VictoriaMetrics/docs/helm/victoria-metrics-gateway
..
_changelog.md
_index.md
CHANGELOG.md
README.md

Type: application Version: 0.4.0 Artifact Hub Slack

Victoria Metrics Gateway - Auth & Rate-Limitting proxy for Victoria Metrics

Table of Content

Prerequisites

  • Install the follow packages: git, kubectl, helm, helm-docs. See this tutorial.
  • PV support on underlying infrastructure

Chart Details

This chart will do the following:

  • Rollout victoria metrics gateway

How to install

Access a Kubernetes cluster.

Setup chart repository (can be omitted for OCI repositories)

Add a chart helm repository with follow commands:

helm repo add vm https://victoriametrics.github.io/helm-charts/

helm repo update

List versions of vm/victoria-metrics-gateway chart available to installation:

helm search repo vm/victoria-metrics-gateway -l

Install victoria-metrics-gateway chart

Export default values of victoria-metrics-gateway chart to file values.yaml:

  • For HTTPS repository

    helm show values vm/victoria-metrics-gateway > values.yaml
    
  • For OCI repository

    helm show values oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-gateway > values.yaml
    

Change the values according to the need of the environment in values.yaml file.

Test the installation with command:

  • For HTTPS repository

    helm install vmg vm/victoria-metrics-gateway -f values.yaml -n NAMESPACE --debug --dry-run
    
  • For OCI repository

    helm install vmg oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-gateway -f values.yaml -n NAMESPACE --debug --dry-run
    

Install chart with command:

  • For HTTPS repository

    helm install vmg vm/victoria-metrics-gateway -f values.yaml -n NAMESPACE
    
  • For OCI repository

    helm install vmg oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-gateway -f values.yaml -n NAMESPACE
    

Get the pods lists by running this commands:

kubectl get pods -A | grep 'vmg'

Get the application by running this command:

helm list -f vmg -n NAMESPACE

See the history of versions of vmg application with command.

helm history vmg -n NAMESPACE

How to use JWT signature verification

Kubernetes best-practice is to store sensitive configuration parts in secrets. For example, 2 keys will be stored as:

apiVersion: v1
data:
  key: "<<KEY_DATA>>"
kind: Secret
metadata:
  name: key1
---
apiVersion: v1
data:
  key: "<<KEY_DATA>>"
kind: Secret
metadata:
  name: key2

In order to use those secrets it is needed to:

  • mount secrets into pod
  • provide flag pointing to secret on disk

Here is an example values.yml file configuration to achieve this:

auth:
  enable: true

extraVolumes:
  - name: key1
    secret:
      secretName: key1
  - name: key2
    secret:
      secretName: key2

extraVolumeMounts:
  - name: key1
    mountPath: /key1
  - name: key2
    mountPath: /key2

extraArgs:
  envflag.enable: "true"
  envflag.prefix: VM_
  loggerFormat: json
  auth.publicKeyFiles: "/key1/key,/key2/key"

Note that in this configuration all secret keys will be mounted and accessible to pod. Please, refer to this doc to see all available secret source options.

How to uninstall

Remove application with command.

helm uninstall vmg -n NAMESPACE

Documentation of Helm Chart

Install helm-docs following the instructions on this tutorial.

Generate docs with helm-docs command.

cd charts/victoria-metrics-gateway

helm-docs

The markdown generation is entirely go template driven. The tool parses metadata from charts and generates a number of sub-templates that can be referenced in a template file (by default README.md.gotmpl). If no template file is provided, the tool has a default internal template that will generate a reasonably formatted README.

Parameters

The following tables lists the configurable parameters of the chart and their default values.

Change the values according to the need of the environment in victoria-metrics-gateway/values.yaml file.

