Secrets is a list of Secrets in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>
[]string
false
configMaps
ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
[]string
false
templates
Templates is a list of ConfigMap key references for ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Templates are mounted into /etc/vm/templates/<configmap-name>/<configmap-key>.
ConfigRawYaml - raw configuration for alertmanager, it helps it to start without secret. priority -> hardcoded ConfigRaw -> ConfigRaw, provided by user -> ConfigSecret.
string
false
configSecret
ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAlertmanager object, which contains configuration for this VMAlertmanager, configuration must be inside secret key: alertmanager.yaml. It must be created by user. instance. Defaults to 'vmalertmanager-<alertmanager-name>' The secret is mounted into /etc/alertmanager/config.
string
false
logLevel
Log level for VMAlertmanager to be configured with.
string
false
logFormat
LogFormat for VMAlertmanager to be configured with.
string
false
minReadySeconds
MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
int32
false
replicaCount
ReplicaCount Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected
*int32
false
revisionHistoryLimitCount
The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
*int32
false
retention
Retention Time duration VMAlertmanager shall retain data for. Default is '120h', and must match the regular expression [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
string
false
storage
Storage is the definition of how storage will be used by the VMAlertmanager instances.
Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects.
ExternalURL the VMAlertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if VMAlertmanager is not served from root of a DNS name.
string
false
routePrefix
RoutePrefix VMAlertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy.
string
false
paused
Paused If set to true all actions on the underlaying managed objects are not goint to be performed, except for delete actions.
bool
false
nodeSelector
NodeSelector Define which Nodes the Pods are scheduled on.
ListenLocal makes the VMAlertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the VMAlertmanager UI, not the gossip communication.
bool
false
containers
Containers allows injecting additional containers or patching existing containers. This is meant to allow adding an authentication proxy to an VMAlertmanager pod.
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.
[]string
false
clusterAdvertiseAddress
ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918
string
false
portName
PortName used for the pods and governing service. This defaults to web
string
false
serviceSpec
ServiceSpec that will be added to vmalertmanager service spec
SelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector. with selectAllByDefault: true and undefined ConfigSelector and ConfigNamespaceSelector Operator selects all exist alertManagerConfigs with selectAllByDefault: false - selects nothing
bool
false
configSelector
ConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
\n ConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig.\nWorks in combination with Selector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
DisableNamespaceMatcher disables namespace label matcher for VMAlertmanagerConfig It may be useful if alert doesn't have namespace label for some reason
bool
false
disableRouteContinueEnforce
DisableRouteContinueEnforce cancel the behavior for VMAlertmanagerConfig that always enforce first-level route continue to true
bool
false
rollingUpdateStrategy
RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate
UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
Optional field that can be used to specify which domain alert is related to.
string
false
actions
Comma separated list of actions that will be available for the alert.
string
false
update_alerts
Whether to update message and description of the alert in OpsGenie if it already exists By default, the alert is never updated in OpsGenie, the new message only appears in activity log.
SendResolved controls notify about resolved alerts.
*bool
false
routing_key
The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or serviceKey needs to be defined. It must be at them same namespace as CRD
The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or routingKey needs to be defined. It must be at them same namespace as CRD
Continue indicating whether an alert should continue matching subsequent sibling nodes. It will always be true for the first-level route if disableRouteContinueEnforce for vmalertmanager not set.
AWS region, if blank the region from the default credentials chain is used
string
false
access_key
The AWS API keys. Both access_key and secret_key must be supplied or both must be blank. If blank the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are used.
string
false
access_key_selector
secret key selector to get the keys from a Kubernetes Secret
Weekdays defines list of days of the week, where the week begins on Sunday and ends on Saturday.
[]string
false
days_of_month
DayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted. for example, ['1:5', '-3:-1']
[]string
false
months
Months defines list of calendar months identified by a case-insentive name (e.g. ‘January’) or numeric 1. For example, ['1:3', 'may:august', 'december']
[]string
false
years
Years defines numerical list of years, ranges are accepted. For example, ['2020:2022', '2030']
ParsingError contents error with context if operator was failed to parse json object from kubernetes api server TimeIntervals modern config option, use it instead of mute_time_intervals
SendResolved controls notify about resolved alerts.
