From f61d8c3ebb84f4ae3b8f32847fca76c79f5f3dd0 Mon Sep 17 00:00:00 2001 From: Fred Navruzov Date: Tue, 8 Oct 2024 18:24:56 +0200 Subject: [PATCH] docs/vmanomaly: updates for v1.16.3 (#7203) ### Describe Your Changes docs/vmanomaly: updates for v1.16.3 ### Checklist The following checks are **mandatory**: - [x] My change adheres [VictoriaMetrics contributing guidelines](https://docs.victoriametrics.com/contributing/). --- .../vmanomaly-integration/docker-compose.yml | 2 +- docs/anomaly-detection/CHANGELOG.md | 8 ++- docs/anomaly-detection/FAQ.md | 12 ++-- docs/anomaly-detection/Overview.md | 4 +- docs/anomaly-detection/QuickStart.md | 10 +-- docs/anomaly-detection/components/models.md | 9 +-- .../components/monitoring.md | 38 ++++++++-- docs/anomaly-detection/components/reader.md | 70 ++++++++++++++++++- docs/anomaly-detection/components/writer.md | 36 ++++++++-- .../guides/guide-vmanomaly-vmalert/README.md | 2 +- 10 files changed, 164 insertions(+), 27 deletions(-) diff --git a/deployment/docker/vmanomaly/vmanomaly-integration/docker-compose.yml b/deployment/docker/vmanomaly/vmanomaly-integration/docker-compose.yml index 58a68e97d..84d09b4ae 100644 --- a/deployment/docker/vmanomaly/vmanomaly-integration/docker-compose.yml +++ b/deployment/docker/vmanomaly/vmanomaly-integration/docker-compose.yml @@ -73,7 +73,7 @@ services: restart: always vmanomaly: container_name: vmanomaly - image: victoriametrics/vmanomaly:v1.16.1 + image: victoriametrics/vmanomaly:v1.16.3 depends_on: - "victoriametrics" ports: diff --git a/docs/anomaly-detection/CHANGELOG.md b/docs/anomaly-detection/CHANGELOG.md index 85c5bfe5e..f6e4d60dc 100644 --- a/docs/anomaly-detection/CHANGELOG.md +++ b/docs/anomaly-detection/CHANGELOG.md @@ -11,6 +11,10 @@ aliases: --- Please find the changelog for VictoriaMetrics Anomaly Detection below. +## v1.16.3 +Released: 2024-10-08 +- IMPROVEMENT: Added `tls_cert_file` and `tls_key_file` arguments to support mTLS (mutual TLS) in `vmanomaly` components. This enhancement applies to the following components: [VmReader](https://docs.victoriametrics.com/anomaly-detection/components/reader/#vm-reader), [VmWriter](https://docs.victoriametrics.com/anomaly-detection/components/writer/#vm-writer), and [Monitoring/Push](https://docs.victoriametrics.com/anomaly-detection/components/monitoring/#push-config-parameters). You can also use these arguments in conjunction with `verify_tls` when it is set as a path to a custom CA certificate file. + ## v1.16.2 Released: 2024-10-06 - FEATURE: Added support for `multitenant` value in `tenant_id` arg to enable querying across multiple tenants in [VictoriaMetrics cluster](https://docs.victoriametrics.com/cluster-victoriametrics/) (option available from [v1.104.0](https://docs.victoriametrics.com/cluster-victoriametrics/#multitenancy-via-labels)): @@ -72,7 +76,7 @@ Released: 2024-08-14 ## v1.15.2 Released: 2024-08-13 - IMPROVEMENT: Enhanced [online models](https://docs.victoriametrics.com/anomaly-detection/components/models/#online-models) (e.g., [`OnlineQuantileModel`](https://docs.victoriametrics.com/anomaly-detection/components/models/#online-seasonal-quantile)) to automatically create model instances for unseen time series during `infer` calls, eliminating the need to wait for the next `fit` call. This ensures no inferences are skipped **when using online models**. -- FIX: Corrected an issue with the [`OnlineMADModel`](https://docs.victoriametrics.com/anomaly-detection/components/models/#online-mad) to ensure proper functionality when used in combination with [on-disk model dump mode](https://docs.victoriametrics.com/anomaly-detection/faq/#resource-consumption-of-vmanomaly). +- FIX: Corrected an issue with the [`OnlineMADModel`](https://docs.victoriametrics.com/anomaly-detection/components/models/#online-mad) to ensure proper functionality when used in combination with [on-disk model dump mode](https://docs.victoriametrics.com/anomaly-detection/faq/#on-disk-mode). - FIX: Addressed numerical