Key Type Default Description
affinity object
{}

Affinity configurations

annotations object
{}

Annotations to be added to the deployment

auth object
enabled: false

Access Control configuration. https://docs.victoriametrics.com/vmgateway#access-control

auth.enabled bool
false

Enable/Disable access-control

clusterMode bool
false

Specify to True if the source for rate-limiting, reading and writing as a VictoriaMetrics Cluster. Must be true for rate limiting

configMap string
""

Use existing configmap if specified otherwise .config values will be used. Ref: https://docs.victoriametrics.com/vmgateway

containerWorkingDir string
/
env list
[]

Additional environment variables (ex.: secret tokens, flags) https://github.com/VictoriaMetrics/VictoriaMetrics#environment-variables

envFrom list
[]
extraArgs."envflag.enable" string
"true"
extraArgs."envflag.prefix" string
VM_
extraArgs.loggerFormat string
json
extraContainers list
[]
extraHostPathMounts list
[]

Additional hostPath mounts

extraVolumeMounts list
[]

Extra Volume Mounts for the container

extraVolumes list
[]

Extra Volumes for the pod

fullnameOverride string
""
global.compatibility.openshift.adaptSecurityContext string
auto
global.image.registry string
""
global.imagePullSecrets list
[]
image.pullPolicy string
IfNotPresent

Pull policy of Docker image

image.registry string
""

Victoria Metrics gateway Docker registry

image.repository string
victoriametrics/vmgateway

Victoria Metrics gateway Docker repository and image name

image.tag string
""

Tag of Docker image override Chart.AppVersion

image.variant string
""
imagePullSecrets list
[]
ingress.annotations object
{}
ingress.enabled bool
false
ingress.extraLabels object
{}
ingress.hosts list
[]
ingress.pathType string
Prefix

pathType is only for k8s >= 1.1=

ingress.tls list
[]
license object
key: ""
secret:
    key: ""
    name: ""

Enterprise license key configuration for VictoriaMetrics enterprise. Required only for VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise, for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/ Supported starting from VictoriaMetrics v1.94.0

license.key string
""

License key

license.secret object
key: ""
name: ""

Use existing secret with license key

license.secret.key string
""

Key in secret with license key

license.secret.name string
""

Existing secret name

nameOverride string
""
nodeSelector object
{}

NodeSelector configurations. Ref: https://kubernetes.io/docs/user-guide/node-selection/

podAnnotations object
{}

Annotations to be added to pod

podDisruptionBudget object
enabled: false
labels: {}

See kubectl explain poddisruptionbudget.spec for more. Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/

podSecurityContext.enabled bool
true
probe.liveness object
initialDelaySeconds: 5
periodSeconds: 15
tcpSocket: {}
timeoutSeconds: 5

liveness probe

probe.readiness object
httpGet: {}
initialDelaySeconds: 5
periodSeconds: 15

readiness probe

probe.startup object
{}

startup probe

rateLimiter object
config: {}
datasource:
    url: ""
enabled: false

Rate limiter configuration. Docs https://docs.victoriametrics.com/vmgateway#rate-limiter

rateLimiter.datasource.url string
""

Datasource VictoriaMetrics or vmselects. Required. Example http://victoroametrics:8428 or http://vmselect:8481/select/0/prometheus

rateLimiter.enabled bool
false

Enable/Disable rate-limiting

read.url string
""

Read endpoint without suffixes, victoriametrics or vmselect. Example http://victoroametrics:8428 or http://vmselect:8481

replicaCount int
1

Number of replicas of vmgateway

resources object
{}

We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after resources:.

securityContext object
enabled: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000

Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

service.annotations object
{}
service.clusterIP string
""
service.enabled bool
true
service.externalIPs list
[]
service.extraLabels object
{}
service.ipFamilies list
[]
service.ipFamilyPolicy string
""
service.loadBalancerIP string
""
service.loadBalancerSourceRanges list
[]
service.servicePort int
8431
service.type string
ClusterIP
serviceAccount.annotations object
{}

Annotations to add to the service account

serviceAccount.create bool
true

Specifies whether a service account should be created

serviceAccount.name string
null

The name of the service account to use. If not set and create is true, a name is generated using the fullname template

serviceMonitor.annotations object
{}

Service Monitor annotations

serviceMonitor.basicAuth object
{}

Basic auth params for Service Monitor

serviceMonitor.enabled bool
false

Enable deployment of Service Monitor for server component. This is Prometheus operator object

serviceMonitor.extraLabels object
{}

Service Monitor labels

serviceMonitor.metricRelabelings list
[]

Service Monitor metricRelabelings

serviceMonitor.relabelings list
[]

Service Monitor relabelings

tolerations list
[]

Tolerations configurations. Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

write.url string
""

Write endpoint without suffixes, victoriametrics or vminsert. Example http://victoroametrics:8428 or http://vminsert:8480