*bool
false
api_secret
The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
VMAgent - is a tiny but brave agent, which helps you collect metrics from various sources and stores them in VictoriaMetrics or any other Prometheus-compatible storage system that supports the remote_write protocol.
Timeout for sending a single block of data to -remoteWrite.url (default 1m0s)
*string
false
headers
Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName: headerValue vmagent supports since 1.79.0 version
[]string
false
streamAggrConfig
StreamAggrConfig defines stream aggregation configuration for VMAgent for -remoteWrite.url
Secrets is a list of Secrets in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/secrets
[]string
false
configMaps
ConfigMaps is a list of ConfigMaps in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/configs
[]string
false
logLevel
LogLevel for VMAgent to be configured with. INFO, WARN, ERROR, FATAL, PANIC
string
false
logFormat
LogFormat for VMAgent to be configured with.
string
false
minReadySeconds
MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
int32
false
replicaCount
ReplicaCount is the expected size of the VMAgent cluster. The controller will eventually make the size of the running cluster equal to the expected size. NOTE enable VMSingle deduplication for replica usage
*int32
false
revisionHistoryLimitCount
The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
*int32
false
volumes
Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
VolumeMounts allows configuration of additional VolumeMounts on the output deploy definition. VolumeMounts specified will be appended to other VolumeMounts in the vmagent container, that are generated as a result of StorageSpec objects.
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmagent configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
ScrapeInterval defines how often scrape targets by default
string
false
scrapeTimeout
ScrapeTimeout defines global timeout for targets scrape
string
false
aPIServerConfig
APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, VMAgent is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceScrape or PodScrape to true, this overrides honor_labels to false.
bool
false
overrideHonorTimestamps
OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.
bool
false
ignoreNamespaceSelectors
IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podscrape and vmservicescrape configs, and they will only discover endpoints within their current namespace. Defaults to false.
bool
false
enforcedNamespaceLabel
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.
string
false
vmAgentExternalLabelName
VMAgentExternalLabelName Name of vmAgent external label used to denote vmAgent instance name. Defaults to the value of prometheus. External label will not be added when value is set to empty string (\"\").
*string
false
externalLabels
ExternalLabels The labels to add to any time series scraped by vmagent. it doesn't affect metrics ingested directly by push API's
RelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig This relabeling is applied to all the collected metrics before sending them to remote storage.
*v1.ConfigMapKeySelector
false
inlineRelabelConfig
InlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD.
SelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector. with selectAllByDefault: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing
bool
false
serviceScrapeSelector
ServiceScrapeSelector defines ServiceScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
ServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
PodScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
PodScrapeNamespaceSelector defines Namespaces to be selected for VMPodScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
ProbeSelector defines VMProbe to be selected for target probing. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
ProbeNamespaceSelector defines Namespaces to be selected for VMProbe discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
NodeScrapeSelector defines VMNodeScrape to be selected for scraping. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
NodeScrapeNamespaceSelector defines Namespaces to be selected for VMNodeScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
StaticScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. If both nil - match everything. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces.
StaticScrapeNamespaceSelector defines Namespaces to be selected for VMStaticScrape discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
ScrapeConfigNamespaceSelector defines Namespaces to be selected for VMScrapeConfig discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
InlineScrapeConfig As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. it should be defined as single yaml file. inlineScrapeConfig: |\n - job_name: "prometheus"\n static_configs:\n - targets: ["localhost:9090"]
string
false
additionalScrapeConfigs
AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade.
ArbitraryFSAccessThroughSMs configures whether configuration based on a service scrape can access arbitrary files on the file system of the VMAgent container e.g. bearer token files.
MinScrapeInterval allows limiting minimal scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is lower than defined limit, minScrapeInterval will be used.
*string
false
maxScrapeInterval
MaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is higher than defined limit, maxScrapeInterval will be used.
*string
false
terminationGracePeriodSeconds
TerminationGracePeriodSeconds period for container graceful termination
*int64
false
dnsConfig
Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.