instability in the [`OnlineQuantileModel`](https://docs.victoriametrics.com/anomaly-detection/components/models/#online-seasonal-quantile) when `use_transform` is set to `True`. - FIX: Resolved a logging issue that could cause a `RuntimeError: reentrant call inside <_io.BufferedWriter name=''>` when a termination event was received. @@ -120,7 +124,7 @@ Released: 2024-07-17 Released: 2024-07-15 - IMPROVEMENT: update `node-exporter` [preset](https://docs.victoriametrics.com/anomaly-detection/presets/#node-exporter) to reduce [false positives](https://victoriametrics.com/blog/victoriametrics-anomaly-detection-handbook-chapter-1/#false-positive) - FIX: add `verify_tls` arg for [`push`](https://docs.victoriametrics.com/anomaly-detection/components/monitoring/#push-config-parameters) monitoring section. Also, `verify_tls` is now correctly used in [VmWriter](https://docs.victoriametrics.com/anomaly-detection/components/writer/#vm-writer). -- FIX: now [`AutoTuned`](https://docs.victoriametrics.com/anomaly-detection/components/models/#autotuned) model wrapper works correctly in [on-disk model storage mode](https://docs.victoriametrics.com/anomaly-detection/faq/#resource-consumption-of-vmanomaly). +- FIX: now [`AutoTuned`](https://docs.victoriametrics.com/anomaly-detection/components/models/#autotuned) model wrapper works correctly in [on-disk model storage mode](https://docs.victoriametrics.com/anomaly-detection/faq/#on-disk-mode). - FIX: now [rolling models](https://docs.victoriametrics.com/anomaly-detection/components/models/#rolling-models), like [`RollingQuantile`](https://docs.victoriametrics.com/anomaly-detection/components/models/#rolling-quantile) are properly handled in [One-off scheduler](https://docs.victoriametrics.com/anomaly-detection/components/scheduler/#oneoff-scheduler), when wrapped in [`AutoTuned`](https://docs.victoriametrics.com/anomaly-detection/components/models/#autotuned) ## v1.13.0 diff --git a/docs/anomaly-detection/FAQ.md b/docs/anomaly-detection/FAQ.md index 45dc9c8dc..773ead709 100644 --- a/docs/anomaly-detection/FAQ.md +++ b/docs/anomaly-detection/FAQ.md @@ -118,7 +118,9 @@ writer: Configuration above will produce N intervals of full length (`fit_window`=14d + `fit_every`=1h) until `to_iso` timestamp is reached to run N consecutive `fit` calls to train models; Then these models will be used to produce `M = [fit_every / sampling_frequency]` infer datapoints for `fit_every` range at the end of each such interval, imitating M consecutive calls of `infer_every` in `PeriodicScheduler` [config](https://docs.victoriametrics.com/anomaly-detection/components/scheduler#periodic-scheduler). These datapoints then will be written back to VictoriaMetrics TSDB, defined in `writer` [section](https://docs.victoriametrics.com/anomaly-detection/components/writer#vm-writer) for further visualization (i.e. in VMUI or Grafana) ## Resource consumption of vmanomaly -`vmanomaly` itself is a lightweight service, resource usage is primarily dependent on [scheduling](https://docs.victoriametrics.com/anomaly-detection/components/scheduler) (how often and on what data to fit/infer your models), [# and size of timeseries returned by your queries](https://docs.victoriametrics.com/anomaly-detection/components/reader/#vm-reader), and the complexity of the employed [models](https://docs.victoriametrics.com/anomaly-detection/components/models). Its resource usage is directly related to these factors, making it adaptable to various operational scales. +`vmanomaly` itself is a lightweight service, resource usage is primarily dependent on [scheduling](https://docs.victoriametrics.com/anomaly-detection/components/scheduler) (how often and on what data to fit/infer your models), [# and size of timeseries returned by your queries](https://docs.victoriametrics.com/anomaly-detection/components/reader/#vm-reader), and the complexity of the employed [models](https://docs.victoriametrics.com/anomaly-detection/components/models). Its resource