From 99fbc984d2c221e5bf24f26a96eabb208af8218e Mon Sep 17 00:00:00 2001 From: ReharmonizedSadegh <35043373+mohammadkhavari@users.noreply.github.com> Date: Wed, 17 Apr 2024 04:19:35 +0330 Subject: [PATCH] Add backend authentication for targetRefs on vmusers by secret adapt vmauth config generation (#714) backend basic authentication support on vmuser to add them as header on vmauth configuration it will satisfy the basicauth authorization for bellow issue https://github.com/VictoriaMetrics/operator/issues/669 * add docs * add test --- api/v1beta1/vmuser_types.go | 15 + api/v1beta1/zz_generated.deepcopy.go | 22 + .../operator.victoriametrics.com_vmusers.yaml | 56 + controllers/factory/vmauth/vmusers_config.go | 26 + .../factory/vmauth/vmusers_config_test.go | 107 +- docs/api.md | 3168 ++++++++--------- 6 files changed, 1802 insertions(+), 1592 deletions(-) diff --git a/api/v1beta1/vmuser_types.go b/api/v1beta1/vmuser_types.go index 1eeefd7b..ddd68075 100644 --- a/api/v1beta1/vmuser_types.go +++ b/api/v1beta1/vmuser_types.go @@ -150,6 +150,9 @@ type TargetRef struct { // See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. // +optional DropSrcPathPrefixParts *int `json:"drop_src_path_prefix_parts,omitempty"` + // TargetRefBasicAuth allow an target endpoint to authenticate over basic authentication + // +optional + TargetRefBasicAuth *TargetRefBasicAuth `json:"targetRefBasicAuth,omitempty"` } // VMUserIPFilters defines filters for IP addresses @@ -191,6 +194,18 @@ type StaticRef struct { URLs []string `json:"urls,omitempty"` } +// TargetRefBasicAuth target basic authentication +type TargetRefBasicAuth struct { + // The secret in the service scrape namespace that contains the username + // for authentication. + // It must be at them same namespace as CRD + Username v1.SecretKeySelector `json:"username"` + // The secret in the service scrape namespace that contains the password + // for authentication. + // It must be at them same namespace as CRD + Password v1.SecretKeySelector `json:"password"` +} + // VMUserStatus defines the observed state of VMUser type VMUserStatus struct{} diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 206fc0c5..e009a041 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -2741,6 +2741,11 @@ func (in *TargetRef) DeepCopyInto(out *TargetRef) { *out = new(int) **out = **in } + if in.TargetRefBasicAuth != nil { + in, out := &in.TargetRefBasicAuth, &out.TargetRefBasicAuth + *out = new(TargetRefBasicAuth) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetRef. @@ -2753,6 +2758,23 @@ func (in *TargetRef) DeepCopy() *TargetRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TargetRefBasicAuth) DeepCopyInto(out *TargetRefBasicAuth) { + *out = *in + in.Username.DeepCopyInto(&out.Username) + in.Password.DeepCopyInto(&out.Password) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetRefBasicAuth. +func (in *TargetRefBasicAuth) DeepCopy() *TargetRefBasicAuth { + if in == nil { + return nil + } + out := new(TargetRefBasicAuth) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TelegramConfig) DeepCopyInto(out *TelegramConfig) { *out = *in diff --git a/config/crd/bases/operator.victoriametrics.com_vmusers.yaml b/config/crd/bases/operator.victoriametrics.com_vmusers.yaml index c6a1bbf5..1516be68 100644 --- a/config/crd/bases/operator.victoriametrics.com_vmusers.yaml +++ b/config/crd/bases/operator.victoriametrics.com_vmusers.yaml @@ -256,6 +256,62 @@ spec: It allows to hide tenant configuration from user with crd as ref. it also may contain any url encoded params. type: string + targetRefBasicAuth: + description: TargetRefBasicAuth allow an target endpoint to + authenticate over basic authentication + properties: + password: + description: |- + The secret in the service scrape namespace that contains the password + for authentication. + It must be at them same namespace as CRD + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service scrape namespace that contains the username + for authentication. + It must be at them same namespace as CRD + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object type: object type: array tls_insecure_skip_verify: diff --git a/controllers/factory/vmauth/vmusers_config.go b/controllers/factory/vmauth/vmusers_config.go index c0581bc2..fc58e12b 100644 --- a/controllers/factory/vmauth/vmusers_config.go +++ b/controllers/factory/vmauth/vmusers_config.go @@ -3,6 +3,7 @@ package vmauth import ( "context" "crypto/rand" + "encoding/base64" "fmt" "math/big" "net/url" @@ -61,6 +62,12 @@ func buildVMAuthConfig(ctx context.Context, rclient client.Client, vmauth *victo toUpdate := injectAuthSettings(existSecrets, users) logger.WithContext(ctx).Info("VMAuth reconcile stats", "VMAuth", vmauth.Name, "toUpdate", len(toUpdate), "tocreate", len(toCreateSecrets), "exist", len(existSecrets)) + // inject backend authentication header. + err = injectBackendAuthHeader(ctx, rclient, users) + if err != nil { + return nil, err + } + // generate yaml config for vmauth. cfg, err := generateVMAuthConfig(vmauth, users, crdCache) if err != nil { @@ -135,6 +142,25 @@ func injectSecretValueByRef(src []*victoriametricsv1beta1.VMUser, secretValueCac } } +func injectBackendAuthHeader(ctx context.Context, rclient client.Client, users []*victoriametricsv1beta1.VMUser) error { + for i := range users { + user := users[i] + for j := range user.Spec.TargetRefs { + ref := &user.Spec.TargetRefs[j] + if ref.TargetRefBasicAuth != nil { + bac, err := loadBasicAuthSecret(ctx, rclient, user.Namespace, &victoriametricsv1beta1.BasicAuth{Username: ref.TargetRefBasicAuth.Username, Password: ref.TargetRefBasicAuth.Password}) + if err != nil { + return fmt.Errorf("could not load basicAuth config. %w", err) + } + token := bac.username + ":" + bac.password + token64 := base64.StdEncoding.EncodeToString([]byte(token)) + Header := "Authorization: Basic " + token64 + ref.Headers = append(ref.Headers, Header) + } + } + } + return nil +} func injectAuthSettings(src []corev1.Secret, dst []*victoriametricsv1beta1.VMUser) []corev1.Secret { var toUpdate []corev1.Secret if len(src) == 0 || len(dst) == 0 { diff --git a/controllers/factory/vmauth/vmusers_config_test.go b/controllers/factory/vmauth/vmusers_config_test.go index 7a6ca020..09010fb3 100644 --- a/controllers/factory/vmauth/vmusers_config_test.go +++ b/controllers/factory/vmauth/vmusers_config_test.go @@ -660,7 +660,112 @@ func Test_buildVMAuthConfig(t *testing.T) { bearer_token: bearer-token-2 `, }, - + { + name: "with targetRef basicauth secret refs and headers", + args: args{ + vmauth: &v1beta1.VMAuth{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-vmauth", + Namespace: "default", + }, + Spec: v1beta1.VMAuthSpec{SelectAllByDefault: true}, + }, + }, + predefinedObjects: []runtime.Object{ + &v1beta1.VMUser{ + ObjectMeta: metav1.ObjectMeta{ + Name: "user-1", + Namespace: "default", + }, + Spec: v1beta1.VMUserSpec{ + Name: pointer.String("user-1"), + UserName: pointer.String("some-user"), + PasswordRef: &v1.SecretKeySelector{ + Key: "password", + LocalObjectReference: v1.LocalObjectReference{ + Name: "generated-secret", + }, + }, + TargetRefs: []v1beta1.TargetRef{ + { + Static: &v1beta1.StaticRef{URL: "http://some-static"}, + Paths: []string{"/"}, + Headers: []string{"baz: bar"}, + TargetRefBasicAuth: &v1beta1.TargetRefBasicAuth{ + Username: v1.SecretKeySelector{ + Key: "username", + LocalObjectReference: v1.LocalObjectReference{ + Name: "backend-auth-secret", + }, + }, + Password: v1.SecretKeySelector{ + Key: "password", + LocalObjectReference: v1.LocalObjectReference{ + Name: "backend-auth-secret", + }, + }, + }, + }, + }, + }, + }, + &v1beta1.VMUser{ + ObjectMeta: metav1.ObjectMeta{ + Name: "user-15", + Namespace: "monitoring", + }, + Spec: v1beta1.VMUserSpec{ + Name: pointer.String("user-15"), + BearerToken: pointer.String("bearer-token-10"), + TargetRefs: []v1beta1.TargetRef{ + { + Static: nil, + CRD: &v1beta1.CRDRef{ + Kind: "VMAgent", + Name: "test", + Namespace: "default", + }, + Paths: []string{"/"}, + }, + }, + }, + }, + &v1beta1.VMAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "default", + }, + }, + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "generated-secret", + Namespace: "default", + }, + Data: map[string][]byte{"password": []byte(`generated-password`), "token": []byte(`some-bearer-token`)}, + }, + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "backend-auth-secret", + Namespace: "default", + }, + Data: map[string][]byte{"password": []byte(`pass`), "username": []byte(`user`)}, + }, + }, + want: `users: +- url_prefix: + - http://some-static + headers: + - 'baz: bar' + - 'Authorization: Basic dXNlcjpwYXNz' + name: user-1 + username: some-user + password: generated-password +- url_prefix: + - http://vmagent-test.default.svc:8429 + name: user-15 + bearer_token: bearer-token-10 +`, + }, { name: "with secret refs", args: args{ diff --git a/docs/api.md b/docs/api.md index 6116f814..47dd35aa 100644 --- a/docs/api.md +++ b/docs/api.md @@ -19,148 +19,150 @@ This Document documents the types introduced by the VictoriaMetrics to be consum > Note this document is generated from code comments. When contributing a change to this document please do so by changing the code comments. ## Table of Contents -* [VMAlertmanager](#vmalertmanager) -* [VMAlertmanagerList](#vmalertmanagerlist) -* [VMAlertmanagerSpec](#vmalertmanagerspec) -* [VMAlertmanagerStatus](#vmalertmanagerstatus) -* [DiscordConfig](#discordconfig) -* [EmailConfig](#emailconfig) -* [HTTPConfig](#httpconfig) -* [ImageConfig](#imageconfig) -* [InhibitRule](#inhibitrule) -* [LinkConfig](#linkconfig) -* [MSTeamsConfig](#msteamsconfig) -* [MuteTimeInterval](#mutetimeinterval) -* [OpsGenieConfig](#opsgenieconfig) -* [OpsGenieConfigResponder](#opsgenieconfigresponder) -* [PagerDutyConfig](#pagerdutyconfig) -* [PushoverConfig](#pushoverconfig) -* [Receiver](#receiver) -* [Route](#route) -* [Sigv4Config](#sigv4config) -* [SlackAction](#slackaction) -* [SlackConfig](#slackconfig) -* [SlackConfirmationField](#slackconfirmationfield) -* [SlackField](#slackfield) -* [SnsConfig](#snsconfig) -* [TelegramConfig](#telegramconfig) -* [TimeInterval](#timeinterval) -* [TimeRange](#timerange) -* [VMAlertmanagerConfig](#vmalertmanagerconfig) -* [VMAlertmanagerConfigList](#vmalertmanagerconfiglist) -* [VMAlertmanagerConfigSpec](#vmalertmanagerconfigspec) -* [VMAlertmanagerConfigStatus](#vmalertmanagerconfigstatus) -* [VictorOpsConfig](#victoropsconfig) -* [WeChatConfig](#wechatconfig) -* [WebexConfig](#webexconfig) -* [WebhookConfig](#webhookconfig) -* [VMAgent](#vmagent) -* [VMAgentList](#vmagentlist) -* [VMAgentRemoteWriteSettings](#vmagentremotewritesettings) -* [VMAgentRemoteWriteSpec](#vmagentremotewritespec) -* [VMAgentSpec](#vmagentspec) -* [VMAgentStatus](#vmagentstatus) -* [AdditionalServiceSpec](#additionalservicespec) -* [BasicAuth](#basicauth) -* [BearerAuth](#bearerauth) -* [ConfigMapKeyReference](#configmapkeyreference) -* [DiscoverySelector](#discoveryselector) -* [EmbeddedHPA](#embeddedhpa) -* [EmbeddedObjectMetadata](#embeddedobjectmetadata) -* [EmbeddedPersistentVolumeClaim](#embeddedpersistentvolumeclaim) -* [EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) -* [EmbeddedProbes](#embeddedprobes) -* [HTTPAuth](#httpauth) -* [KeyValue](#keyvalue) -* [License](#license) -* [StorageSpec](#storagespec) -* [StreamAggrConfig](#streamaggrconfig) -* [StreamAggrRule](#streamaggrrule) -* [VMAlert](#vmalert) -* [VMAlertDatasourceSpec](#vmalertdatasourcespec) -* [VMAlertList](#vmalertlist) -* [VMAlertNotifierSpec](#vmalertnotifierspec) -* [VMAlertRemoteReadSpec](#vmalertremotereadspec) -* [VMAlertRemoteWriteSpec](#vmalertremotewritespec) -* [VMAlertSpec](#vmalertspec) -* [VMAlertStatus](#vmalertstatus) -* [VMSingle](#vmsingle) -* [VMSingleList](#vmsinglelist) -* [VMSingleSpec](#vmsinglespec) -* [VMSingleStatus](#vmsinglestatus) -* [Rule](#rule) -* [RuleGroup](#rulegroup) -* [VMRule](#vmrule) -* [VMRuleList](#vmrulelist) -* [VMRuleSpec](#vmrulespec) -* [APIServerConfig](#apiserverconfig) -* [AttachMetadata](#attachmetadata) -* [Authorization](#authorization) -* [Endpoint](#endpoint) -* [NamespaceSelector](#namespaceselector) -* [OAuth2](#oauth2) -* [ProxyAuth](#proxyauth) -* [RelabelConfig](#relabelconfig) -* [SecretOrConfigMap](#secretorconfigmap) -* [TLSConfig](#tlsconfig) -* [VMScrapeParams](#vmscrapeparams) -* [VMServiceScrape](#vmservicescrape) -* [VMServiceScrapeList](#vmservicescrapelist) -* [VMServiceScrapeSpec](#vmservicescrapespec) -* [ArbitraryFSAccessThroughSMsConfig](#arbitraryfsaccessthroughsmsconfig) -* [PodMetricsEndpoint](#podmetricsendpoint) -* [VMPodScrape](#vmpodscrape) -* [VMPodScrapeList](#vmpodscrapelist) -* [VMPodScrapeSpec](#vmpodscrapespec) -* [Image](#image) -* [InsertPorts](#insertports) -* [VMBackup](#vmbackup) -* [VMCluster](#vmcluster) -* [VMClusterList](#vmclusterlist) -* [VMClusterSpec](#vmclusterspec) -* [VMClusterStatus](#vmclusterstatus) -* [VMInsert](#vminsert) -* [VMRestore](#vmrestore) -* [VMRestoreOnStartConfig](#vmrestoreonstartconfig) -* [VMSelect](#vmselect) -* [VMStorage](#vmstorage) -* [VMNodeScrape](#vmnodescrape) -* [VMNodeScrapeList](#vmnodescrapelist) -* [VMNodeScrapeSpec](#vmnodescrapespec) -* [CRDRef](#crdref) -* [StaticRef](#staticref) -* [TargetRef](#targetref) -* [VMUser](#vmuser) -* [VMUserIPFilters](#vmuseripfilters) -* [VMUserList](#vmuserlist) -* [VMUserSpec](#vmuserspec) -* [EmbeddedIngress](#embeddedingress) -* [VMAuth](#vmauth) -* [VMAuthList](#vmauthlist) -* [VMAuthSpec](#vmauthspec) -* [VMAuthStatus](#vmauthstatus) -* [VMAuthUnauthorizedPath](#vmauthunauthorizedpath) -* [TargetEndpoint](#targetendpoint) -* [VMStaticScrape](#vmstaticscrape) -* [VMStaticScrapeList](#vmstaticscrapelist) -* [VMStaticScrapeSpec](#vmstaticscrapespec) -* [ProbeTargetIngress](#probetargetingress) -* [VMProbe](#vmprobe) -* [VMProbeList](#vmprobelist) -* [VMProbeSpec](#vmprobespec) -* [VMProbeTargetStaticConfig](#vmprobetargetstaticconfig) -* [VMProbeTargets](#vmprobetargets) -* [VMProberSpec](#vmproberspec) + +- [VMAlertmanager](#vmalertmanager) +- [VMAlertmanagerList](#vmalertmanagerlist) +- [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAlertmanagerStatus](#vmalertmanagerstatus) +- [DiscordConfig](#discordconfig) +- [EmailConfig](#emailconfig) +- [HTTPConfig](#httpconfig) +- [ImageConfig](#imageconfig) +- [InhibitRule](#inhibitrule) +- [LinkConfig](#linkconfig) +- [MSTeamsConfig](#msteamsconfig) +- [MuteTimeInterval](#mutetimeinterval) +- [OpsGenieConfig](#opsgenieconfig) +- [OpsGenieConfigResponder](#opsgenieconfigresponder) +- [PagerDutyConfig](#pagerdutyconfig) +- [PushoverConfig](#pushoverconfig) +- [Receiver](#receiver) +- [Route](#route) +- [Sigv4Config](#sigv4config) +- [SlackAction](#slackaction) +- [SlackConfig](#slackconfig) +- [SlackConfirmationField](#slackconfirmationfield) +- [SlackField](#slackfield) +- [SnsConfig](#snsconfig) +- [TelegramConfig](#telegramconfig) +- [TimeInterval](#timeinterval) +- [TimeRange](#timerange) +- [VMAlertmanagerConfig](#vmalertmanagerconfig) +- [VMAlertmanagerConfigList](#vmalertmanagerconfiglist) +- [VMAlertmanagerConfigSpec](#vmalertmanagerconfigspec) +- [VMAlertmanagerConfigStatus](#vmalertmanagerconfigstatus) +- [VictorOpsConfig](#victoropsconfig) +- [WeChatConfig](#wechatconfig) +- [WebexConfig](#webexconfig) +- [WebhookConfig](#webhookconfig) +- [VMAgent](#vmagent) +- [VMAgentList](#vmagentlist) +- [VMAgentRemoteWriteSettings](#vmagentremotewritesettings) +- [VMAgentRemoteWriteSpec](#vmagentremotewritespec) +- [VMAgentSpec](#vmagentspec) +- [VMAgentStatus](#vmagentstatus) +- [AdditionalServiceSpec](#additionalservicespec) +- [BasicAuth](#basicauth) +- [BearerAuth](#bearerauth) +- [ConfigMapKeyReference](#configmapkeyreference) +- [DiscoverySelector](#discoveryselector) +- [EmbeddedHPA](#embeddedhpa) +- [EmbeddedObjectMetadata](#embeddedobjectmetadata) +- [EmbeddedPersistentVolumeClaim](#embeddedpersistentvolumeclaim) +- [EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) +- [EmbeddedProbes](#embeddedprobes) +- [HTTPAuth](#httpauth) +- [KeyValue](#keyvalue) +- [License](#license) +- [StorageSpec](#storagespec) +- [StreamAggrConfig](#streamaggrconfig) +- [StreamAggrRule](#streamaggrrule) +- [VMAlert](#vmalert) +- [VMAlertDatasourceSpec](#vmalertdatasourcespec) +- [VMAlertList](#vmalertlist) +- [VMAlertNotifierSpec](#vmalertnotifierspec) +- [VMAlertRemoteReadSpec](#vmalertremotereadspec) +- [VMAlertRemoteWriteSpec](#vmalertremotewritespec) +- [VMAlertSpec](#vmalertspec) +- [VMAlertStatus](#vmalertstatus) +- [VMSingle](#vmsingle) +- [VMSingleList](#vmsinglelist) +- [VMSingleSpec](#vmsinglespec) +- [VMSingleStatus](#vmsinglestatus) +- [Rule](#rule) +- [RuleGroup](#rulegroup) +- [VMRule](#vmrule) +- [VMRuleList](#vmrulelist) +- [VMRuleSpec](#vmrulespec) +- [APIServerConfig](#apiserverconfig) +- [AttachMetadata](#attachmetadata) +- [Authorization](#authorization) +- [Endpoint](#endpoint) +- [NamespaceSelector](#namespaceselector) +- [OAuth2](#oauth2) +- [ProxyAuth](#proxyauth) +- [RelabelConfig](#relabelconfig) +- [SecretOrConfigMap](#secretorconfigmap) +- [TLSConfig](#tlsconfig) +- [VMScrapeParams](#vmscrapeparams) +- [VMServiceScrape](#vmservicescrape) +- [VMServiceScrapeList](#vmservicescrapelist) +- [VMServiceScrapeSpec](#vmservicescrapespec) +- [ArbitraryFSAccessThroughSMsConfig](#arbitraryfsaccessthroughsmsconfig) +- [PodMetricsEndpoint](#podmetricsendpoint) +- [VMPodScrape](#vmpodscrape) +- [VMPodScrapeList](#vmpodscrapelist) +- [VMPodScrapeSpec](#vmpodscrapespec) +- [Image](#image) +- [InsertPorts](#insertports) +- [VMBackup](#vmbackup) +- [VMCluster](#vmcluster) +- [VMClusterList](#vmclusterlist) +- [VMClusterSpec](#vmclusterspec) +- [VMClusterStatus](#vmclusterstatus) +- [VMInsert](#vminsert) +- [VMRestore](#vmrestore) +- [VMRestoreOnStartConfig](#vmrestoreonstartconfig) +- [VMSelect](#vmselect) +- [VMStorage](#vmstorage) +- [VMNodeScrape](#vmnodescrape) +- [VMNodeScrapeList](#vmnodescrapelist) +- [VMNodeScrapeSpec](#vmnodescrapespec) +- [CRDRef](#crdref) +- [StaticRef](#staticref) +- [TargetRef](#targetref) +- [TargetRefBasicAuth](#targetrefbasicauth) +- [VMUser](#vmuser) +- [VMUserIPFilters](#vmuseripfilters) +- [VMUserList](#vmuserlist) +- [VMUserSpec](#vmuserspec) +- [EmbeddedIngress](#embeddedingress) +- [VMAuth](#vmauth) +- [VMAuthList](#vmauthlist) +- [VMAuthSpec](#vmauthspec) +- [VMAuthStatus](#vmauthstatus) +- [VMAuthUnauthorizedPath](#vmauthunauthorizedpath) +- [TargetEndpoint](#targetendpoint) +- [VMStaticScrape](#vmstaticscrape) +- [VMStaticScrapeList](#vmstaticscrapelist) +- [VMStaticScrapeSpec](#vmstaticscrapespec) +- [ProbeTargetIngress](#probetargetingress) +- [VMProbe](#vmprobe) +- [VMProbeList](#vmprobelist) +- [VMProbeSpec](#vmprobespec) +- [VMProbeTargetStaticConfig](#vmprobetargetstaticconfig) +- [VMProbeTargets](#vmprobetargets) +- [VMProberSpec](#vmproberspec) ## VMAlertmanager VMAlertmanager represents Victoria-Metrics deployment for Alertmanager. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | Specification of the desired behavior of the VMAlertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | [VMAlertmanagerSpec](#vmalertmanagerspec) | true | -| status | Most recent observed status of the VMAlertmanager cluster. Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | [VMAlertmanagerStatus](#vmalertmanagerstatus) | false | +| Field | Description | Scheme | Required | +| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | Specification of the desired behavior of the VMAlertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | [VMAlertmanagerSpec](#vmalertmanagerspec) | true | +| status | Most recent observed status of the VMAlertmanager cluster. Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | [VMAlertmanagerStatus](#vmalertmanagerstatus) | false | [Back to TOC](#table-of-contents) @@ -168,10 +170,10 @@ VMAlertmanager represents Victoria-Metrics deployment for Alertmanager. VMAlertmanagerList is a list of Alertmanagers. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | Standard list metadata More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | List of Alertmanagers | [][VMAlertmanager](#vmalertmanager) | true | +| Field | Description | Scheme | Required | +| -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | Standard list metadata More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | List of Alertmanagers | [][VMAlertmanager](#vmalertmanager) | true | [Back to TOC](#table-of-contents) @@ -179,66 +181,66 @@ VMAlertmanagerList is a list of Alertmanagers. VMAlertmanagerSpec is a specification of the desired behavior of the VMAlertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. | *[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| image | Image - docker image settings for VMAlertmanager if no specified operator uses default config version | [Image](#image) | false | -| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | -| secrets | Secrets is a list of Secrets in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name> | []string | false | -| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | -| templates | Templates is a list of ConfigMap key references for ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Templates are mounted into /etc/vm/templates/<configmap-name>/<configmap-key>. | [][ConfigMapKeyReference](#configmapkeyreference) | false | -| configRawYaml | ConfigRawYaml - raw configuration for alertmanager, it helps it to start without secret. priority -> hardcoded ConfigRaw -> ConfigRaw, provided by user -> ConfigSecret. | string | false | -| configSecret | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAlertmanager object, which contains configuration for this VMAlertmanager, configuration must be inside secret key: alertmanager.yaml. It must be created by user. instance. Defaults to 'vmalertmanager-<alertmanager-name>' The secret is mounted into /etc/alertmanager/config. | string | false | -| logLevel | Log level for VMAlertmanager to be configured with. | string | false | -| logFormat | LogFormat for VMAlertmanager to be configured with. | string | false | -| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | -| replicaCount | ReplicaCount Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected | *int32 | false | -| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | -| retention | Retention Time duration VMAlertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms\|s\|m\|h)` (milliseconds seconds minutes hours). | string | false | -| storage | Storage is the definition of how storage will be used by the VMAlertmanager instances. | *[StorageSpec](#storagespec) | false | -| volumes | Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | -| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | -| externalURL | ExternalURL the VMAlertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if VMAlertmanager is not served from root of a DNS name. | string | false | -| routePrefix | RoutePrefix VMAlertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. | string | false | -| paused | Paused If set to true all actions on the underlaying managed objects are not goint to be performed, except for delete actions. | bool | false | -| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | -| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | -| affinity | Affinity If specified, the pod's scheduling constraints. | *[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | -| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | -| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | *[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | -| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use | string | false | -| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | -| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | -| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | -| listenLocal | ListenLocal makes the VMAlertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the VMAlertmanager UI, not the gossip communication. | bool | false | -| containers | Containers allows injecting additional containers or patching existing containers. This is meant to allow adding an authentication proxy to an VMAlertmanager pod. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| priorityClassName | PriorityClassName class assigned to the Pods | string | false | -| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | -| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | -| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | *v1.PodDNSConfig | false | -| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | -| additionalPeers | AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. | []string | false | -| clusterAdvertiseAddress | ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 | string | false | -| portName | PortName used for the pods and governing service. This defaults to web | string | false | -| serviceSpec | ServiceSpec that will be added to vmalertmanager service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | -| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmalertmanager VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | -| podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | -| livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector. with selectAllByDefault: true and undefined ConfigSelector and ConfigNamespaceSelector Operator selects all exist alertManagerConfigs with selectAllByDefault: false - selects nothing | bool | false | -| configSelector | ConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| configNamespaceSelector | \n ConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig.\nWorks in combination with Selector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| extraArgs | ExtraArgs that will be passed to VMAlertmanager pod for example log.level: debug | map[string]string | false | -| extraEnvs | ExtraEnvs that will be added to VMAlertmanager pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| disableNamespaceMatcher | DisableNamespaceMatcher disables namespace label matcher for VMAlertmanagerConfig It may be useful if alert doesn't have namespace label for some reason | bool | false | -| disableRouteContinueEnforce | DisableRouteContinueEnforce cancel the behavior for VMAlertmanagerConfig that always enforce first-level route continue to true | bool | false | -| rollingUpdateStrategy | RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate | [appsv1.StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#statefulsetupdatestrategy-v1-apps) | false | -| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | *int64 | false | -| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | -| claimTemplates | ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet | [][v1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaim-v1-core) | false | -| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | *bool | false | +| Field | Description | Scheme | Required | +| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. | \*[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| image | Image - docker image settings for VMAlertmanager if no specified operator uses default config version | [Image](#image) | false | +| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | +| secrets | Secrets is a list of Secrets in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name> | []string | false | +| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | +| templates | Templates is a list of ConfigMap key references for ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Templates are mounted into /etc/vm/templates/<configmap-name>/<configmap-key>. | [][ConfigMapKeyReference](#configmapkeyreference) | false | +| configRawYaml | ConfigRawYaml - raw configuration for alertmanager, it helps it to start without secret. priority -> hardcoded ConfigRaw -> ConfigRaw, provided by user -> ConfigSecret. | string | false | +| configSecret | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAlertmanager object, which contains configuration for this VMAlertmanager, configuration must be inside secret key: alertmanager.yaml. It must be created by user. instance. Defaults to 'vmalertmanager-<alertmanager-name>' The secret is mounted into /etc/alertmanager/config. | string | false | +| logLevel | Log level for VMAlertmanager to be configured with. | string | false | +| logFormat | LogFormat for VMAlertmanager to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | +| replicaCount | ReplicaCount Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected | \*int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | \*int32 | false | +| retention | Retention Time duration VMAlertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms\|s\|m\|h)` (milliseconds seconds minutes hours). | string | false | +| storage | Storage is the definition of how storage will be used by the VMAlertmanager instances. | \*[StorageSpec](#storagespec) | false | +| volumes | Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | +| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | +| externalURL | ExternalURL the VMAlertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if VMAlertmanager is not served from root of a DNS name. | string | false | +| routePrefix | RoutePrefix VMAlertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. | string | false | +| paused | Paused If set to true all actions on the underlaying managed objects are not goint to be performed, except for delete actions. | bool | false | +| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | +| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | +| affinity | Affinity If specified, the pod's scheduling constraints. | \*[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | +| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | +| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | \*[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | +| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use | string | false | +| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | +| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | \*string | false | +| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | +| listenLocal | ListenLocal makes the VMAlertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the VMAlertmanager UI, not the gossip communication. | bool | false | +| containers | Containers allows injecting additional containers or patching existing containers. This is meant to allow adding an authentication proxy to an VMAlertmanager pod. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| priorityClassName | PriorityClassName class assigned to the Pods | string | false | +| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | +| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | +| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | \*v1.PodDNSConfig | false | +| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | +| additionalPeers | AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. | []string | false | +| clusterAdvertiseAddress | ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 | string | false | +| portName | PortName used for the pods and governing service. This defaults to web | string | false | +| serviceSpec | ServiceSpec that will be added to vmalertmanager service spec | \*[AdditionalServiceSpec](#additionalservicespec) | false | +| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmalertmanager VMServiceScrape spec | \*[VMServiceScrapeSpec](#vmservicescrapespec) | false | +| podDisruptionBudget | PodDisruptionBudget created by operator | \*[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | +| livenessProbe | LivenessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| readinessProbe | ReadinessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| startupProbe | StartupProbe that will be added to CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector. with selectAllByDefault: true and undefined ConfigSelector and ConfigNamespaceSelector Operator selects all exist alertManagerConfigs with selectAllByDefault: false - selects nothing | bool | false | +| configSelector | ConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| configNamespaceSelector | \n ConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig.\nWorks in combination with Selector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| extraArgs | ExtraArgs that will be passed to VMAlertmanager pod for example log.level: debug | map[string]string | false | +| extraEnvs | ExtraEnvs that will be added to VMAlertmanager pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | +| disableNamespaceMatcher | DisableNamespaceMatcher disables namespace label matcher for VMAlertmanagerConfig It may be useful if alert doesn't have namespace label for some reason | bool | false | +| disableRouteContinueEnforce | DisableRouteContinueEnforce cancel the behavior for VMAlertmanagerConfig that always enforce first-level route continue to true | bool | false | +| rollingUpdateStrategy | RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate | [appsv1.StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#statefulsetupdatestrategy-v1-apps) | false | +| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | \*int64 | false | +| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | +| claimTemplates | ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet | [][v1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaim-v1-core) | false | +| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | \*bool | false | [Back to TOC](#table-of-contents) @@ -246,25 +248,23 @@ VMAlertmanagerSpec is a specification of the desired behavior of the VMAlertmana VMAlertmanagerStatus is the most recent observed status of the VMAlertmanager cluster Operator API itself. More info: -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| updateStatus | Status defines a status of object update | UpdateStatus | false | -| reason | Reason has non empty reason for update failure | string | false | +| Field | Description | Scheme | Required | +| ------------ | ---------------------------------------------- | ------------ | -------- | +| updateStatus | Status defines a status of object update | UpdateStatus | false | +| reason | Reason has non empty reason for update failure | string | false | [Back to TOC](#table-of-contents) ## DiscordConfig - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| webhook_url | The discord webhook URL one of `urlSecret` and `url` must be defined. | *string | false | -| webhook_url_secret | URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of `urlSecret` and `url` must be defined. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| title | The message title template | string | false | -| message | The message body template | string | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| webhook_url | The discord webhook URL one of `urlSecret` and `url` must be defined. | \*string | false | +| webhook_url_secret | URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of `urlSecret` and `url` must be defined. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| title | The message title template | string | false | +| message | The message body template | string | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) @@ -272,22 +272,22 @@ VMAlertmanagerStatus is the most recent observed status of the VMAlertmanager cl EmailConfig configures notifications via Email. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| to | The email address to send notifications to. | string | false | -| from | The sender address. | string | false | -| hello | The hostname to identify to the SMTP server. | string | false | -| smarthost | The SMTP host through which emails are sent. | string | false | -| auth_username | The username to use for authentication. | string | false | -| auth_password | AuthPassword defines secret name and key at CRD namespace. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| auth_secret | AuthSecret defines secrent name and key at CRD namespace. It must contain the CRAM-MD5 secret. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| auth_identity | The identity to use for authentication. | string | false | -| headers | Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. | EmailConfigHeaders | false | -| html | The HTML body of the email notification. | string | false | -| text | The text body of the email notification. | string | false | -| require_tls | The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. | *bool | false | -| tls_config | TLS configuration | *[TLSConfig](#tlsconfig) | false | +| Field | Description | Scheme | Required | +| ------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| to | The email address to send notifications to. | string | false | +| from | The sender address. | string | false | +| hello | The hostname to identify to the SMTP server. | string | false | +| smarthost | The SMTP host through which emails are sent. | string | false | +| auth_username | The username to use for authentication. | string | false | +| auth_password | AuthPassword defines secret name and key at CRD namespace. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| auth_secret | AuthSecret defines secrent name and key at CRD namespace. It must contain the CRAM-MD5 secret. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| auth_identity | The identity to use for authentication. | string | false | +| headers | Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. | EmailConfigHeaders | false | +| html | The HTML body of the email notification. | string | false | +| text | The text body of the email notification. | string | false | +| require_tls | The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. | \*bool | false | +| tls_config | TLS configuration | \*[TLSConfig](#tlsconfig) | false | [Back to TOC](#table-of-contents) @@ -295,13 +295,13 @@ EmailConfig configures notifications via Email. HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| basic_auth | BasicAuth for the client. | *[BasicAuth](#basicauth) | false | -| bearer_token_secret | The secret's key that contains the bearer token It must be at them same namespace as CRD | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| bearer_token_file | BearerTokenFile defines filename for bearer token, it must be mounted to pod. | string | false | -| tls_config | TLS configuration for the client. | *[TLSConfig](#tlsconfig) | false | -| proxyURL | Optional proxy URL. | string | false | +| Field | Description | Scheme | Required | +| ------------------- | -------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| basic_auth | BasicAuth for the client. | \*[BasicAuth](#basicauth) | false | +| bearer_token_secret | The secret's key that contains the bearer token It must be at them same namespace as CRD | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| bearer_token_file | BearerTokenFile defines filename for bearer token, it must be mounted to pod. | string | false | +| tls_config | TLS configuration for the client. | \*[TLSConfig](#tlsconfig) | false | +| proxyURL | Optional proxy URL. | string | false | [Back to TOC](#table-of-contents) @@ -309,11 +309,11 @@ HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/a ImageConfig is used to attach images to the incident. See https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event#the-images-property for more information. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| href | | string | false | -| source | | string | true | -| alt | | string | false | +| Field | Description | Scheme | Required | +| ------ | ----------- | ------ | -------- | +| href | | string | false | +| source | | string | true | +| alt | | string | false | [Back to TOC](#table-of-contents) @@ -321,11 +321,11 @@ ImageConfig is used to attach images to the incident. See https://developer.page InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. Note, it doesn't support deprecated alertmanager config options. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| target_matchers | TargetMatchers defines a list of matchers that have to be fulfilled by the target alerts to be muted. | []string | false | -| source_matchers | SourceMatchers defines a list of matchers for which one or more alerts have to exist for the inhibition to take effect. | []string | false | -| equal | Labels that must have an equal value in the source and target alert for the inhibition to take effect. | []string | false | +| Field | Description | Scheme | Required | +| --------------- | ----------------------------------------------------------------------------------------------------------------------- | -------- | -------- | +| target_matchers | TargetMatchers defines a list of matchers that have to be fulfilled by the target alerts to be muted. | []string | false | +| source_matchers | SourceMatchers defines a list of matchers for which one or more alerts have to exist for the inhibition to take effect. | []string | false | +| equal | Labels that must have an equal value in the source and target alert for the inhibition to take effect. | []string | false | [Back to TOC](#table-of-contents) @@ -335,23 +335,21 @@ LinkConfig is used to attach text links to the incident. See https://developer.p | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| href | | string | true | -| text | | string | false | +| href | | string | true | +| text | | string | false | [Back to TOC](#table-of-contents) ## MSTeamsConfig - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| webhook_url | The incoming webhook URL one of `urlSecret` and `url` must be defined. | *string | false | -| webhook_url_secret | URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of `urlSecret` and `url` must be defined. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| title | The title of the teams notification. | string | false | -| text | The text body of the teams notification. | string | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| webhook_url | The incoming webhook URL one of `urlSecret` and `url` must be defined. | \*string | false | +| webhook_url_secret | URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of `urlSecret` and `url` must be defined. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| title | The title of the teams notification. | string | false | +| text | The text body of the teams notification. | string | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) @@ -359,10 +357,10 @@ LinkConfig is used to attach text links to the incident. See https://developer.p MuteTimeInterval for alerts -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| name | Name of interval | string | false | -| time_intervals | TimeIntervals interval configuration | [][TimeInterval](#timeinterval) | true | +| Field | Description | Scheme | Required | +| -------------- | ------------------------------------ | ------------------------------- | -------- | +| name | Name of interval | string | false | +| time_intervals | TimeIntervals interval configuration | [][TimeInterval](#timeinterval) | true | [Back to TOC](#table-of-contents) @@ -370,23 +368,23 @@ MuteTimeInterval for alerts OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| api_key | The secret's key that contains the OpsGenie API key. It must be at them same namespace as CRD | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| apiURL | The URL to send OpsGenie API requests to. | string | false | -| message | Alert text limited to 130 characters. | string | false | -| description | Description of the incident. | string | false | -| source | Backlink to the sender of the notification. | string | false | -| tags | Comma separated list of tags attached to the notifications. | string | false | -| note | Additional alert note. | string | false | -| priority | Priority level of alert. Possible values are P1, P2, P3, P4, and P5. | string | false | -| details | A set of arbitrary key/value pairs that provide further detail about the incident. | map[string]string | false | -| responders | List of responders responsible for notifications. | [][OpsGenieConfigResponder](#opsgenieconfigresponder) | false | -| entity | Optional field that can be used to specify which domain alert is related to. | string | false | -| actions | Comma separated list of actions that will be available for the alert. | string | false | -| update_alerts | Whether to update message and description of the alert in OpsGenie if it already exists By default, the alert is never updated in OpsGenie, the new message only appears in activity log. | bool | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| api_key | The secret's key that contains the OpsGenie API key. It must be at them same namespace as CRD | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| apiURL | The URL to send OpsGenie API requests to. | string | false | +| message | Alert text limited to 130 characters. | string | false | +| description | Description of the incident. | string | false | +| source | Backlink to the sender of the notification. | string | false | +| tags | Comma separated list of tags attached to the notifications. | string | false | +| note | Additional alert note. | string | false | +| priority | Priority level of alert. Possible values are P1, P2, P3, P4, and P5. | string | false | +| details | A set of arbitrary key/value pairs that provide further detail about the incident. | map[string]string | false | +| responders | List of responders responsible for notifications. | [][OpsGenieConfigResponder](#opsgenieconfigresponder) | false | +| entity | Optional field that can be used to specify which domain alert is related to. | string | false | +| actions | Comma separated list of actions that will be available for the alert. | string | false | +| update_alerts | Whether to update message and description of the alert in OpsGenie if it already exists By default, the alert is never updated in OpsGenie, the new message only appears in activity log. | bool | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) @@ -394,12 +392,12 @@ OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/ OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| id | ID of the responder. | string | false | -| name | Name of the responder. | string | false | -| username | Username of the responder. | string | false | -| type | Type of responder. | string | true | +| Field | Description | Scheme | Required | +| -------- | -------------------------- | ------ | -------- | +| id | ID of the responder. | string | false | +| name | Name of the responder. | string | false | +| username | Username of the responder. | string | false | +| type | Type of responder. | string | true | [Back to TOC](#table-of-contents) @@ -407,23 +405,23 @@ OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| routing_key | The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. It must be at them same namespace as CRD | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| service_key | The secret's key that contains the PagerDuty service key (when using integration type \"Prometheus\"). Either this field or `routingKey` needs to be defined. It must be at them same namespace as CRD | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| url | The URL to send requests to. | string | false | -| client | Client identification. | string | false | -| client_url | Backlink to the sender of notification. | string | false | -| images | Images to attach to the incident. | [][ImageConfig](#imageconfig) | false | -| links | Links to attach to the incident. | [][LinkConfig](#linkconfig) | false | -| description | Description of the incident. | string | false | -| severity | Severity of the incident. | string | false | -| class | The class/type of the event. | string | false | -| group | A cluster or grouping of sources. | string | false | -| component | The part or component of the affected system that is broken. | string | false | -| details | Arbitrary key/value pairs that provide further detail about the incident. | PagerDutyDetails | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| routing_key | The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. It must be at them same namespace as CRD | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| service_key | The secret's key that contains the PagerDuty service key (when using integration type \"Prometheus\"). Either this field or `routingKey` needs to be defined. It must be at them same namespace as CRD | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| url | The URL to send requests to. | string | false | +| client | Client identification. | string | false | +| client_url | Backlink to the sender of notification. | string | false | +| images | Images to attach to the incident. | [][ImageConfig](#imageconfig) | false | +| links | Links to attach to the incident. | [][LinkConfig](#linkconfig) | false | +| description | Description of the incident. | string | false | +| severity | Severity of the incident. | string | false | +| class | The class/type of the event. | string | false | +| group | A cluster or grouping of sources. | string | false | +| component | The part or component of the affected system that is broken. | string | false | +| details | Arbitrary key/value pairs that provide further detail about the incident. | PagerDutyDetails | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) @@ -431,21 +429,21 @@ PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.i PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| user_key | The secret's key that contains the recipient user’s user key. It must be at them same namespace as CRD | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| token | The secret's key that contains the registered application’s API token, see https://pushover.net/apps. It must be at them same namespace as CRD | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| title | Notification title. | string | false | -| message | Notification message. | string | false | -| url | A supplementary URL shown alongside the message. | string | false | -| url_title | A title for supplementary URL, otherwise just the URL is shown | string | false | -| sound | The name of one of the sounds supported by device clients to override the user's default sound choice | string | false | -| priority | Priority, see https://pushover.net/api#priority | string | false | -| retry | How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. | string | false | -| expire | How long your notification will continue to be retried for, unless the user acknowledges the notification. | string | false | -| html | Whether notification message is HTML or plain text. | bool | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| user_key | The secret's key that contains the recipient user’s user key. It must be at them same namespace as CRD | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| token | The secret's key that contains the registered application’s API token, see https://pushover.net/apps. It must be at them same namespace as CRD | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| title | Notification title. | string | false | +| message | Notification message. | string | false | +| url | A supplementary URL shown alongside the message. | string | false | +| url_title | A title for supplementary URL, otherwise just the URL is shown | string | false | +| sound | The name of one of the sounds supported by device clients to override the user's default sound choice | string | false | +| priority | Priority, see https://pushover.net/api#priority | string | false | +| retry | How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. | string | false | +| expire | How long your notification will continue to be retried for, unless the user acknowledges the notification. | string | false | +| html | Whether notification message is HTML or plain text. | bool | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) @@ -453,22 +451,22 @@ PushoverConfig configures notifications via Pushover. See https://prometheus.io/ Receiver defines one or more notification integrations. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| name | Name of the receiver. Must be unique across all items from the list. | string | true | -| email_configs | EmailConfigs defines email notification configurations. | [][EmailConfig](#emailconfig) | false | -| pagerduty_configs | PagerDutyConfigs defines pager duty notification configurations. | [][PagerDutyConfig](#pagerdutyconfig) | false | -| pushover_configs | PushoverConfigs defines push over notification configurations. | [][PushoverConfig](#pushoverconfig) | false | -| slack_configs | SlackConfigs defines slack notification configurations. | [][SlackConfig](#slackconfig) | false | -| opsgenie_configs | OpsGenieConfigs defines ops genie notification configurations. | [][OpsGenieConfig](#opsgenieconfig) | false | -| webhook_configs | WebhookConfigs defines webhook notification configurations. | [][WebhookConfig](#webhookconfig) | false | -| victorops_configs | VictorOpsConfigs defines victor ops notification configurations. | [][VictorOpsConfig](#victoropsconfig) | false | -| wechat_configs | WeChatConfigs defines wechat notification configurations. | [][WeChatConfig](#wechatconfig) | false | -| telegram_configs | | [][TelegramConfig](#telegramconfig) | false | -| msteams_configs | | [][MSTeamsConfig](#msteamsconfig) | false | -| discord_configs | | [][DiscordConfig](#discordconfig) | false | -| sns_configs | | [][SnsConfig](#snsconfig) | false | -| webex_configs | | [][WebexConfig](#webexconfig) | false | +| Field | Description | Scheme | Required | +| ----------------- | -------------------------------------------------------------------- | ------------------------------------- | -------- | +| name | Name of the receiver. Must be unique across all items from the list. | string | true | +| email_configs | EmailConfigs defines email notification configurations. | [][EmailConfig](#emailconfig) | false | +| pagerduty_configs | PagerDutyConfigs defines pager duty notification configurations. | [][PagerDutyConfig](#pagerdutyconfig) | false | +| pushover_configs | PushoverConfigs defines push over notification configurations. | [][PushoverConfig](#pushoverconfig) | false | +| slack_configs | SlackConfigs defines slack notification configurations. | [][SlackConfig](#slackconfig) | false | +| opsgenie_configs | OpsGenieConfigs defines ops genie notification configurations. | [][OpsGenieConfig](#opsgenieconfig) | false | +| webhook_configs | WebhookConfigs defines webhook notification configurations. | [][WebhookConfig](#webhookconfig) | false | +| victorops_configs | VictorOpsConfigs defines victor ops notification configurations. | [][VictorOpsConfig](#victoropsconfig) | false | +| wechat_configs | WeChatConfigs defines wechat notification configurations. | [][WeChatConfig](#wechatconfig) | false | +| telegram_configs | | [][TelegramConfig](#telegramconfig) | false | +| msteams_configs | | [][MSTeamsConfig](#msteamsconfig) | false | +| discord_configs | | [][DiscordConfig](#discordconfig) | false | +| sns_configs | | [][SnsConfig](#snsconfig) | false | +| webex_configs | | [][WebexConfig](#webexconfig) | false | [Back to TOC](#table-of-contents) @@ -476,33 +474,31 @@ Receiver defines one or more notification integrations. Route defines a node in the routing tree. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| receiver | Name of the receiver for this route. | string | true | -| group_by | List of labels to group by. | []string | false | -| group_wait | How long to wait before sending the initial notification. | string | false | -| group_interval | How long to wait before sending an updated notification. | string | false | -| repeat_interval | How long to wait before repeating the last notification. | string | false | -| matchers | List of matchers that the alert’s labels should match. For the first level route, the operator adds a namespace: \"CRD_NS\" matcher. https://prometheus.io/docs/alerting/latest/configuration/#matcher | []string | false | -| continue | Continue indicating whether an alert should continue matching subsequent sibling nodes. It will always be true for the first-level route if disableRouteContinueEnforce for vmalertmanager not set. | bool | false | -| routes | Child routes. https://prometheus.io/docs/alerting/latest/configuration/#route | []apiextensionsv1.JSON | false | -| mute_time_intervals | MuteTimeIntervals for alerts | []string | false | -| active_time_intervals | ActiveTimeIntervals Times when the route should be active These must match the name at time_intervals | []string | false | +| Field | Description | Scheme | Required | +| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -------- | +| receiver | Name of the receiver for this route. | string | true | +| group_by | List of labels to group by. | []string | false | +| group_wait | How long to wait before sending the initial notification. | string | false | +| group_interval | How long to wait before sending an updated notification. | string | false | +| repeat_interval | How long to wait before repeating the last notification. | string | false | +| matchers | List of matchers that the alert’s labels should match. For the first level route, the operator adds a namespace: \"CRD_NS\" matcher. https://prometheus.io/docs/alerting/latest/configuration/#matcher | []string | false | +| continue | Continue indicating whether an alert should continue matching subsequent sibling nodes. It will always be true for the first-level route if disableRouteContinueEnforce for vmalertmanager not set. | bool | false | +| routes | Child routes. https://prometheus.io/docs/alerting/latest/configuration/#route | []apiextensionsv1.JSON | false | +| mute_time_intervals | MuteTimeIntervals for alerts | []string | false | +| active_time_intervals | ActiveTimeIntervals Times when the route should be active These must match the name at time_intervals | []string | false | [Back to TOC](#table-of-contents) ## Sigv4Config - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| region | AWS region, if blank the region from the default credentials chain is used | string | false | -| access_key | The AWS API keys. Both access_key and secret_key must be supplied or both must be blank. If blank the environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` are used. | string | false | -| access_key_selector | secret key selector to get the keys from a Kubernetes Secret | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| secret_key_selector | secret key selector to get the keys from a Kubernetes Secret | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| profile | Named AWS profile used to authenticate | string | false | -| role_arn | AWS Role ARN, an alternative to using AWS API keys | string | false | +| Field | Description | Scheme | Required | +| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| region | AWS region, if blank the region from the default credentials chain is used | string | false | +| access_key | The AWS API keys. Both access_key and secret_key must be supplied or both must be blank. If blank the environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` are used. | string | false | +| access_key_selector | secret key selector to get the keys from a Kubernetes Secret | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| secret_key_selector | secret key selector to get the keys from a Kubernetes Secret | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| profile | Named AWS profile used to authenticate | string | false | +| role_arn | AWS Role ARN, an alternative to using AWS API keys | string | false | [Back to TOC](#table-of-contents) @@ -510,15 +506,15 @@ Route defines a node in the routing tree. SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| type | | string | true | -| text | | string | true | -| url | | string | false | -| style | | string | false | -| name | | string | false | -| value | | string | false | -| confirm | | *[SlackConfirmationField](#slackconfirmationfield) | false | +| Field | Description | Scheme | Required | +| ------- | ----------- | --------------------------------------------------- | -------- | +| type | | string | true | +| text | | string | true | +| url | | string | false | +| style | | string | false | +| name | | string | false | +| value | | string | false | +| confirm | | \*[SlackConfirmationField](#slackconfirmationfield) | false | [Back to TOC](#table-of-contents) @@ -526,30 +522,30 @@ SlackAction configures a single Slack action that is sent with each notification SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| api_url | The secret's key that contains the Slack webhook URL. It must be at them same namespace as CRD | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| channel | The channel or user to send notifications to. | string | false | -| username | | string | false | -| color | | string | false | -| title | | string | false | -| title_link | | string | false | -| pretext | | string | false | -| text | | string | false | -| fields | A list of Slack fields that are sent with each notification. | [][SlackField](#slackfield) | false | -| short_fields | | bool | false | -| footer | | string | false | -| fallback | | string | false | -| callback_id | | string | false | -| icon_emoji | | string | false | -| icon_url | | string | false | -| image_url | | string | false | -| thumb_url | | string | false | -| link_names | | bool | false | -| mrkdwn_in | | []string | false | -| actions | A list of Slack actions that are sent with each notification. | [][SlackAction](#slackaction) | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| ------------- | -------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| api_url | The secret's key that contains the Slack webhook URL. It must be at them same namespace as CRD | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| channel | The channel or user to send notifications to. | string | false | +| username | | string | false | +| color | | string | false | +| title | | string | false | +| title_link | | string | false | +| pretext | | string | false | +| text | | string | false | +| fields | A list of Slack fields that are sent with each notification. | [][SlackField](#slackfield) | false | +| short_fields | | bool | false | +| footer | | string | false | +| fallback | | string | false | +| callback_id | | string | false | +| icon_emoji | | string | false | +| icon_url | | string | false | +| image_url | | string | false | +| thumb_url | | string | false | +| link_names | | bool | false | +| mrkdwn_in | | []string | false | +| actions | A list of Slack actions that are sent with each notification. | [][SlackAction](#slackaction) | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) @@ -557,12 +553,12 @@ SlackConfig configures notifications via Slack. See https://prometheus.io/docs/a SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| text | | string | true | -| title | | string | false | -| ok_text | | string | false | -| dismiss_text | | string | false | +| Field | Description | Scheme | Required | +| ------------ | ----------- | ------ | -------- | +| text | | string | true | +| title | | string | false | +| ok_text | | string | false | +| dismiss_text | | string | false | [Back to TOC](#table-of-contents) @@ -572,45 +568,41 @@ SlackField configures a single Slack field that is sent with each notification. | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| title | | string | true | -| value | | string | true | -| short | | *bool | false | +| title | | string | true | +| value | | string | true | +| short | | \*bool | false | [Back to TOC](#table-of-contents) ## SnsConfig - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| api_url | The api URL | string | false | -| sigv4 | Configure the AWS Signature Verification 4 signing process | *[Sigv4Config](#sigv4config) | false | -| topic_arn | SNS topic ARN, either specify this, phone_number or target_arn | string | false | -| subject | The subject line if message is delivered to an email endpoint. | string | false | -| phone_number | Phone number if message is delivered via SMS Specify this, topic_arn or target_arn | string | false | -| target_arn | Mobile platform endpoint ARN if message is delivered via mobile notifications Specify this, topic_arn or phone_number | string | false | -| message | The message content of the SNS notification. | string | false | -| attributes | SNS message attributes | map[string]string | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| ------------- | --------------------------------------------------------------------------------------------------------------------- | ----------------------------- | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| api_url | The api URL | string | false | +| sigv4 | Configure the AWS Signature Verification 4 signing process | \*[Sigv4Config](#sigv4config) | false | +| topic_arn | SNS topic ARN, either specify this, phone_number or target_arn | string | false | +| subject | The subject line if message is delivered to an email endpoint. | string | false | +| phone_number | Phone number if message is delivered via SMS Specify this, topic_arn or target_arn | string | false | +| target_arn | Mobile platform endpoint ARN if message is delivered via mobile notifications Specify this, topic_arn or phone_number | string | false | +| message | The message content of the SNS notification. | string | false | +| attributes | SNS message attributes | map[string]string | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) ## TelegramConfig - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| api_url | APIUrl the Telegram API URL i.e. https://api.telegram.org. | string | false | -| bot_token | BotToken token for the bot https://core.telegram.org/bots/api | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | true | -| chat_id | ChatID is ID of the chat where to send the messages. | int | true | -| message | Message is templated message | string | false | -| disable_notifications | DisableNotifications | *bool | false | -| parse_mode | ParseMode for telegram message, supported values are MarkdownV2, Markdown, Markdown and empty string for plain text. | string | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| api_url | APIUrl the Telegram API URL i.e. https://api.telegram.org. | string | false | +| bot_token | BotToken token for the bot https://core.telegram.org/bots/api | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | true | +| chat_id | ChatID is ID of the chat where to send the messages. | int | true | +| message | Message is templated message | string | false | +| disable_notifications | DisableNotifications | \*bool | false | +| parse_mode | ParseMode for telegram message, supported values are MarkdownV2, Markdown, Markdown and empty string for plain text. | string | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) @@ -618,25 +610,25 @@ SlackField configures a single Slack field that is sent with each notification. TimeInterval defines intervals of time -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| times | Times defines time range for mute | [][TimeRange](#timerange) | false | -| weekdays | Weekdays defines list of days of the week, where the week begins on Sunday and ends on Saturday. | []string | false | -| days_of_month | DayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted. for example, ['1:5', '-3:-1'] | []string | false | -| months | Months defines list of calendar months identified by a case-insentive name (e.g. ‘January’) or numeric 1. For example, ['1:3', 'may:august', 'december'] | []string | false | -| years | Years defines numerical list of years, ranges are accepted. For example, ['2020:2022', '2030'] | []string | false | -| location | Location in golang time location form, e.g. UTC | string | false | +| Field | Description | Scheme | Required | +| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -------- | +| times | Times defines time range for mute | [][TimeRange](#timerange) | false | +| weekdays | Weekdays defines list of days of the week, where the week begins on Sunday and ends on Saturday. | []string | false | +| days_of_month | DayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted. for example, ['1:5', '-3:-1'] | []string | false | +| months | Months defines list of calendar months identified by a case-insentive name (e.g. ‘January’) or numeric 1. For example, ['1:3', 'may:august', 'december'] | []string | false | +| years | Years defines numerical list of years, ranges are accepted. For example, ['2020:2022', '2030'] | []string | false | +| location | Location in golang time location form, e.g. UTC | string | false | [Back to TOC](#table-of-contents) ## TimeRange -TimeRange ranges inclusive of the starting time and exclusive of the end time +TimeRange ranges inclusive of the starting time and exclusive of the end time -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| start_time | StartTime for example HH:MM | string | true | -| end_time | EndTime for example HH:MM | string | true | +| Field | Description | Scheme | Required | +| ---------- | --------------------------- | ------ | -------- | +| start_time | StartTime for example HH:MM | string | true | +| end_time | EndTime for example HH:MM | string | true | [Back to TOC](#table-of-contents) @@ -644,11 +636,11 @@ TimeRange ranges inclusive of the starting time and exclusive of the end time VMAlertmanagerConfig is the Schema for the vmalertmanagerconfigs API -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMAlertmanagerConfigSpec](#vmalertmanagerconfigspec) | false | -| status | | [VMAlertmanagerConfigStatus](#vmalertmanagerconfigstatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMAlertmanagerConfigSpec](#vmalertmanagerconfigspec) | false | +| status | | [VMAlertmanagerConfigStatus](#vmalertmanagerconfigstatus) | false | [Back to TOC](#table-of-contents) @@ -656,10 +648,10 @@ VMAlertmanagerConfig is the Schema for the vmalertmanagerconfigs API VMAlertmanagerConfigList contains a list of VMAlertmanagerConfig -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMAlertmanagerConfig](#vmalertmanagerconfig) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMAlertmanagerConfig](#vmalertmanagerconfig) | true | [Back to TOC](#table-of-contents) @@ -667,13 +659,13 @@ VMAlertmanagerConfigList contains a list of VMAlertmanagerConfig VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| route | Route definition for alertmanager, may include nested routes. | *[Route](#route) | true | -| receivers | Receivers defines alert receivers. without defined Route, receivers will be skipped. | [][Receiver](#receiver) | true | -| inhibit_rules | InhibitRules will only apply for alerts matching the resource's namespace. | [][InhibitRule](#inhibitrule) | false | -| mute_time_intervals | MuteTimeInterval - global mute time See https://prometheus.io/docs/alerting/latest/configuration/#mute_time_interval | [][MuteTimeInterval](#mutetimeinterval) | false | -| time_intervals | ParsingError contents error with context if operator was failed to parse json object from kubernetes api server TimeIntervals modern config option, use it instead of mute_time_intervals | [][MuteTimeInterval](#mutetimeinterval) | false | +| Field | Description | Scheme | Required | +| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | -------- | +| route | Route definition for alertmanager, may include nested routes. | \*[Route](#route) | true | +| receivers | Receivers defines alert receivers. without defined Route, receivers will be skipped. | [][Receiver](#receiver) | true | +| inhibit_rules | InhibitRules will only apply for alerts matching the resource's namespace. | [][InhibitRule](#inhibitrule) | false | +| mute_time_intervals | MuteTimeInterval - global mute time See https://prometheus.io/docs/alerting/latest/configuration/#mute_time_interval | [][MuteTimeInterval](#mutetimeinterval) | false | +| time_intervals | ParsingError contents error with context if operator was failed to parse json object from kubernetes api server TimeIntervals modern config option, use it instead of mute_time_intervals | [][MuteTimeInterval](#mutetimeinterval) | false | [Back to TOC](#table-of-contents) @@ -681,9 +673,9 @@ VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig VMAlertmanagerConfigStatus defines the observed state of VMAlertmanagerConfig -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| reason | ErrorReason describes validation or any other errors. | string | false | +| Field | Description | Scheme | Required | +| ------ | ----------------------------------------------------- | ------ | -------- | +| reason | ErrorReason describes validation or any other errors. | string | false | [Back to TOC](#table-of-contents) @@ -691,18 +683,18 @@ VMAlertmanagerConfigStatus defines the observed state of VMAlertmanagerConfig VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| api_key | The secret's key that contains the API key to use when talking to the VictorOps API. It must be at them same namespace as CRD | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| api_url | The VictorOps API URL. | string | false | -| routing_key | A key used to map the alert to a team. | string | true | -| message_type | Describes the behavior of the alert (CRITICAL, WARNING, INFO). | string | false | -| entity_display_name | Contains summary of the alerted problem. | string | false | -| state_message | Contains long explanation of the alerted problem. | string | false | -| monitoring_tool | The monitoring tool the state message is from. | string | false | -| http_config | The HTTP client's configuration. | *[HTTPConfig](#httpconfig) | false | -| custom_fields | Adds optional custom fields https://github.com/prometheus/alertmanager/blob/v0.24.0/config/notifiers.go#L537 | map[string]string | false | +| Field | Description | Scheme | Required | +| ------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| api_key | The secret's key that contains the API key to use when talking to the VictorOps API. It must be at them same namespace as CRD | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| api_url | The VictorOps API URL. | string | false | +| routing_key | A key used to map the alert to a team. | string | true | +| message_type | Describes the behavior of the alert (CRITICAL, WARNING, INFO). | string | false | +| entity_display_name | Contains summary of the alerted problem. | string | false | +| state_message | Contains long explanation of the alerted problem. | string | false | +| monitoring_tool | The monitoring tool the state message is from. | string | false | +| http_config | The HTTP client's configuration. | \*[HTTPConfig](#httpconfig) | false | +| custom_fields | Adds optional custom fields https://github.com/prometheus/alertmanager/blob/v0.24.0/config/notifiers.go#L537 | map[string]string | false | [Back to TOC](#table-of-contents) @@ -710,33 +702,31 @@ VictorOpsConfig configures notifications via VictorOps. See https://prometheus.i WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| api_secret | The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| api_url | The WeChat API URL. | string | false | -| corp_id | The corp id for authentication. | string | false | -| agent_id | | string | false | -| to_user | | string | false | -| to_party | | string | false | -| to_tag | | string | false | -| message | API request data as defined by the WeChat API. | string | false | -| message_type | | string | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| api_secret | The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| api_url | The WeChat API URL. | string | false | +| corp_id | The corp id for authentication. | string | false | +| agent_id | | string | false | +| to_user | | string | false | +| to_party | | string | false | +| to_tag | | string | false | +| message | API request data as defined by the WeChat API. | string | false | +| message_type | | string | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) ## WebexConfig - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| api_url | The Webex Teams API URL, i.e. https://webexapis.com/v1/messages | *string | false | -| room_id | The ID of the Webex Teams room where to send the messages | string | false | -| message | The message body template | string | false | -| http_config | HTTP client configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. | *[HTTPConfig](#httpconfig) | false | +| Field | Description | Scheme | Required | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------ | --------------------------- | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| api_url | The Webex Teams API URL, i.e. https://webexapis.com/v1/messages | \*string | false | +| room_id | The ID of the Webex Teams room where to send the messages | string | false | +| message | The message body template | string | false | +| http_config | HTTP client configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. | \*[HTTPConfig](#httpconfig) | false | [Back to TOC](#table-of-contents) @@ -744,13 +734,13 @@ WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| send_resolved | SendResolved controls notify about resolved alerts. | *bool | false | -| url | URL to send requests to, one of `urlSecret` and `url` must be defined. | *string | false | -| url_secret | URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of `urlSecret` and `url` must be defined. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| http_config | HTTP client configuration. | *[HTTPConfig](#httpconfig) | false | -| max_alerts | Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. | int32 | false | +| Field | Description | Scheme | Required | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| send_resolved | SendResolved controls notify about resolved alerts. | \*bool | false | +| url | URL to send requests to, one of `urlSecret` and `url` must be defined. | \*string | false | +| url_secret | URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of `urlSecret` and `url` must be defined. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| http_config | HTTP client configuration. | \*[HTTPConfig](#httpconfig) | false | +| max_alerts | Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. | int32 | false | [Back to TOC](#table-of-contents) @@ -758,11 +748,11 @@ WebhookConfig configures notifications via a generic receiver supporting the web VMAgent - is a tiny but brave agent, which helps you collect metrics from various sources and stores them in VictoriaMetrics or any other Prometheus-compatible storage system that supports the remote_write protocol. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMAgentSpec](#vmagentspec) | false | -| status | | [VMAgentStatus](#vmagentstatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMAgentSpec](#vmagentspec) | false | +| status | | [VMAgentStatus](#vmagentstatus) | false | [Back to TOC](#table-of-contents) @@ -770,10 +760,10 @@ VMAgent - is a tiny but brave agent, which helps you collect metrics from variou VMAgentList contains a list of VMAgent -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMAgent](#vmagent) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMAgent](#vmagent) | true | [Back to TOC](#table-of-contents) @@ -781,16 +771,16 @@ VMAgentList contains a list of VMAgent VMAgentRemoteWriteSettings - defines global settings for all remoteWrite urls. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| maxBlockSize | The maximum size in bytes of unpacked request to send to remote storage | *int32 | false | -| maxDiskUsagePerURL | The maximum file-based buffer size in bytes at -remoteWrite.tmpDataPath | *int64 | false | -| queues | The number of concurrent queues | *int32 | false | -| showURL | Whether to show -remoteWrite.url in the exported metrics. It is hidden by default, since it can contain sensitive auth info | *bool | false | -| tmpDataPath | Path to directory where temporary data for remote write component is stored (default vmagent-remotewrite-data) | *string | false | -| flushInterval | Interval for flushing the data to remote storage. (default 1s) | *string | false | -| label | Labels in the form 'name=value' to add to all the metrics before sending them. This overrides the label if it already exists. | map[string]string | false | -| useMultiTenantMode | Configures vmagent in multi-tenant mode with direct cluster support docs https://docs.victoriametrics.com/vmagent.html#multitenancy it's global setting and affects all remote storage configurations | bool | false | +| Field | Description | Scheme | Required | +| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | -------- | +| maxBlockSize | The maximum size in bytes of unpacked request to send to remote storage | \*int32 | false | +| maxDiskUsagePerURL | The maximum file-based buffer size in bytes at -remoteWrite.tmpDataPath | \*int64 | false | +| queues | The number of concurrent queues | \*int32 | false | +| showURL | Whether to show -remoteWrite.url in the exported metrics. It is hidden by default, since it can contain sensitive auth info | \*bool | false | +| tmpDataPath | Path to directory where temporary data for remote write component is stored (default vmagent-remotewrite-data) | \*string | false | +| flushInterval | Interval for flushing the data to remote storage. (default 1s) | \*string | false | +| label | Labels in the form 'name=value' to add to all the metrics before sending them. This overrides the label if it already exists. | map[string]string | false | +| useMultiTenantMode | Configures vmagent in multi-tenant mode with direct cluster support docs https://docs.victoriametrics.com/vmagent.html#multitenancy it's global setting and affects all remote storage configurations | bool | false | [Back to TOC](#table-of-contents) @@ -798,18 +788,18 @@ VMAgentRemoteWriteSettings - defines global settings for all remoteWrite urls. VMAgentRemoteWriteSpec defines the remote storage configuration for VmAgent -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| url | URL of the endpoint to send samples to. | string | true | -| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication | *[BasicAuth](#basicauth) | false | -| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| urlRelabelConfig | ConfigMap with relabeling config which is applied to metrics before sending them to the corresponding -remoteWrite.url | *v1.ConfigMapKeySelector | false | -| inlineUrlRelabelConfig | InlineUrlRelabelConfig defines relabeling config for remoteWriteURL, it can be defined at crd spec. | [][RelabelConfig](#relabelconfig) | false | -| oauth2 | OAuth2 defines auth configuration | *[OAuth2](#oauth2) | false | -| tlsConfig | TLSConfig describes tls configuration for remote write target | *[TLSConfig](#tlsconfig) | false | -| sendTimeout | Timeout for sending a single block of data to -remoteWrite.url (default 1m0s) | *string | false | -| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName: headerValue vmagent supports since 1.79.0 version | []string | false | -| streamAggrConfig | StreamAggrConfig defines stream aggregation configuration for VMAgent for -remoteWrite.url | *[StreamAggrConfig](#streamaggrconfig) | false | +| Field | Description | Scheme | Required | +| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| url | URL of the endpoint to send samples to. | string | true | +| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication | \*[BasicAuth](#basicauth) | false | +| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| urlRelabelConfig | ConfigMap with relabeling config which is applied to metrics before sending them to the corresponding -remoteWrite.url | \*v1.ConfigMapKeySelector | false | +| inlineUrlRelabelConfig | InlineUrlRelabelConfig defines relabeling config for remoteWriteURL, it can be defined at crd spec. | [][RelabelConfig](#relabelconfig) | false | +| oauth2 | OAuth2 defines auth configuration | \*[OAuth2](#oauth2) | false | +| tlsConfig | TLSConfig describes tls configuration for remote write target | \*[TLSConfig](#tlsconfig) | false | +| sendTimeout | Timeout for sending a single block of data to -remoteWrite.url (default 1m0s) | \*string | false | +| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName: headerValue vmagent supports since 1.79.0 version | []string | false | +| streamAggrConfig | StreamAggrConfig defines stream aggregation configuration for VMAgent for -remoteWrite.url | \*[StreamAggrConfig](#streamaggrconfig) | false | [Back to TOC](#table-of-contents) @@ -817,96 +807,96 @@ VMAgentRemoteWriteSpec defines the remote storage configuration for VmAgent VMAgentSpec defines the desired state of VMAgent -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the vmagent pods. | *[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| image | Image - docker image settings for VMAgent if no specified operator uses default config version | [Image](#image) | false | -| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | -| secrets | Secrets is a list of Secrets in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/secrets | []string | false | -| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/configs | []string | false | -| logLevel | LogLevel for VMAgent to be configured with. INFO, WARN, ERROR, FATAL, PANIC | string | false | -| logFormat | LogFormat for VMAgent to be configured with. | string | false | -| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | -| replicaCount | ReplicaCount is the expected size of the VMAgent cluster. The controller will eventually make the size of the running cluster equal to the expected size. NOTE enable VMSingle deduplication for replica usage | *int32 | false | -| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | -| volumes | Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | -| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output deploy definition. VolumeMounts specified will be appended to other VolumeMounts in the vmagent container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | -| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not specified - default setting will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | -| affinity | Affinity If specified, the pod's scheduling constraints. | *[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | -| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | -| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | *[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | -| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMAgent Pods. | string | false | -| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | -| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | -| host_aliases | HostAliases provides mapping between ip and hostnames, that would be propagated to pod, cannot be used with HostNetwork. | []v1.HostAlias | false | -| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | -| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmagent configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| priorityClassName | PriorityClassName assigned to the Pods | string | false | -| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | -| dnsPolicy | DNSPolicy set DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | -| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | -| scrapeInterval | ScrapeInterval defines how often scrape targets by default | string | false | -| scrapeTimeout | ScrapeTimeout defines global timeout for targets scrape | string | false | -| aPIServerConfig | APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, VMAgent is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. | *[APIServerConfig](#apiserverconfig) | false | -| overrideHonorLabels | OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceScrape or PodScrape to true, this overrides honor_labels to false. | bool | false | -| overrideHonorTimestamps | OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. | bool | false | -| ignoreNamespaceSelectors | IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podscrape and vmservicescrape configs, and they will only discover endpoints within their current namespace. Defaults to false. | bool | false | -| enforcedNamespaceLabel | EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. | string | false | -| vmAgentExternalLabelName | VMAgentExternalLabelName Name of vmAgent external label used to denote vmAgent instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`\"\"`). | *string | false | -| externalLabels | ExternalLabels The labels to add to any time series scraped by vmagent. it doesn't affect metrics ingested directly by push API's | map[string]string | false | -| remoteWrite | RemoteWrite list of victoria metrics /some other remote write system for vm it must looks like: http://victoria-metrics-single:8429/api/v1/write or for cluster different url https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent#splitting-data-streams-among-multiple-systems | [][VMAgentRemoteWriteSpec](#vmagentremotewritespec) | true | -| remoteWriteSettings | RemoteWriteSettings defines global settings for all remoteWrite urls. | *[VMAgentRemoteWriteSettings](#vmagentremotewritesettings) | false | -| relabelConfig | RelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig This relabeling is applied to all the collected metrics before sending them to remote storage. | *v1.ConfigMapKeySelector | false | -| inlineRelabelConfig | InlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD. | [][RelabelConfig](#relabelconfig) | false | -| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector. with selectAllByDefault: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing | bool | false | -| serviceScrapeSelector | ServiceScrapeSelector defines ServiceScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| serviceScrapeNamespaceSelector | ServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| podScrapeSelector | PodScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| podScrapeNamespaceSelector | PodScrapeNamespaceSelector defines Namespaces to be selected for VMPodScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| probeSelector | ProbeSelector defines VMProbe to be selected for target probing. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| probeNamespaceSelector | ProbeNamespaceSelector defines Namespaces to be selected for VMProbe discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| nodeScrapeSelector | NodeScrapeSelector defines VMNodeScrape to be selected for scraping. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| nodeScrapeNamespaceSelector | NodeScrapeNamespaceSelector defines Namespaces to be selected for VMNodeScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| staticScrapeSelector | StaticScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. If both nil - match everything. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| staticScrapeNamespaceSelector | StaticScrapeNamespaceSelector defines Namespaces to be selected for VMStaticScrape discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| scrapeConfigSelector | ScrapeConfigSelector defines VMScrapeConfig to be selected for target discovery. Works in combination with NamespaceSelector. | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| scrapeConfigNamespaceSelector | ScrapeConfigNamespaceSelector defines Namespaces to be selected for VMScrapeConfig discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| inlineScrapeConfig | InlineScrapeConfig As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. it should be defined as single yaml file. inlineScrapeConfig: \|\n - job_name: \"prometheus\"\n static_configs:\n - targets: [\"localhost:9090\"] | string | false | -| additionalScrapeConfigs | AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| arbitraryFSAccessThroughSMs | ArbitraryFSAccessThroughSMs configures whether configuration based on a service scrape can access arbitrary files on the file system of the VMAgent container e.g. bearer token files. | [ArbitraryFSAccessThroughSMsConfig](#arbitraryfsaccessthroughsmsconfig) | false | -| insertPorts | InsertPorts - additional listen ports for data ingestion. | *[InsertPorts](#insertports) | false | -| port | Port listen address | string | false | -| extraArgs | ExtraArgs that will be passed to VMAgent pod for example remoteWrite.tmpDataPath: /tmp it would be converted to flag --remoteWrite.tmpDataPath=/tmp | map[string]string | false | -| extraEnvs | ExtraEnvs that will be added to VMAgent pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be added to vmagent service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | -| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmagent VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | -| shardCount | ShardCount - numbers of shards of VMAgent in this case operator will use 1 deployment/sts per shard with replicas count according to spec.replicas, see https://docs.victoriametrics.com/vmagent.html#scraping-big-number-of-targets | *int | false | -| updateStrategy | UpdateStrategy - overrides default update strategy. works only for deployments, statefulset always use OnDelete. | *[appsv1.DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#deploymentstrategy-v1-apps) | false | -| rollingUpdate | RollingUpdate - overrides deployment update params. | *[appsv1.RollingUpdateDeployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#rollingupdatedeployment-v1-apps) | false | -| podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | -| livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | -| serviceScrapeRelabelTemplate | ServiceScrapeRelabelTemplate defines relabel config, that will be added to each VMServiceScrape. it's useful for adding specific labels to all targets | []*[RelabelConfig](#relabelconfig) | false | -| podScrapeRelabelTemplate | PodScrapeRelabelTemplate defines relabel config, that will be added to each VMPodScrape. it's useful for adding specific labels to all targets | []*[RelabelConfig](#relabelconfig) | false | -| nodeScrapeRelabelTemplate | NodeScrapeRelabelTemplate defines relabel config, that will be added to each VMNodeScrape. it's useful for adding specific labels to all targets | []*[RelabelConfig](#relabelconfig) | false | -| staticScrapeRelabelTemplate | StaticScrapeRelabelTemplate defines relabel config, that will be added to each VMStaticScrape. it's useful for adding specific labels to all targets | []*[RelabelConfig](#relabelconfig) | false | -| probeScrapeRelabelTemplate | ProbeScrapeRelabelTemplate defines relabel config, that will be added to each VMProbeScrape. it's useful for adding specific labels to all targets | []*[RelabelConfig](#relabelconfig) | false | -| scrapeConfigRelabelTemplate | ScrapeConfigRelabelTemplate defines relabel config, that will be added to each VMScrapeConfig. it's useful for adding specific labels to all targets | []*[RelabelConfig](#relabelconfig) | false | -| minScrapeInterval | MinScrapeInterval allows limiting minimal scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is lower than defined limit, `minScrapeInterval` will be used. | *string | false | -| maxScrapeInterval | MaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is higher than defined limit, `maxScrapeInterval` will be used. | *string | false | -| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | *int64 | false | -| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | *v1.PodDNSConfig | false | -| statefulMode | StatefulMode enables StatefulSet for `VMAgent` instead of Deployment it allows using persistent storage for vmagent's persistentQueue | bool | false | -| statefulStorage | StatefulStorage configures storage for StatefulSet | *[StorageSpec](#storagespec) | false | -| statefulRollingUpdateStrategy | StatefulRollingUpdateStrategy allows configuration for strategyType set it to RollingUpdate for disabling operator statefulSet rollingUpdate | [appsv1.StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#statefulsetupdatestrategy-v1-apps) | false | -| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | -| claimTemplates | ClaimTemplates allows adding additional VolumeClaimTemplates for VMAgent in StatefulMode | [][v1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaim-v1-core) | false | -| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | *bool | false | -| ingestOnlyMode | IngestOnlyMode switches vmagent into unmanaged mode it disables any config generation for scraping Currently it prevents vmagent from managing tls and auth options for remote write | bool | false | -| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | *[License](#license) | false | +| Field | Description | Scheme | Required | +| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the vmagent pods. | \*[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| image | Image - docker image settings for VMAgent if no specified operator uses default config version | [Image](#image) | false | +| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | +| secrets | Secrets is a list of Secrets in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/secrets | []string | false | +| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/configs | []string | false | +| logLevel | LogLevel for VMAgent to be configured with. INFO, WARN, ERROR, FATAL, PANIC | string | false | +| logFormat | LogFormat for VMAgent to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | +| replicaCount | ReplicaCount is the expected size of the VMAgent cluster. The controller will eventually make the size of the running cluster equal to the expected size. NOTE enable VMSingle deduplication for replica usage | \*int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | \*int32 | false | +| volumes | Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | +| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output deploy definition. VolumeMounts specified will be appended to other VolumeMounts in the vmagent container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | +| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not specified - default setting will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | +| affinity | Affinity If specified, the pod's scheduling constraints. | \*[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | +| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | +| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | \*[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | +| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMAgent Pods. | string | false | +| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | +| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | \*string | false | +| host_aliases | HostAliases provides mapping between ip and hostnames, that would be propagated to pod, cannot be used with HostNetwork. | []v1.HostAlias | false | +| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | +| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmagent configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| priorityClassName | PriorityClassName assigned to the Pods | string | false | +| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | +| dnsPolicy | DNSPolicy set DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | +| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | +| scrapeInterval | ScrapeInterval defines how often scrape targets by default | string | false | +| scrapeTimeout | ScrapeTimeout defines global timeout for targets scrape | string | false | +| aPIServerConfig | APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, VMAgent is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. | \*[APIServerConfig](#apiserverconfig) | false | +| overrideHonorLabels | OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceScrape or PodScrape to true, this overrides honor_labels to false. | bool | false | +| overrideHonorTimestamps | OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. | bool | false | +| ignoreNamespaceSelectors | IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podscrape and vmservicescrape configs, and they will only discover endpoints within their current namespace. Defaults to false. | bool | false | +| enforcedNamespaceLabel | EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. | string | false | +| vmAgentExternalLabelName | VMAgentExternalLabelName Name of vmAgent external label used to denote vmAgent instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`\"\"`). | \*string | false | +| externalLabels | ExternalLabels The labels to add to any time series scraped by vmagent. it doesn't affect metrics ingested directly by push API's | map[string]string | false | +| remoteWrite | RemoteWrite list of victoria metrics /some other remote write system for vm it must looks like: http://victoria-metrics-single:8429/api/v1/write or for cluster different url https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent#splitting-data-streams-among-multiple-systems | [][VMAgentRemoteWriteSpec](#vmagentremotewritespec) | true | +| remoteWriteSettings | RemoteWriteSettings defines global settings for all remoteWrite urls. | \*[VMAgentRemoteWriteSettings](#vmagentremotewritesettings) | false | +| relabelConfig | RelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig This relabeling is applied to all the collected metrics before sending them to remote storage. | \*v1.ConfigMapKeySelector | false | +| inlineRelabelConfig | InlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD. | [][RelabelConfig](#relabelconfig) | false | +| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector. with selectAllByDefault: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing | bool | false | +| serviceScrapeSelector | ServiceScrapeSelector defines ServiceScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| serviceScrapeNamespaceSelector | ServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| podScrapeSelector | PodScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| podScrapeNamespaceSelector | PodScrapeNamespaceSelector defines Namespaces to be selected for VMPodScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| probeSelector | ProbeSelector defines VMProbe to be selected for target probing. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| probeNamespaceSelector | ProbeNamespaceSelector defines Namespaces to be selected for VMProbe discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| nodeScrapeSelector | NodeScrapeSelector defines VMNodeScrape to be selected for scraping. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| nodeScrapeNamespaceSelector | NodeScrapeNamespaceSelector defines Namespaces to be selected for VMNodeScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| staticScrapeSelector | StaticScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. If both nil - match everything. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| staticScrapeNamespaceSelector | StaticScrapeNamespaceSelector defines Namespaces to be selected for VMStaticScrape discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| scrapeConfigSelector | ScrapeConfigSelector defines VMScrapeConfig to be selected for target discovery. Works in combination with NamespaceSelector. | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| scrapeConfigNamespaceSelector | ScrapeConfigNamespaceSelector defines Namespaces to be selected for VMScrapeConfig discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| inlineScrapeConfig | InlineScrapeConfig As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. it should be defined as single yaml file. inlineScrapeConfig: \|\n - job_name: \"prometheus\"\n static_configs:\n - targets: [\"localhost:9090\"] | string | false | +| additionalScrapeConfigs | AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| arbitraryFSAccessThroughSMs | ArbitraryFSAccessThroughSMs configures whether configuration based on a service scrape can access arbitrary files on the file system of the VMAgent container e.g. bearer token files. | [ArbitraryFSAccessThroughSMsConfig](#arbitraryfsaccessthroughsmsconfig) | false | +| insertPorts | InsertPorts - additional listen ports for data ingestion. | \*[InsertPorts](#insertports) | false | +| port | Port listen address | string | false | +| extraArgs | ExtraArgs that will be passed to VMAgent pod for example remoteWrite.tmpDataPath: /tmp it would be converted to flag --remoteWrite.tmpDataPath=/tmp | map[string]string | false | +| extraEnvs | ExtraEnvs that will be added to VMAgent pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | +| serviceSpec | ServiceSpec that will be added to vmagent service spec | \*[AdditionalServiceSpec](#additionalservicespec) | false | +| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmagent VMServiceScrape spec | \*[VMServiceScrapeSpec](#vmservicescrapespec) | false | +| shardCount | ShardCount - numbers of shards of VMAgent in this case operator will use 1 deployment/sts per shard with replicas count according to spec.replicas, see https://docs.victoriametrics.com/vmagent.html#scraping-big-number-of-targets | \*int | false | +| updateStrategy | UpdateStrategy - overrides default update strategy. works only for deployments, statefulset always use OnDelete. | \*[appsv1.DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#deploymentstrategy-v1-apps) | false | +| rollingUpdate | RollingUpdate - overrides deployment update params. | \*[appsv1.RollingUpdateDeployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#rollingupdatedeployment-v1-apps) | false | +| podDisruptionBudget | PodDisruptionBudget created by operator | \*[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | +| livenessProbe | LivenessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| readinessProbe | ReadinessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| startupProbe | StartupProbe that will be added to CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | +| serviceScrapeRelabelTemplate | ServiceScrapeRelabelTemplate defines relabel config, that will be added to each VMServiceScrape. it's useful for adding specific labels to all targets | []\*[RelabelConfig](#relabelconfig) | false | +| podScrapeRelabelTemplate | PodScrapeRelabelTemplate defines relabel config, that will be added to each VMPodScrape. it's useful for adding specific labels to all targets | []\*[RelabelConfig](#relabelconfig) | false | +| nodeScrapeRelabelTemplate | NodeScrapeRelabelTemplate defines relabel config, that will be added to each VMNodeScrape. it's useful for adding specific labels to all targets | []\*[RelabelConfig](#relabelconfig) | false | +| staticScrapeRelabelTemplate | StaticScrapeRelabelTemplate defines relabel config, that will be added to each VMStaticScrape. it's useful for adding specific labels to all targets | []\*[RelabelConfig](#relabelconfig) | false | +| probeScrapeRelabelTemplate | ProbeScrapeRelabelTemplate defines relabel config, that will be added to each VMProbeScrape. it's useful for adding specific labels to all targets | []\*[RelabelConfig](#relabelconfig) | false | +| scrapeConfigRelabelTemplate | ScrapeConfigRelabelTemplate defines relabel config, that will be added to each VMScrapeConfig. it's useful for adding specific labels to all targets | []\*[RelabelConfig](#relabelconfig) | false | +| minScrapeInterval | MinScrapeInterval allows limiting minimal scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is lower than defined limit, `minScrapeInterval` will be used. | \*string | false | +| maxScrapeInterval | MaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is higher than defined limit, `maxScrapeInterval` will be used. | \*string | false | +| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | \*int64 | false | +| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | \*v1.PodDNSConfig | false | +| statefulMode | StatefulMode enables StatefulSet for `VMAgent` instead of Deployment it allows using persistent storage for vmagent's persistentQueue | bool | false | +| statefulStorage | StatefulStorage configures storage for StatefulSet | \*[StorageSpec](#storagespec) | false | +| statefulRollingUpdateStrategy | StatefulRollingUpdateStrategy allows configuration for strategyType set it to RollingUpdate for disabling operator statefulSet rollingUpdate | [appsv1.StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#statefulsetupdatestrategy-v1-apps) | false | +| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | +| claimTemplates | ClaimTemplates allows adding additional VolumeClaimTemplates for VMAgent in StatefulMode | [][v1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaim-v1-core) | false | +| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | \*bool | false | +| ingestOnlyMode | IngestOnlyMode switches vmagent into unmanaged mode it disables any config generation for scraping Currently it prevents vmagent from managing tls and auth options for remote write | bool | false | +| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | \*[License](#license) | false | [Back to TOC](#table-of-contents) @@ -914,16 +904,16 @@ VMAgentSpec defines the desired state of VMAgent VMAgentStatus defines the observed state of VMAgent -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| shards | Shards represents total number of vmagent deployments with uniq scrape targets | int32 | false | -| selector | Selector string form of label value set for autoscaling | string | false | -| replicas | ReplicaCount Total number of pods targeted by this VMAgent | int32 | false | -| updatedReplicas | UpdatedReplicas Total number of non-terminated pods targeted by this VMAgent cluster that have the desired version spec. | int32 | false | -| availableReplicas | AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMAlert cluster. | int32 | false | -| unavailableReplicas | UnavailableReplicas Total number of unavailable pods targeted by this VMAgent cluster. | int32 | false | -| updateStatus | UpdateStatus defines a status for update rollout, effective only for statefuleMode | UpdateStatus | false | -| reason | Reason defines fail reason for update process, effective only for statefuleMode | string | false | +| Field | Description | Scheme | Required | +| ------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------ | -------- | +| shards | Shards represents total number of vmagent deployments with uniq scrape targets | int32 | false | +| selector | Selector string form of label value set for autoscaling | string | false | +| replicas | ReplicaCount Total number of pods targeted by this VMAgent | int32 | false | +| updatedReplicas | UpdatedReplicas Total number of non-terminated pods targeted by this VMAgent cluster that have the desired version spec. | int32 | false | +| availableReplicas | AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMAlert cluster. | int32 | false | +| unavailableReplicas | UnavailableReplicas Total number of unavailable pods targeted by this VMAgent cluster. | int32 | false | +| updateStatus | UpdateStatus defines a status for update rollout, effective only for statefuleMode | UpdateStatus | false | +| reason | Reason defines fail reason for update process, effective only for statefuleMode | string | false | [Back to TOC](#table-of-contents) @@ -931,10 +921,10 @@ VMAgentStatus defines the observed state of VMAgent ServiceSpec defines additional service for CRD with user-defined params. by default, some of fields can be inherited from default service definition for the CRD: labels,selector, ports. if metadata.name is not defined, service will have format {{CRD_TYPE}}-{{CRD_NAME}}-additional-service. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | EmbeddedObjectMetadata defines objectMeta for additional service. | [EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| spec | ServiceSpec describes the attributes that a user creates on a service. More info: https://kubernetes.io/docs/concepts/services-networking/service/ | v1.ServiceSpec | true | +| Field | Description | Scheme | Required | +| -------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | -------- | +| metadata | EmbeddedObjectMetadata defines objectMeta for additional service. | [EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| spec | ServiceSpec describes the attributes that a user creates on a service. More info: https://kubernetes.io/docs/concepts/services-networking/service/ | v1.ServiceSpec | true | [Back to TOC](#table-of-contents) @@ -942,11 +932,11 @@ ServiceSpec defines additional service for CRD with user-defined params. by defa BasicAuth allow an endpoint to authenticate over basic authentication -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| username | The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD | [v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| password | The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD | [v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| password_file | PasswordFile defines path to password file at disk | string | false | +| Field | Description | Scheme | Required | +| ------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------- | +| username | The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD | [v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| password | The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD | [v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| password_file | PasswordFile defines path to password file at disk | string | false | [Back to TOC](#table-of-contents) @@ -954,10 +944,10 @@ BasicAuth allow an endpoint to authenticate over basic authentication BearerAuth defines auth with bearer token -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| bearerTokenFile | Path to bearer token file | string | false | -| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| Field | Description | Scheme | Required | +| ----------------- | ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| bearerTokenFile | Path to bearer token file | string | false | +| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | [Back to TOC](#table-of-contents) @@ -965,9 +955,9 @@ BearerAuth defines auth with bearer token ConfigMapKeyReference refers to a key in a ConfigMap. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| key | The ConfigMap key to refer to. | string | true | +| Field | Description | Scheme | Required | +| ----- | ------------------------------ | ------ | -------- | +| key | The ConfigMap key to refer to. | string | true | [Back to TOC](#table-of-contents) @@ -975,10 +965,10 @@ ConfigMapKeyReference refers to a key in a ConfigMap. DiscoverySelector can be used at CRD components discovery -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| namespaceSelector | | *[NamespaceSelector](#namespaceselector) | false | -| labelSelector | | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| Field | Description | Scheme | Required | +| ----------------- | ----------- | -------------------------------------------------------------------------------------------------------------------- | -------- | +| namespaceSelector | | \*[NamespaceSelector](#namespaceselector) | false | +| labelSelector | | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | [Back to TOC](#table-of-contents) @@ -986,12 +976,12 @@ DiscoverySelector can be used at CRD components discovery EmbeddedHPA embeds HorizontalPodAutoScaler spec v2. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2/ -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| minReplicas | | *int32 | false | -| maxReplicas | | int32 | false | -| metrics | | []v2beta2.MetricSpec | false | -| behaviour | | *v2beta2.HorizontalPodAutoscalerBehavior | false | +| Field | Description | Scheme | Required | +| ----------- | ----------- | ----------------------------------------- | -------- | +| minReplicas | | \*int32 | false | +| maxReplicas | | int32 | false | +| metrics | | []v2beta2.MetricSpec | false | +| behaviour | | \*v2beta2.HorizontalPodAutoscalerBehavior | false | [Back to TOC](#table-of-contents) @@ -999,11 +989,11 @@ EmbeddedHPA embeds HorizontalPodAutoScaler spec v2. https://kubernetes.io/docs/r EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| name | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names | string | false | -| labels | Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | map[string]string | false | -| annotations | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations | map[string]string | false | +| Field | Description | Scheme | Required | +| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | -------- | +| name | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names | string | false | +| labels | Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | map[string]string | false | +| annotations | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations | map[string]string | false | [Back to TOC](#table-of-contents) @@ -1011,23 +1001,21 @@ EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimac EmbeddedPersistentVolumeClaim is an embedded version of k8s.io/api/core/v1.PersistentVolumeClaim. It contains TypeMeta and a reduced ObjectMeta. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | EmbeddedMetadata contains metadata relevant to an EmbeddedResource. | [EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| spec | Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | [v1.PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaimspec-v1-core) | false | -| status | Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | [v1.PersistentVolumeClaimStatus](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaimstatus-v1-core) | false | +| Field | Description | Scheme | Required | +| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | EmbeddedMetadata contains metadata relevant to an EmbeddedResource. | [EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| spec | Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | [v1.PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaimspec-v1-core) | false | +| status | Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | [v1.PersistentVolumeClaimStatus](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaimstatus-v1-core) | false | [Back to TOC](#table-of-contents) ## EmbeddedPodDisruptionBudgetSpec - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| minAvailable | An eviction is allowed if at least \"minAvailable\" pods selected by \"selector\" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying \"100%\". | *intstr.IntOrString | false | -| maxUnavailable | An eviction is allowed if at most \"maxUnavailable\" pods selected by \"selector\" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with \"minAvailable\". | *intstr.IntOrString | false | -| selectorLabels | replaces default labels selector generated by operator it's useful when you need to create custom budget | map[string]string | false | +| Field | Description | Scheme | Required | +| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | -------- | +| minAvailable | An eviction is allowed if at least \"minAvailable\" pods selected by \"selector\" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying \"100%\". | \*intstr.IntOrString | false | +| maxUnavailable | An eviction is allowed if at most \"maxUnavailable\" pods selected by \"selector\" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with \"minAvailable\". | \*intstr.IntOrString | false | +| selectorLabels | replaces default labels selector generated by operator it's useful when you need to create custom budget | map[string]string | false | [Back to TOC](#table-of-contents) @@ -1035,11 +1023,11 @@ EmbeddedPersistentVolumeClaim is an embedded version of k8s.io/api/core/v1.Persi EmbeddedProbes - it allows to override some probe params. its not necessary to specify all options, operator will replace missing spec with default values. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| Field | Description | Scheme | Required | +| -------------- | ------------------------------------------ | ------------------------------------------------------------------------------------------------ | -------- | +| livenessProbe | LivenessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| readinessProbe | ReadinessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| startupProbe | StartupProbe that will be added to CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | [Back to TOC](#table-of-contents) @@ -1047,14 +1035,14 @@ EmbeddedProbes - it allows to override some probe params. its not necessary to s HTTPAuth generic auth used with http protocols -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| basicAuth | | *[BasicAuth](#basicauth) | false | -| oauth2 | | *[OAuth2](#oauth2) | false | -| tlsConfig | | *[TLSConfig](#tlsconfig) | false | -| bearerTokenFile | Path to bearer token file | string | false | -| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | +| Field | Description | Scheme | Required | +| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| basicAuth | | \*[BasicAuth](#basicauth) | false | +| oauth2 | | \*[OAuth2](#oauth2) | false | +| tlsConfig | | \*[TLSConfig](#tlsconfig) | false | +| bearerTokenFile | Path to bearer token file | string | false | +| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | [Back to TOC](#table-of-contents) @@ -1062,10 +1050,10 @@ HTTPAuth generic auth used with http protocols KeyValue defines a (key, value) tuple. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| key | Key of the tuple. | string | true | -| value | Value of the tuple. | string | true | +| Field | Description | Scheme | Required | +| ----- | ------------------- | ------ | -------- | +| key | Key of the tuple. | string | true | +| value | Value of the tuple. | string | true | [Back to TOC](#table-of-contents) @@ -1073,10 +1061,10 @@ KeyValue defines a (key, value) tuple. License holds license key for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0 See: https://docs.victoriametrics.com/enterprise.html -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| key | Enterprise license key. This flag is available only in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/ | *string | false | -| keyRef | KeyRef is reference to secret with license key for enterprise features. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| Field | Description | Scheme | Required | +| ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| key | Enterprise license key. This flag is available only in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/ | \*string | false | +| keyRef | KeyRef is reference to secret with license key for enterprise features. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | [Back to TOC](#table-of-contents) @@ -1084,11 +1072,11 @@ License holds license key for enterprise features. Using license key is supporte StorageSpec defines the configured storage for a group Prometheus servers. If neither `emptyDir` nor `volumeClaimTemplate` is specified, then by default an [EmptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) will be used. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| disableMountSubPath | Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts. | bool | false | -| emptyDir | EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | *[v1.EmptyDirVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#emptydirvolumesource-v1-core) | false | -| volumeClaimTemplate | A PVC spec to be used by the VMAlertManager StatefulSets. | [EmbeddedPersistentVolumeClaim](#embeddedpersistentvolumeclaim) | false | +| Field | Description | Scheme | Required | +| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------ | -------- | +| disableMountSubPath | Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts. | bool | false | +| emptyDir | EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | \*[v1.EmptyDirVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#emptydirvolumesource-v1-core) | false | +| volumeClaimTemplate | A PVC spec to be used by the VMAlertManager StatefulSets. | [EmbeddedPersistentVolumeClaim](#embeddedpersistentvolumeclaim) | false | [Back to TOC](#table-of-contents) @@ -1096,12 +1084,12 @@ StorageSpec defines the configured storage for a group Prometheus servers. If ne StreamAggrConfig defines the stream aggregation config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| rules | Stream aggregation rules | [][StreamAggrRule](#streamaggrrule) | true | -| keepInput | Allows writing both raw and aggregate data | bool | false | -| dropInput | Allow drop all the input samples after the aggregation | bool | false | -| dedupInterval | Allows setting different de-duplication intervals per each configured remote storage | string | false | +| Field | Description | Scheme | Required | +| ------------- | ------------------------------------------------------------------------------------ | ----------------------------------- | -------- | +| rules | Stream aggregation rules | [][StreamAggrRule](#streamaggrrule) | true | +| keepInput | Allows writing both raw and aggregate data | bool | false | +| dropInput | Allow drop all the input samples after the aggregation | bool | false | +| dedupInterval | Allows setting different de-duplication intervals per each configured remote storage | string | false | [Back to TOC](#table-of-contents) @@ -1109,29 +1097,29 @@ StreamAggrConfig defines the stream aggregation config StreamAggrRule defines the rule in stream aggregation config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| match | Match is a label selector (or list of label selectors) for filtering time series for the given selector.\n\nIf the match isn't set, then all the input time series are processed. | StringOrArray | false | -| interval | Interval is the interval between aggregations. | string | true | -| staleness_interval | StalenessInterval defines an interval after which the series state will be reset if no samples have been sent during it. | string | false | -| flush_on_shutdown | FlushOnShutdown defines whether to flush the aggregation state on process termination or config reload. Is `false` by default. It is not recommended changing this setting, unless unfinished aggregations states are preferred to missing data points. | bool | false | -| outputs | Outputs is a list of output aggregate functions to produce.\n\nThe following names are allowed:\n\n- total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series - count_samples - counts the input samples - sum_samples - sums the input samples - last - the last biggest sample value - min - the minimum sample value - max - the maximum sample value - avg - the average value across all the samples - stddev - standard deviation across all the samples - stdvar - standard variance across all the samples - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1]\n\nThe output time series will have the following names:\n\n input_name:aggr_<interval>_<output> | []string | true | -| by | By is an optional list of labels for grouping input series.\n\nSee also Without.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series. | []string | false | -| without | Without is an optional list of labels, which must be excluded when grouping input series.\n\nSee also By.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series. | []string | false | -| input_relabel_configs | InputRelabelConfigs is an optional relabeling rules, which are applied on the input before aggregation. | [][RelabelConfig](#relabelconfig) | false | -| output_relabel_configs | OutputRelabelConfigs is an optional relabeling rules, which are applied on the aggregated output before being sent to remote storage. | [][RelabelConfig](#relabelconfig) | false | +| Field | Description | Scheme | Required | +| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -------- | +| match | Match is a label selector (or list of label selectors) for filtering time series for the given selector.\n\nIf the match isn't set, then all the input time series are processed. | StringOrArray | false | +| interval | Interval is the interval between aggregations. | string | true | +| staleness_interval | StalenessInterval defines an interval after which the series state will be reset if no samples have been sent during it. | string | false | +| flush_on_shutdown | FlushOnShutdown defines whether to flush the aggregation state on process termination or config reload. Is `false` by default. It is not recommended changing this setting, unless unfinished aggregations states are preferred to missing data points. | bool | false | +| outputs | Outputs is a list of output aggregate functions to produce.\n\nThe following names are allowed:\n\n- total - aggregates input counters - increase - counts the increase over input counters - count*series - counts the input series - count_samples - counts the input samples - sum_samples - sums the input samples - last - the last biggest sample value - min - the minimum sample value - max - the maximum sample value - avg - the average value across all the samples - stddev - standard deviation across all the samples - stdvar - standard variance across all the samples - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1]\n\nThe output time series will have the following names:\n\n input_name:aggr*<interval>\_<output> | []string | true | +| by | By is an optional list of labels for grouping input series.\n\nSee also Without.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series. | []string | false | +| without | Without is an optional list of labels, which must be excluded when grouping input series.\n\nSee also By.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series. | []string | false | +| input_relabel_configs | InputRelabelConfigs is an optional relabeling rules, which are applied on the input before aggregation. | [][RelabelConfig](#relabelconfig) | false | +| output_relabel_configs | OutputRelabelConfigs is an optional relabeling rules, which are applied on the aggregated output before being sent to remote storage. | [][RelabelConfig](#relabelconfig) | false | [Back to TOC](#table-of-contents) ## VMAlert -VMAlert executes a list of given alerting or recording rules against configured address. +VMAlert executes a list of given alerting or recording rules against configured address. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMAlertSpec](#vmalertspec) | false | -| status | | [VMAlertStatus](#vmalertstatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMAlertSpec](#vmalertspec) | false | +| status | | [VMAlertStatus](#vmalertstatus) | false | [Back to TOC](#table-of-contents) @@ -1139,15 +1127,15 @@ VMAlert executes a list of given alerting or recording rules against configured VMAlertDatasourceSpec defines the remote storage configuration for VmAlert to read alerts from -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| url | Victoria Metrics or VMSelect url. Required parameter. E.g. http://127.0.0.1:8428 | string | true | -| basicAuth | | *[BasicAuth](#basicauth) | false | -| oauth2 | | *[OAuth2](#oauth2) | false | -| tlsConfig | | *[TLSConfig](#tlsconfig) | false | -| bearerTokenFile | Path to bearer token file | string | false | -| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | +| Field | Description | Scheme | Required | +| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| url | Victoria Metrics or VMSelect url. Required parameter. E.g. http://127.0.0.1:8428 | string | true | +| basicAuth | | \*[BasicAuth](#basicauth) | false | +| oauth2 | | \*[OAuth2](#oauth2) | false | +| tlsConfig | | \*[TLSConfig](#tlsconfig) | false | +| bearerTokenFile | Path to bearer token file | string | false | +| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | [Back to TOC](#table-of-contents) @@ -1155,10 +1143,10 @@ VMAlertDatasourceSpec defines the remote storage configuration for VmAlert to re VMAlertList contains a list of VMAlert -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMAlert](#vmalert) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMAlert](#vmalert) | true | [Back to TOC](#table-of-contents) @@ -1166,16 +1154,16 @@ VMAlertList contains a list of VMAlert VMAlertNotifierSpec defines the notifier url for sending information about alerts -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| url | AlertManager url. E.g. http://127.0.0.1:9093 | string | false | -| selector | Selector allows service discovery for alertmanager in this case all matched vmalertmanager replicas will be added into vmalert notifier.url as statefulset pod.fqdn | *[DiscoverySelector](#discoveryselector) | false | -| basicAuth | | *[BasicAuth](#basicauth) | false | -| oauth2 | | *[OAuth2](#oauth2) | false | -| tlsConfig | | *[TLSConfig](#tlsconfig) | false | -| bearerTokenFile | Path to bearer token file | string | false | -| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | +| Field | Description | Scheme | Required | +| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| url | AlertManager url. E.g. http://127.0.0.1:9093 | string | false | +| selector | Selector allows service discovery for alertmanager in this case all matched vmalertmanager replicas will be added into vmalert notifier.url as statefulset pod.fqdn | \*[DiscoverySelector](#discoveryselector) | false | +| basicAuth | | \*[BasicAuth](#basicauth) | false | +| oauth2 | | \*[OAuth2](#oauth2) | false | +| tlsConfig | | \*[TLSConfig](#tlsconfig) | false | +| bearerTokenFile | Path to bearer token file | string | false | +| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | [Back to TOC](#table-of-contents) @@ -1183,16 +1171,16 @@ VMAlertNotifierSpec defines the notifier url for sending information about alert VMAlertRemoteReadSpec defines the remote storage configuration for VmAlert to read alerts from -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| url | URL of the endpoint to send samples to. | string | true | -| lookback | Lookback defines how far to look into past for alerts timeseries. For example, if lookback=1h then range from now() to now()-1h will be scanned. (default 1h0m0s) Applied only to RemoteReadSpec | *string | false | -| basicAuth | | *[BasicAuth](#basicauth) | false | -| oauth2 | | *[OAuth2](#oauth2) | false | -| tlsConfig | | *[TLSConfig](#tlsconfig) | false | -| bearerTokenFile | Path to bearer token file | string | false | -| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | +| Field | Description | Scheme | Required | +| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| url | URL of the endpoint to send samples to. | string | true | +| lookback | Lookback defines how far to look into past for alerts timeseries. For example, if lookback=1h then range from now() to now()-1h will be scanned. (default 1h0m0s) Applied