*v1.PodDNSConfig
false
statefulMode
StatefulMode enables StatefulSet for VMAgent instead of Deployment it allows using persistent storage for vmagent's persistentQueue
bool
false
statefulStorage
StatefulStorage configures storage for StatefulSet
UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
*bool
false
ingestOnlyMode
IngestOnlyMode switches vmagent into unmanaged mode it disables any config generation for scraping Currently it prevents vmagent from managing tls and auth options for remote write
bool
false
license
License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html
ServiceSpec defines additional service for CRD with user-defined params. by default, some of fields can be inherited from default service definition for the CRD: labels,selector, ports. if metadata.name is not defined, service will have format {{CRD_TYPE}}-{{CRD_NAME}}-additional-service. if UseAsDefault is set to true, changes applied to the main service without additional service creation
Field
Description
Scheme
Required
useAsDefault
UseAsDefault applies changes from given service definition to the main object Service Changing from headless service to clusterIP or loadbalancer may break cross-component communication
bool
false
metadata
EmbeddedObjectMetadata defines objectMeta for additional service.
EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included.
Field
Description
Scheme
Required
name
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
*intstr.IntOrString
false
maxUnavailable
An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
*intstr.IntOrString
false
selectorLabels
replaces default labels selector generated by operator it's useful when you need to create custom budget
EmbeddedProbes - it allows to override some probe params. its not necessary to specify all options, operator will replace missing spec with default values.
Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
StorageSpec defines the configured storage for a group Prometheus servers. If neither emptyDir nor volumeClaimTemplate is specified, then by default an EmptyDir will be used.
Field
Description
Scheme
Required
disableMountSubPath
Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.
StreamAggrRule defines the rule in stream aggregation config
Field
Description
Scheme
Required
match
Match is a label selector (or list of label selectors) for filtering time series for the given selector.\n\nIf the match isn't set, then all the input time series are processed.
StringOrArray
false
interval
Interval is the interval between aggregations.
string
true
no_align_flush_to_interval
NoAlighFlushToInterval disables aligning of flushes to multiples of Interval. By default flushes are aligned to Interval.
*bool
false
flush_on_shutdown
FlushOnShutdown defines whether to flush the aggregation state on process termination or config reload. Is false by default. It is not recommended changing this setting, unless unfinished aggregations states are preferred to missing data points.
bool
false
dedup_interval
DedupInterval is an optional interval for deduplication.
string
false
staleness_interval
Staleness interval is interval after which the series state will be reset if no samples have been sent during it. The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.
string
false
outputs
Outputs is a list of output aggregate functions to produce.\n\nThe following names are allowed:\n\n- total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series - count_samples - counts the input samples - sum_samples - sums the input samples - last - the last biggest sample value - min - the minimum sample value - max - the maximum sample value - avg - the average value across all the samples - stddev - standard deviation across all the samples - stdvar - standard variance across all the samples - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1]\n\nThe output time series will have the following names:\n\n input_name:aggr_<interval>_<output>
[]string
true
keep_metric_names
KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.
*bool
false
ignore_old_samples
IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
*bool
false
by
By is an optional list of labels for grouping input series.\n\nSee also Without.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series.
[]string
false
without
Without is an optional list of labels, which must be excluded when grouping input series.\n\nSee also By.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series.
[]string
false
drop_input_labels
DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.\n\nLabels are dropped before de-duplication and aggregation.
*[]string
false
input_relabel_configs
InputRelabelConfigs is an optional relabeling rules, which are applied on the input before aggregation.
Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
Selector allows service discovery for alertmanager in this case all matched vmalertmanager replicas will be added into vmalert notifier.url as statefulset pod.fqdn
Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
VMAlertRemoteReadSpec defines the remote storage configuration for VmAlert to read alerts from
Field
Description
Scheme
Required
url
URL of the endpoint to send samples to.
string
true
lookback
Lookback defines how far to look into past for alerts timeseries. For example, if lookback=1h then range from now() to now()-1h will be scanned. (default 1h0m0s) Applied only to RemoteReadSpec
Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
Secrets is a list of Secrets in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.
[]string
false
configMaps
ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
[]string
false
logFormat
LogFormat for VMAlert to be configured with. default or json
string
false
logLevel
LogLevel for VMAlert to be configured with.
string
false
minReadySeconds
MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
int32
false
replicaCount
ReplicaCount is the expected size of the VMAlert cluster. The controller will eventually make the size of the running cluster equal to the expected size.
