - | | VM_VMAUTHDEFAULT_PORT | 8427 | false | - | | VM_VMAUTHDEFAULT_USEDEFAULTRESOURCES | true | false | - |