usage is directly related to these factors, making it adaptable to various operational scales. Various optimizations are available to balance between RAM usage, processing speed, and model capacity. These options are described in the sections below. + +### On-disk mode > **Note**: Starting from [v1.13.0](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1130), there is an option to save anomaly detection models to the host filesystem after the `fit` stage (instead of keeping them in memory by default). This is particularly useful for **resource-intensive setups** (e.g., many models, many metrics, or larger [`fit_window` argument](https://docs.victoriametrics.com/anomaly-detection/components/scheduler#periodic-scheduler-config-example)) and for 3rd-party models that store fit data (such as [ProphetModel](https://docs.victoriametrics.com/anomaly-detection/components/models#prophet) or [HoltWinters](https://docs.victoriametrics.com/anomaly-detection/components/models#holt-winters)). This reduces RAM consumption significantly, though at the cost of slightly slower `infer` stages. To enable this, set the environment variable `VMANOMALY_MODEL_DUMPS_DIR` to the desired location. If using [Helm charts](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-anomaly/README.md), starting from chart version `1.3.0` `.persistentVolume.enabled` should be set to `true` in [values.yaml](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-anomaly/values.yaml). @@ -130,7 +132,7 @@ services: # ... vmanomaly: container_name: vmanomaly - image: victoriametrics/vmanomaly:v1.16.1 + image: victoriametrics/vmanomaly:v1.16.3 # ... ports: - "8490:8490" @@ -156,9 +158,11 @@ volumes: vmanomaly_data_dump_dir: {} ``` -> **Note**: Starting from [v1.15.0](https://docs.victoriametrics.com/anomaly-detection/changelog#v1150) with the introduction of [online models](https://docs.victoriametrics.com/anomaly-detection/components/models/#online-models), you can additionally reduce resource consumption (e.g., flatten `fit` stage peaks by querying less data from VictoriaMetrics at once). +For Helm chart users, refer to the `persistentVolume` [section](https://github.com/VictoriaMetrics/helm-charts/blob/7f5a2c00b14c2c088d7d8d8bcee7a440a5ff11c6/charts/victoria-metrics-anomaly/values.yaml#L183) in the [`values.yaml`](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-anomaly/values.yaml) file. Ensure that the boolean flags `dumpModels` and `dumpData` are set as needed (both are *enabled* by default). -**Additional Benefits of Switching to Online Models**: +### Online models + +> **Note**: Starting from [v1.15.0](https://docs.victoriametrics.com/anomaly-detection/changelog#v1150) with the introduction of [online models](https://docs.victoriametrics.com/anomaly-detection/components/models/#online-models), you can additionally reduce resource consumption (e.g., flatten `fit` stage peaks by querying less data from VictoriaMetrics at once). - **Reduced Latency**: Online models update incrementally, which can lead to faster response times for anomaly detection since the model continuously adapts to new data without waiting for a batch `fit`. - **Scalability**: Handling smaller data chunks at a time reduces memory and computational overhead, making it easier to scale the anomaly detection system. diff --git a/docs/anomaly-detection/Overview.md b/docs/anomaly-detection/Overview.md index 2d6b33581..0db99ecfe 100644 --- a/docs/anomaly-detection/Overview.md +++ b/docs/anomaly-detection/Overview.md @@ -229,7 +229,7 @@ This will expose metrics at `http://0.0.0.0:8080/metrics` page. To use *vmanomaly* you need to pull docker image: ```sh -docker pull victoriametrics/vmanomaly:v1.16.1 +docker pull victoriametrics/vmanomaly:v1.16.3 ``` > Note: please check what is latest release in [CHANGELOG](https://docs.victoriametrics.com/anomaly-detection/changelog/) @@ -239,7 +239,7 @@ docker pull victoriametrics/vmanomaly:v1.16.1 You can put a tag on it for your convenience: ```sh -docker image tag victoriametrics/vmanomaly:v1.16.1 vmanomaly +docker image tag victoriametrics/vmanomaly:v1.16.3 vmanomaly ``` Here is an example of how to run *vmanomaly* docker container with [license file](#licensing): diff --git a/docs/anomaly-detection/QuickStart.md b/docs/anomaly-detection/QuickStart.md index a6d59519f..2252eaf6a 100644 --- a/docs/anomaly-detection/QuickStart.md +++ b/docs/anomaly-detection/QuickStart.md @@ -21,7 +21,9 @@ The following options are available: - [To run Docker image](#docker) - [To run in Kubernetes with Helm charts](#kubernetes-with-helm-charts) -> **Note**: Starting from [v1.13.0](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1130) there is a mode to keep anomaly detection models on host filesystem after `fit` stage (instead of keeping them in-memory by default); This may lead to **noticeable reduction of RAM used** on bigger setups. See instructions [here](https://docs.victoriametrics.com/anomaly-detection/faq/#resource-consumption-of-vmanomaly). +> **Note**: Starting from [v1.13.0](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1130) there is a mode to keep anomaly detection models on host filesystem after `fit` stage (instead of keeping them in-memory by default); This may lead to **noticeable reduction of RAM used** on bigger setups. See instructions [here](https://docs.victoriametrics.com/anomaly-detection/faq/#on-disk-mode). + +> **Note**: Starting from [v1.16.0](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1160), a similar optimization is available for data read from VictoriaMetrics TSDB. See instructions [here](https://docs.victoriametrics.com/anomaly-detection/faq/#on-disk-mode). ### Docker @@ -32,13 +34,13 @@ Below are the steps to get `vmanomaly` up and running inside a Docker container: 1. Pull Docker image: ```sh -docker pull victoriametrics/vmanomaly:v1.16.1 +docker pull victoriametrics/vmanomaly:v1.16.3 ``` 2. (Optional step) tag the `vmanomaly` Docker image: ```sh -docker image tag victoriametrics/vmanomaly:v1.16.1 vmanomaly +docker image tag victoriametrics/vmanomaly:v1.16.3 vmanomaly ``` 3. Start the `vmanomaly` Docker container with a *license file*, use the command below. @@ -70,7 +72,7 @@ docker run -it --user 1000:1000 \ services: # ... vmanomaly: - image: victoriametrics/vmanomaly:v1.16.1 + image: victoriametrics/vmanomaly:v1.16.3 volumes: $YOUR_LICENSE_FILE_PATH:/license $YOUR_CONFIG_FILE_PATH:/config.yml diff --git a/docs/anomaly-detection/components/models.md b/docs/anomaly-detection/components/models.md index 460fbfedb..4ebd669c1 100644 --- a/docs/anomaly-detection/components/models.md +++ b/docs/anomaly-detection/components/models.md @@ -17,7 +17,7 @@ This section covers the `Models` component of VictoriaMetrics Anomaly Detection - You can also integrate a **custom model**—see the [custom model guide](#custom-model-guide) for more details. - Models have **different types and properties**—refer to the [model types section](#model-types) for more information. -> **Note:** Starting from [v1.13.0](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1130), models can be dumped to disk instead of being stored in RAM. This option **slightly reduces inference speed but significantly decreases RAM usage**, particularly useful for larger setups. For more details, see the [relevant FAQ section](https://docs.victoriametrics.com/anomaly-detection/faq/#resource-consumption-of-vmanomaly). +> **Note:** Starting from [v1.13.0](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1130), models can be dumped to disk instead of being stored in RAM. This option **slightly reduces inference speed but significantly decreases RAM usage**, particularly useful for larger setups. For more details, see the [relevant FAQ section](https://docs.victoriametrics.com/anomaly-detection/faq/#on-disk-mode). > **Note:** Starting from [v1.10.0](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1100) model section in config supports multiple models via aliasing.