*int32
false
revisionHistoryLimitCount
The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
*int32
false
volumes
Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAlert container, that are generated as a result of StorageSpec objects.
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
EvaluationInterval defines how often to evaluate rules by default
string
false
enforcedNamespaceLabel
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.
string
false
selectAllByDefault
SelectAllByDefault changes default behavior for empty CRD selectors, such RuleSelector. with selectAllByDefault: true and empty serviceScrapeSelector and RuleNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing
bool
false
ruleSelector
RuleSelector selector to select which VMRules to mount for loading alerting rules from. Works in combination with NamespaceSelector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace.
RuleNamespaceSelector to be selected for VMRules discovery. Works in combination with Selector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace.
Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier
Notifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier
NotifierConfigRef reference for secret with notifier configuration for vmalert only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier
RemoteWrite Optional URL to remote-write compatible storage to persist vmalert state and rule results to. Rule results will be persisted according to each rule. Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE see -remoteWrite.url docs in vmalerts for details. E.g. http://127.0.0.1:8428
RemoteRead Optional URL to read vmalert state (persisted via RemoteWrite) This configuration only makes sense if alerts state has been successfully persisted (via RemoteWrite) before. see -remoteRead.url docs in vmalerts for details. E.g. http://127.0.0.1:8428
RulePath to the file with alert rules. Supports patterns. Flag can be specified multiple times. Examples: -rule /path/to/file. Path to a single file with alerting rules -rule dir/.yaml -rule /.yaml. Relative path to all .yaml files in folder, absolute path to all .yaml files in root. by default operator adds /etc/vmalert/configs/base/vmalert.yaml
[]string
false
datasource
Datasource Victoria Metrics or VMSelect url. Required parameter. e.g. http://127.0.0.1:8428
NodeSelector Define which Nodes the Pods are scheduled on.
map[string]string
false
terminationGracePeriodSeconds
TerminationGracePeriodSeconds period for container graceful termination
*int64
false
dnsConfig
Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.
*v1.PodDNSConfig
false
readinessGates
ReadinessGates defines pod readiness gates
[]v1.PodReadinessGate
false
useStrictSecurity
UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
*bool
false
license
License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html
Secrets is a list of Secrets in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods.
[]string
false
configMaps
ConfigMaps is a list of ConfigMaps in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods.
[]string
false
logLevel
LogLevel for victoria metrics single to be configured with.
string
false
logFormat
LogFormat for VMSingle to be configured with.
string
false
replicaCount
ReplicaCount is the expected size of the VMSingle it can be 0 or 1 if you need more - use vm cluster
*int32
false
revisionHistoryLimitCount
The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
*int32
false
storageDataPath
StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath, its users responsibility to mount proper device into given path.
string
false
storage
Storage is the definition of how storage will be used by the VMSingle by default it`s empty dir
Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSingle container, that are generated as a result of StorageSpec objects.
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
RemovePvcAfterDelete - if true, controller adds ownership to pvc and after VMSingle objest deletion - pvc will be garbage collected by controller manager
bool
false
retentionPeriod
RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention
License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html
UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
*bool
false
paused
Paused If set to true all actions on the underlaying managed objects are not going to be performed, except for delete actions.
Record represents a query, that will be recorded to dataSource
string
false
alert
Alert is a name for alert
string
false
expr
Expr is query, that will be evaluated at dataSource
string
true
debug
Debug enables logging for rule it useful for tracking
*bool
false
for
For evaluation interval in time.Duration format 30s, 1m, 1h or nanoseconds
string
false
keep_firing_for
KeepFiringFor will make alert continue firing for this long even when the alerting expression no longer has results. Use time.Duration format, 30s, 1m, 1h or nanoseconds
string
false
labels
Labels will be added to rule configuration
map[string]string
false
annotations
Annotations will be added to rule configuration
map[string]string
false
update_entries_limit
UpdateEntriesLimit defines max number of rule's state updates stored in memory. Overrides -rule.updateEntriesLimit in vmalert.
Limit the number of alerts an alerting rule and series a recording rule can produce
int
false
concurrency
Concurrency defines how many rules execute at once.
int
false
labels
Labels optional list of labels added to every rule within a group. It has priority over the external labels. Labels are commonly used for adding environment or tenant-specific tag.
Params optional HTTP URL parameters added to each rule request
url.Values
false
type
Type defines datasource type for enterprise version of vmalert possible values - prometheus,graphite
string
false
headers
Headers contains optional HTTP headers added to each rule request Must be in form header-name: value For example:\n headers:\n - "CustomHeader: foo"\n - "CustomHeader2: bar"
[]string
false
notifier_headers
NotifierHeaders contains optional HTTP headers added to each alert request which will send to notifier Must be in form header-name: value For example:\n headers:\n - "CustomHeader: foo"\n - "CustomHeader2: bar"
Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator.
UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131
[]string
false
target_label
UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131
string
false
sourceLabels
The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
[]string
false
separator
Separator placed between concatenated source label values. default is ';'.
string
false
targetLabel
Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version
VMServiceScrape is scrape configuration for endpoints associated with kubernetes service, it generates scrape configuration for vmagent based on selectors. result config will scrape service endpoints
VMServiceScrapeSpec defines the desired state of VMServiceScrape
Field
Description
Scheme
Required
discoveryRole
DiscoveryRole - defines kubernetes_sd role for objects discovery. by default, its endpoints. can be changed to service or endpointslices. note, that with service setting, you have to use port: "name" and cannot use targetPort for endpoints.
string
false
jobLabel
The label to use to retrieve the job name from.
string
false
targetLabels
TargetLabels transfers labels on the Kubernetes Service onto the target.
[]string
false
podTargetLabels
PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
[]string
false
endpoints
A list of endpoints allowed as part of this ServiceScrape.
ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service scrape selected by the vmagent instance is allowed to use arbitrary files on the file system of the vmagent container. This is the case when e.g. a service scrape specifies a BearerTokenFile in an endpoint. A malicious user could create a service scrape selecting arbitrary secret files in the vmagent container. Those secrets would then be sent with a scrape request by vmagent to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.
Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator.
AcceptEULA accepts enterprise feature usage, must be set to true. otherwise backupmanager cannot be added to single/cluster version. https://victoriametrics.com/legal/esa/
bool
true
snapshotCreateURL
SnapshotCreateURL overwrites url for snapshot create
string
false
snapshotDeleteURL
SnapShotDeleteURL overwrites url for snapshot delete
string
false
concurrency
Defines number of concurrent workers. Higher concurrency may reduce backup duration (default 10)
*int32
false
destination
Defines destination for backup
string
false
destinationDisableSuffixAdd
DestinationDisableSuffixAdd - disables suffix adding for cluster version backups each vmstorage backup must have unique backup folder so operator adds POD_NAME as suffix for backup destination folder.
bool
false
customS3Endpoint
Custom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set
*string
false
credentialsSecret
CredentialsSecret is secret in the same namespace for access to remote storage The secret is mounted into /etc/vm/creds.
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container, that are generated as a result of StorageSpec objects.
VMClusterSpec defines the desired state of VMCluster
Field
Description
Scheme
Required
retentionPeriod
RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention
string
true
replicationFactor
ReplicationFactor defines how many copies of data make among distinct storage nodes
*int32
false
serviceAccountName
ServiceAccountName is the name of the ServiceAccount to use to run the VMSelect, VMStorage and VMInsert Pods.
string
false
clusterVersion
ClusterVersion defines default images tag for all components. it can be overwritten with component specific image.tag value.
License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html
Paused If set to true all actions on the underlaying managed objects are not going to be performed, except for delete actions.
bool
false
useStrictSecurity
UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
Secrets is a list of Secrets in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.
[]string
false
configMaps
ConfigMaps is a list of ConfigMaps in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
[]string
false
logFormat
LogFormat for VMInsert to be configured with. default or json
string
false
logLevel
LogLevel for VMInsert to be configured with.
string
false
minReadySeconds
MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
int32
false
replicaCount
ReplicaCount is the expected size of the VMInsert cluster. The controller will eventually make the size of the running cluster equal to the expected size.