Also, `vmanomaly` expects model section to be named `models`. Using old (flat) format with `model` key is deprecated and will be removed in future versions. Having `model` and `models` sections simultaneously in a config will result in only `models` being used: @@ -366,6 +366,7 @@ Infer stage - The ability to distribute the data load evenly between the initial `fit` and subsequent `infer` calls. For example, an online model can be fit on 10 `1m` datapoints during the initial `fit` stage once per month and then be gradually updated on the same 10 `1m` datapoints during each `infer` call each 10 minutes. - The model can adapt to new data patterns (gradually updating itself during each `infer` call) without needing to wait for the next `fit` call and one big re-training. - Slightly faster training/updating times compared to similar offline models. +- Please refer to additional benefits for data-intensive setups in correspondent [FAQ](https://docs.victoriametrics.com/anomaly-detection/faq#online-models) section. **Limitations**: @@ -446,7 +447,7 @@ models: > **Note**: There are some expected limitations of Autotune mode: > - It can't be made on your [custom model](#custom-model-guide). > - It can't be applied to itself (like `tuned_class_name: 'model.auto.AutoTunedModel'`) -> - `AutoTunedModel` can't be used on [rolling models](https://docs.victoriametrics.com/anomaly-detection/components/models/#rolling-models) like [`RollingQuantile`](https://docs.victoriametrics.com/anomaly-detection/components/models/#rolling-quantile) in combination with [on-disk model storage mode](https://docs.victoriametrics.com/anomaly-detection/faq/#resource-consumption-of-vmanomaly), as the rolling models exists only during `infer` calls and aren't persisted neither in RAM, nor on disk. +> - `AutoTunedModel` can't be used on [rolling models](https://docs.victoriametrics.com/anomaly-detection/components/models/#rolling-models) like [`RollingQuantile`](https://docs.victoriametrics.com/anomaly-detection/components/models/#rolling-quantile) in combination with [on-disk model storage mode](https://docs.victoriametrics.com/anomaly-detection/faq/#on-disk-mode), as the rolling models exists only during `infer` calls and aren't persisted neither in RAM, nor on disk. ### [Prophet](https://facebook.github.io/prophet/) @@ -961,7 +962,7 @@ monitoring: Let's pull the docker image for `vmanomaly`: ```sh -docker pull victoriametrics/vmanomaly:v1.16.1 +docker pull victoriametrics/vmanomaly:v1.16.3 ``` Now we can run the docker container putting as volumes both config and model file: @@ -975,7 +976,7 @@ docker run -it \ -v $(PWD)/license:/license \ -v $(PWD)/custom_model.py:/vmanomaly/model/custom.py \ -v $(PWD)/custom.yaml:/config.yaml \ -victoriametrics/vmanomaly:v1.16.1 /config.yaml \ +victoriametrics/vmanomaly:v1.16.3 /config.yaml \ --licenseFile=/license ``` diff --git a/docs/anomaly-detection/components/monitoring.md b/docs/anomaly-detection/components/monitoring.md index 87adcdb90..a2563b350 100644 --- a/docs/anomaly-detection/components/monitoring.md +++ b/docs/anomaly-detection/components/monitoring.md @@ -134,14 +134,38 @@ Path to a file, which contains token, that is passed in the standard format with - `verify_tls` - -`False` +`false` + + +Verify TLS certificate. If `False`, it will not verify the TLS certificate. +If `True`, it will verify the certificate using the system's CA store. +If a path to a CA bundle file (like `ca.crt`), it will verify the certificate using the provided CA bundle. + + + + +`tls_cert_file` + + +`path/to/cert.crt` + + +Path to a file with the client certificate, i.e. `client.crt`. Available since [v1.16.3](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1163). + + + + +`tls_key_file` + + +`path/to/key.crt` + + +Path