*int32
true
revisionHistoryLimitCount
The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
*int32
false
volumes
Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMInsert container, that are generated as a result of StorageSpec objects.
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMInsert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
Secrets is a list of Secrets in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.
[]string
false
configMaps
ConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
[]string
false
logFormat
LogFormat for VMSelect to be configured with. default or json
string
false
logLevel
LogLevel for VMSelect to be configured with.
string
false
minReadySeconds
MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
int32
false
replicaCount
ReplicaCount is the expected size of the VMSelect cluster. The controller will eventually make the size of the running cluster equal to the expected size.
*int32
true
revisionHistoryLimitCount
The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
*int32
false
volumes
Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects.
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMSelect configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
NodeSelector Define which Nodes the Pods are scheduled on.
map[string]string
false
rollingUpdateStrategy
RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate
Secrets is a list of Secrets in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.
[]string
false
configMaps
ConfigMaps is a list of ConfigMaps in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
[]string
false
logFormat
LogFormat for VMStorage to be configured with. default or json
string
false
logLevel
LogLevel for VMStorage to be configured with.
string
false
replicaCount
ReplicaCount is the expected size of the VMStorage cluster. The controller will eventually make the size of the running cluster equal to the expected size.
*int32
true
revisionHistoryLimitCount
The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
*int32
false
volumes
Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMStorage container, that are generated as a result of StorageSpec objects.
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMStorage configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
MaintenanceInsertNodeIDs - excludes given node ids from insert requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. lets say, you have pod-0, pod-1, pod-2, pod-3. to exclude pod-0 and pod-3 from insert routing, define nodeIDs: [0,3]. Useful at storage expanding, when you want to rebalance some data at cluster.
[]int32
false
maintenanceSelectNodeIDs
MaintenanceInsertNodeIDs - excludes given node ids from select requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc.
[]int32
false
nodeSelector
NodeSelector Define which Nodes the Pods are scheduled on.
map[string]string
false
rollingUpdateStrategy
RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate
VMNodeScrape defines discovery for targets placed on kubernetes nodes, usually its node-exporters and other host services. InternalIP is used as address for scraping.
TargetRef describes target for user traffic forwarding. one of target types can be chosen: crd or static per targetRef. user can define multiple targetRefs with different ref Types.
Field
Description
Scheme
Required
crd
CRD describes exist operator's CRD object, operator generates access url based on CRD params.
TargetPathSuffix allows to add some suffix to the target path It allows to hide tenant configuration from user with crd as ref. it also may contain any url encoded params.
string
false
targetRefBasicAuth
TargetRefBasicAuth allow an target endpoint to authenticate over basic authentication
DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
*bool
false
headers
Headers represent additional http headers, that vmauth uses in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.68.0 version of vmauth
[]string
false
response_headers
ResponseHeaders represent additional http headers, that vmauth adds for request response in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.93.0 version of vmauth
[]string
false
retry_status_codes
RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503]
[]int
false
max_concurrent_requests
MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth
*int
false
load_balancing_policy
LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default "least_loaded")
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
URLMapCommon contains common fields for unauthorized user and user in vmuser
Field
Description
Scheme
Required
src_query_args
SrcQueryArgs is an optional list of query args, which must match request URL query args.
[]string
false
src_headers
SrcHeaders is an optional list of headers, which must match request headers.
[]string
false
discover_backend_ips
DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
*bool
false
headers
RequestHeaders represent additional http headers, that vmauth uses in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.68.0 version of vmauth
[]string
false
response_headers
ResponseHeaders represent additional http headers, that vmauth adds for request response in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.93.0 version of vmauth
[]string
false
retry_status_codes
RetryStatusCodes defines http status codes in numeric format for request retries Can be defined per target or at VMUser.spec level e.g. [429,503]
[]int
false
load_balancing_policy
LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default "least_loaded")
DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
*bool
false
headers
Headers represent additional http headers, that vmauth uses in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.68.0 version of vmauth
[]string
false
response_headers
ResponseHeaders represent additional http headers, that vmauth adds for request response in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.93.0 version of vmauth
[]string
false
retry_status_codes
RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503]
[]int
false
max_concurrent_requests
MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth
*int
false
load_balancing_policy
LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default "least_loaded")
Secrets is a list of Secrets in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods.
[]string
false
configMaps
ConfigMaps is a list of ConfigMaps in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods.
[]string
false
logLevel
LogLevel for victoria metrics single to be configured with.
string
false
logFormat
LogFormat for VMAuth to be configured with.
string
false
minReadySeconds
MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
int32
false
replicaCount
ReplicaCount is the expected size of the VMAuth
*int32
false
revisionHistoryLimitCount
The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
*int32
false
volumes
Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAuth container, that are generated as a result of StorageSpec objects.
InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
SelectAllByDefault changes default behavior for empty CRD selectors, such userSelector. with selectAllByDefault: true and empty userSelector and userNamespaceSelector Operator selects all exist users with selectAllByDefault: false - selects nothing
bool
false
userSelector
UserSelector defines VMUser to be selected for config file generation. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAuth namespace. If both nil - behaviour controlled by selectAllByDefault
UserNamespaceSelector Namespaces to be selected for VMAuth discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAuth namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault
DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
*bool
false
headers
Headers represent additional http headers, that vmauth uses in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.68.0 version of vmauth
[]string
false
response_headers
ResponseHeaders represent additional http headers, that vmauth adds for request response in form of ["header_key: header_value"] multiple values for header key: ["header_key: value1,value2"] it's available since 1.93.0 version of vmauth
[]string
false
retry_status_codes
RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503]
[]int
false
max_concurrent_requests
MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth
*int
false
load_balancing_policy
LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default "least_loaded")
UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
*bool
false
license
License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html
ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAuth object, which contains auth configuration for vmauth, configuration must be inside secret key: config.yaml. It must be created and managed manually. If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders
string
false
paused
Paused If set to true all actions on the underlaying managed objects are not going to be performed, except for delete actions.
Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator.
VMProbe defines a probe for targets, that will be executed with prober, like blackbox exporter. It helps to monitor reachability of target with various checks.
Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used.
string
false
scrape_interval
ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used
string
false
scrapeTimeout
Timeout for scraping metrics from the Prometheus exporter.
string
false
params
Optional HTTP URL parameters
map[string][]string
false
follow_redirects
FollowRedirects controls redirects for scraping.
*bool
false
sampleLimit
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
uint64
false
seriesLimit
SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.
uint64
false
bearerTokenFile
File to read bearer token for scraping targets.
string
false
bearerTokenSecret
Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator.
DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. The DNS servers to be contacted are read from /etc/resolv.conf. See https://docs.victoriametrics.com/sd_configs/#dns_sd_configs
Field
Description
Scheme
Required
names
A list of DNS domain names to be queried.
[]string
true
type
*string
true
port
The port number used if the query type is not SRV Ignored for SRV records
EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets See https://docs.victoriametrics.com/sd_configs/#ec2_sd_configs
The API server address consisting of a hostname or IP address followed by an optional port number. If left empty, assuming process is running inside of the cluster. It will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
*string
false
role
Role of the Kubernetes entities that should be discovered.
string
true
basicAuth
BasicAuth information to use on every scrape request.
The OpenStack role of entities that should be discovered.
string
true
region
The OpenStack Region.
string
true
identityEndpoint
IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version.
*string
false
username
Username is required if using Identity V2 API. Consult with your provider's control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed
*string
false
userid
UserID
*string
false
password
Password for the Identity V2 and V3 APIs. Consult with your provider's control panel to discover your account's preferred method of authentication.
At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional.
*string
false
domainID
DomainID
*string
false
projectName
The ProjectId and ProjectName fields are optional for the Identity V2 API. Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication.
*string
false
projectID
\n ProjectID
*string
false
applicationCredentialName
The ApplicationCredentialID or ApplicationCredentialName fields are required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password.
*string
false
applicationCredentialId
ApplicationCredentialID
*string
false
applicationCredentialSecret
The applicationCredentialSecret field is required if using an application credential to authenticate.
Whether the service discovery should list all instances for all projects. It is only relevant for the 'instance' role and usually requires admin permissions.
*bool
false
port
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.