to a file with the client certificate key, i.e. `client.key`. Available since [v1.16.3](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1163). - Allows disabling TLS verification of the remote certificate. @@ -184,6 +208,12 @@ monitoring: test: "test-1" ``` +## mTLS protection + +Starting from [v1.16.3](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1163), `vmanomaly` components such as [VmWriter](https://docs.victoriametrics.com/anomaly-detection/components/writer/#vm-writer) support [mTLS](https://en.wikipedia.org/wiki/Mutual_authentication) to ensure secure communication with [VictoriaMetrics Enterprise, configured with mTLS](https://docs.victoriametrics.com/#mtls-protection). + +For detailed guidance on configuring mTLS parameters such as `verify_tls`, `tls_cert_file`, and `tls_key_file`, please refer to the [mTLS protection section](https://docs.victoriametrics.com/anomaly-detection/components/reader/#mtls-protection) in the [Reader](https://docs.victoriametrics.com/anomaly-detection/components/reader/#vm-reader) documentation. The configuration principles apply consistently across all these `vmanomaly` components. + ## Metrics generated by vmanomaly diff --git a/docs/anomaly-detection/components/reader.md b/docs/anomaly-detection/components/reader.md index 213ec0a52..8ef3b16f3 100644 --- a/docs/anomaly-detection/components/reader.md +++ b/docs/anomaly-detection/components/reader.md @@ -211,7 +211,31 @@ Timeout for the requests, passed as a string `false` + + + + + + + + + + @@ -289,6 +313,50 @@ reader: latency_offset: '1ms' ``` + + + +### mTLS protection + +As of [v1.16.3](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1163), `vmanomaly` supports [mutual TLS (mTLS)](https://en.wikipedia.org/wiki/Mutual_authentication) for secure communication across its components, including [VmReader](https://docs.victoriametrics.com/anomaly-detection/components/reader/#vm-reader), [VmWriter](https://docs.victoriametrics.com/anomaly-detection/components/writer/#vm-writer), and [Monitoring/Push](https://docs.victoriametrics.com/anomaly-detection/components/monitoring/#push-config-parameters). This allows for mutual authentication between the client and server when querying or writing data to [VictoriaMetrics Enterprise, configured for mTLS](https://docs.victoriametrics.com/#mtls-protection). + +mTLS ensures that both the client and server verify each other's identity using certificates, which enhances security by preventing unauthorized access. + +To configure mTLS, the following parameters can be set in the [config](#config-parameters): +- `verify_tls`: If set to a string, it functions like the `-mtlsCAFile` command-line argument of VictoriaMetrics, specifying the CA bundle to use. Set to `True` to use the system's default certificate store. +- `tls_cert_file`: Specifies the path to the client certificate, analogous to the `-tlsCertFile` argument of VictoriaMetrics. +- `tls_key_file`: Specifies the path to the client certificate key, similar to the `-tlsKeyFile` argument of VictoriaMetrics. + +These options allow you to securely interact with mTLS-enabled VictoriaMetrics endpoints. + +Example configuration to enable mTLS with custom certificates: + +```yaml +reader: + class: "vm" + datasource_url: "https://your-victoriametrics-instance-with-mtls" + # tenant_id: "0:0" uncomment and set for cluster version + queries: + vm_blocks_example: + expr: 'avg(rate(vm_blocks[5m]))' + step: 30s + sampling_period: 30s + verify_tls: "path/to/ca.crt" # path to CA bundle for TLS verification + tls_cert_file: "path/to/client.crt" # path to the client certificate + tls_key_file: "path/to/client.key" # path to the client certificate key + # additional reader parameters ... + +# other config sections, like models, schedulers, writer, ... +``` + + ### Healthcheck metrics `VmReader` exposes [several healthchecks metrics](https://docs.victoriametrics.com/anomaly-detection/components/monitoring/#reader-behaviour-metrics). diff --git a/docs/anomaly-detection/components/writer.md b/docs/anomaly-detection/components/writer.md index 343ce30e6..a72e8cd65 100644 --- a/docs/anomaly-detection/components/writer.md +++ b/docs/anomaly-detection/components/writer.md @@ -185,16 +185,37 @@ Timeout for the requests, passed as a string + + + + + + + + + + @@ -272,6 +293,13 @@ Please note the different behaviors depending on the `tenant_id` value: or ensure that reserved key `vm_account_id` is not explicitly set for single-tenant environments. ``` +### mTLS protection + +Starting from [v1.16.3](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1163), `vmanomaly` components such as [VmWriter](https://docs.victoriametrics.com/anomaly-detection/components/writer/#vm-writer) support [mTLS](https://en.wikipedia.org/wiki/Mutual_authentication) to ensure secure communication with [VictoriaMetrics Enterprise, configured with mTLS](https://docs.victoriametrics.com/#mtls-protection). + +For detailed guidance on configuring mTLS parameters such as `verify_tls`, `tls_cert_file`, and `tls_key_file`, please refer to the [mTLS protection section](https://docs.victoriametrics.com/anomaly-detection/components/reader/#mtls-protection) in the [Reader](https://docs.victoriametrics.com/anomaly-detection/components/reader/#vm-reader) documentation. The configuration principles apply consistently across all these `vmanomaly` components. + + ### Healthcheck metrics `VmWriter` exposes [several healthchecks metrics](https://docs.victoriametrics.com/anomaly-detection/components/monitoring/#writer-behaviour-metrics). diff --git a/docs/anomaly-detection/guides/guide-vmanomaly-vmalert/README.md b/docs/anomaly-detection/guides/guide-vmanomaly-vmalert/README.md index e76008c2c..5df96ed2a 100644 --- a/docs/anomaly-detection/guides/guide-vmanomaly-vmalert/README.md +++ b/docs/anomaly-detection/guides/guide-vmanomaly-vmalert/README.md @@ -385,7 +385,7 @@ services: restart: always vmanomaly: container_name: vmanomaly - image: victoriametrics/vmanomaly:v1.16.1 + image: victoriametrics/vmanomaly:v1.16.3 depends_on: - "victoriametrics" ports:
-Allows disabling TLS verification of the remote certificate. +Verify TLS certificate. If `False`, it will not verify the TLS certificate. +If `True`, it will verify the certificate using the system's CA store. +If a path to a CA bundle file (like `ca.crt`), it will verify the certificate using the provided CA bundle. +
+`tls_cert_file` + +`path/to/cert.crt` + +Path to a file with the client certificate, i.e. `client.crt`. Available since [v1.16.3](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1163). +
+`tls_key_file` + +`path/to/key.crt` + +Path to a file with the client certificate key, i.e. `client.key`. Available since [v1.16.3](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1163).
- `verify_tls` - `false` - -Allows disabling TLS verification of the remote certificate. +Verify TLS certificate. If `False`, it will not verify the TLS certificate. +If `True`, it will verify the certificate using the system's CA store. +If a path to a CA bundle file (like `ca.crt`), it will verify the certificate using the provided CA bundle. +
+`tls_cert_file` + +`path/to/cert.crt` + +Path to a file with the client certificate, i.e. `client.crt`. Available since [v1.16.3](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1163). +
+`tls_key_file` + +`path/to/key.crt` + +Path to a file with the client certificate key, i.e. `client.key`. Available since [v1.16.3](https://docs.victoriametrics.com/anomaly-detection/changelog/#v1163).