only to RemoteReadSpec | \*string | false | +| basicAuth | | \*[BasicAuth](#basicauth) | false | +| oauth2 | | \*[OAuth2](#oauth2) | false | +| tlsConfig | | \*[TLSConfig](#tlsconfig) | false | +| bearerTokenFile | Path to bearer token file | string | false | +| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | [Back to TOC](#table-of-contents) @@ -1200,19 +1188,19 @@ VMAlertRemoteReadSpec defines the remote storage configuration for VmAlert to re VMAlertRemoteWriteSpec defines the remote storage configuration for VmAlert -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| url | URL of the endpoint to send samples to. | string | true | -| concurrency | Defines number of readers that concurrently write into remote storage (default 1) | *int32 | false | -| flushInterval | Defines interval of flushes to remote write endpoint (default 5s) | *string | false | -| maxBatchSize | Defines defines max number of timeseries to be flushed at once (default 1000) | *int32 | false | -| maxQueueSize | Defines the max number of pending datapoints to remote write endpoint (default 100000) | *int32 | false | -| basicAuth | | *[BasicAuth](#basicauth) | false | -| oauth2 | | *[OAuth2](#oauth2) | false | -| tlsConfig | | *[TLSConfig](#tlsconfig) | false | -| bearerTokenFile | Path to bearer token file | string | false | -| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | +| Field | Description | Scheme | Required | +| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| url | URL of the endpoint to send samples to. | string | true | +| concurrency | Defines number of readers that concurrently write into remote storage (default 1) | \*int32 | false | +| flushInterval | Defines interval of flushes to remote write endpoint (default 5s) | \*string | false | +| maxBatchSize | Defines defines max number of timeseries to be flushed at once (default 1000) | \*int32 | false | +| maxQueueSize | Defines the max number of pending datapoints to remote write endpoint (default 100000) | \*int32 | false | +| basicAuth | | \*[BasicAuth](#basicauth) | false | +| oauth2 | | \*[OAuth2](#oauth2) | false | +| tlsConfig | | \*[TLSConfig](#tlsconfig) | false | +| bearerTokenFile | Path to bearer token file | string | false | +| bearerTokenSecret | Optional bearer auth token to use for -remoteWrite.url | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| headers | Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version | []string | false | [Back to TOC](#table-of-contents) @@ -1220,64 +1208,64 @@ VMAlertRemoteWriteSpec defines the remote storage configuration for VmAlert VMAlertSpec defines the desired state of VMAlert -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMAlert pods. | *[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| image | Image - docker image settings for VMAlert if no specified operator uses default config version | [Image](#image) | false | -| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | -| secrets | Secrets is a list of Secrets in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. | []string | false | -| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | -| logFormat | LogFormat for VMAlert to be configured with. default or json | string | false | -| logLevel | LogLevel for VMAlert to be configured with. | string | false | -| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | -| replicaCount | ReplicaCount is the expected size of the VMAlert cluster. The controller will eventually make the size of the running cluster equal to the expected size. | *int32 | false | -| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | -| volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | -| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAlert container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | -| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | -| affinity | Affinity If specified, the pod's scheduling constraints. | *[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | -| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | -| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | *[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | -| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMAlert Pods. | string | false | -| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | -| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | -| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | -| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| priorityClassName | Priority class assigned to the Pods | string | false | -| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | -| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | -| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | -| evaluationInterval | EvaluationInterval defines how often to evaluate rules by default | string | false | -| enforcedNamespaceLabel | EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. | string | false | -| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such RuleSelector. with selectAllByDefault: true and empty serviceScrapeSelector and RuleNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing | bool | false | -| ruleSelector | RuleSelector selector to select which VMRules to mount for loading alerting rules from. Works in combination with NamespaceSelector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| ruleNamespaceSelector | RuleNamespaceSelector to be selected for VMRules discovery. Works in combination with Selector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| port | Port for listen | string | false | -| notifier | Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | *[VMAlertNotifierSpec](#vmalertnotifierspec) | false | -| notifiers | Notifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | [][VMAlertNotifierSpec](#vmalertnotifierspec) | false | -| notifierConfigRef | NotifierConfigRef reference for secret with notifier configuration for vmalert only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| remoteWrite | RemoteWrite Optional URL to remote-write compatible storage to persist vmalert state and rule results to. Rule results will be persisted according to each rule. Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE see -remoteWrite.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 | *[VMAlertRemoteWriteSpec](#vmalertremotewritespec) | false | -| remoteRead | RemoteRead Optional URL to read vmalert state (persisted via RemoteWrite) This configuration only makes sense if alerts state has been successfully persisted (via RemoteWrite) before. see -remoteRead.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 | *[VMAlertRemoteReadSpec](#vmalertremotereadspec) | false | -| rulePath | RulePath to the file with alert rules. Supports patterns. Flag can be specified multiple times. Examples: -rule /path/to/file. Path to a single file with alerting rules -rule dir/*.yaml -rule /*.yaml. Relative path to all .yaml files in folder, absolute path to all .yaml files in root. by default operator adds /etc/vmalert/configs/base/vmalert.yaml | []string | false | -| datasource | Datasource Victoria Metrics or VMSelect url. Required parameter. e.g. http://127.0.0.1:8428 | [VMAlertDatasourceSpec](#vmalertdatasourcespec) | true | -| extraArgs | ExtraArgs that will be passed to VMAlert pod for example -remoteWrite.tmpDataPath=/tmp | map[string]string | false | -| extraEnvs | ExtraEnvs that will be added to VMAlert pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| externalLabels | ExternalLabels in the form 'name: value' to add to all generated recording rules and alerts. | map[string]string | false | -| serviceSpec | ServiceSpec that will be added to vmalert service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | -| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmalert VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | -| updateStrategy | UpdateStrategy - overrides default update strategy. | *[appsv1.DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#deploymentstrategy-v1-apps) | false | -| rollingUpdate | RollingUpdate - overrides deployment update params. | *[appsv1.RollingUpdateDeployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#rollingupdatedeployment-v1-apps) | false | -| podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | -| livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | -| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | *int64 | false | -| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | *v1.PodDNSConfig | false | -| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | -| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | *bool | false | -| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | *[License](#license) | false | +| Field | Description | Scheme | Required | +| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMAlert pods. | \*[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| image | Image - docker image settings for VMAlert if no specified operator uses default config version | [Image](#image) | false | +| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | +| secrets | Secrets is a list of Secrets in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. | []string | false | +| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | +| logFormat | LogFormat for VMAlert to be configured with. default or json | string | false | +| logLevel | LogLevel for VMAlert to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | +| replicaCount | ReplicaCount is the expected size of the VMAlert cluster. The controller will eventually make the size of the running cluster equal to the expected size. | \*int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | \*int32 | false | +| volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | +| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAlert container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | +| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | +| affinity | Affinity If specified, the pod's scheduling constraints. | \*[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | +| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | +| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | \*[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | +| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMAlert Pods. | string | false | +| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | +| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | \*string | false | +| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | +| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| priorityClassName | Priority class assigned to the Pods | string | false | +| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | +| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | +| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | +| evaluationInterval | EvaluationInterval defines how often to evaluate rules by default | string | false | +| enforcedNamespaceLabel | EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. | string | false | +| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such RuleSelector. with selectAllByDefault: true and empty serviceScrapeSelector and RuleNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing | bool | false | +| ruleSelector | RuleSelector selector to select which VMRules to mount for loading alerting rules from. Works in combination with NamespaceSelector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| ruleNamespaceSelector | RuleNamespaceSelector to be selected for VMRules discovery. Works in combination with Selector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| port | Port for listen | string | false | +| notifier | Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | \*[VMAlertNotifierSpec](#vmalertnotifierspec) | false | +| notifiers | Notifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | [][VMAlertNotifierSpec](#vmalertnotifierspec) | false | +| notifierConfigRef | NotifierConfigRef reference for secret with notifier configuration for vmalert only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| remoteWrite | RemoteWrite Optional URL to remote-write compatible storage to persist vmalert state and rule results to. Rule results will be persisted according to each rule. Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE see -remoteWrite.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 | \*[VMAlertRemoteWriteSpec](#vmalertremotewritespec) | false | +| remoteRead | RemoteRead Optional URL to read vmalert state (persisted via RemoteWrite) This configuration only makes sense if alerts state has been successfully persisted (via RemoteWrite) before. see -remoteRead.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 | \*[VMAlertRemoteReadSpec](#vmalertremotereadspec) | false | +| rulePath | RulePath to the file with alert rules. Supports patterns. Flag can be specified multiple times. Examples: -rule /path/to/file. Path to a single file with alerting rules -rule dir/_.yaml -rule /_.yaml. Relative path to all .yaml files in folder, absolute path to all .yaml files in root. by default operator adds /etc/vmalert/configs/base/vmalert.yaml | []string | false | +| datasource | Datasource Victoria Metrics or VMSelect url. Required parameter. e.g. http://127.0.0.1:8428 | [VMAlertDatasourceSpec](#vmalertdatasourcespec) | true | +| extraArgs | ExtraArgs that will be passed to VMAlert pod for example -remoteWrite.tmpDataPath=/tmp | map[string]string | false | +| extraEnvs | ExtraEnvs that will be added to VMAlert pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | +| externalLabels | ExternalLabels in the form 'name: value' to add to all generated recording rules and alerts. | map[string]string | false | +| serviceSpec | ServiceSpec that will be added to vmalert service spec | \*[AdditionalServiceSpec](#additionalservicespec) | false | +| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmalert VMServiceScrape spec | \*[VMServiceScrapeSpec](#vmservicescrapespec) | false | +| updateStrategy | UpdateStrategy - overrides default update strategy. | \*[appsv1.DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#deploymentstrategy-v1-apps) | false | +| rollingUpdate | RollingUpdate - overrides deployment update params. | \*[appsv1.RollingUpdateDeployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#rollingupdatedeployment-v1-apps) | false | +| podDisruptionBudget | PodDisruptionBudget created by operator | \*[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | +| livenessProbe | LivenessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| readinessProbe | ReadinessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| startupProbe | StartupProbe that will be added to CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | +| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | \*int64 | false | +| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | \*v1.PodDNSConfig | false | +| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | +| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | \*bool | false | +| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | \*[License](#license) | false | [Back to TOC](#table-of-contents) @@ -1285,26 +1273,26 @@ VMAlertSpec defines the desired state of VMAlert VMAlertStatus defines the observed state of VMAlert -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| replicas | ReplicaCount Total number of non-terminated pods targeted by this VMAlert cluster (their labels match the selector). | int32 | false | -| updatedReplicas | UpdatedReplicas Total number of non-terminated pods targeted by this VMAlert cluster that have the desired version spec. | int32 | false | -| availableReplicas | AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMAlert cluster. | int32 | false | -| unavailableReplicas | UnavailableReplicas Total number of unavailable pods targeted by this VMAlert cluster. | int32 | false | -| updateStatus | UpdateStatus defines a status for update rollout, effective only for statefuleMode | UpdateStatus | false | -| reason | Reason defines fail reason for update process, effective only for statefuleMode | string | false | +| Field | Description | Scheme | Required | +| ------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------ | -------- | +| replicas | ReplicaCount Total number of non-terminated pods targeted by this VMAlert cluster (their labels match the selector). | int32 | false | +| updatedReplicas | UpdatedReplicas Total number of non-terminated pods targeted by this VMAlert cluster that have the desired version spec. | int32 | false | +| availableReplicas | AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMAlert cluster. | int32 | false | +| unavailableReplicas | UnavailableReplicas Total number of unavailable pods targeted by this VMAlert cluster. | int32 | false | +| updateStatus | UpdateStatus defines a status for update rollout, effective only for statefuleMode | UpdateStatus | false | +| reason | Reason defines fail reason for update process, effective only for statefuleMode | string | false | [Back to TOC](#table-of-contents) ## VMSingle -VMSingle is fast, cost-effective and scalable time-series database. +VMSingle is fast, cost-effective and scalable time-series database. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMSingleSpec](#vmsinglespec) | false | -| status | | [VMSingleStatus](#vmsinglestatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMSingleSpec](#vmsinglespec) | false | +| status | | [VMSingleStatus](#vmsinglestatus) | false | [Back to TOC](#table-of-contents) @@ -1312,10 +1300,10 @@ VMSingle is fast, cost-effective and scalable time-series database. VMSingleList contains a list of VMSingle -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMSingle](#vmsingle) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMSingle](#vmsingle) | true | [Back to TOC](#table-of-contents) @@ -1323,56 +1311,56 @@ VMSingleList contains a list of VMSingle VMSingleSpec defines the desired state of VMSingle -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods. | *[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| image | Image - docker image settings for VMSingle if no specified operator uses default config version | [Image](#image) | false | -| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | -| secrets | Secrets is a list of Secrets in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods. | []string | false | -| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods. | []string | false | -| logLevel | LogLevel for victoria metrics single to be configured with. | string | false | -| logFormat | LogFormat for VMSingle to be configured with. | string | false | -| replicaCount | ReplicaCount is the expected size of the VMSingle it can be 0 or 1 if you need more - use vm cluster | *int32 | false | -| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | -| storageDataPath | StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath, its users responsibility to mount proper device into given path. | string | false | -| storage | Storage is the definition of how storage will be used by the VMSingle by default it`s empty dir | *[v1.PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaimspec-v1-core) | false | -| storageMetadata | StorageMeta defines annotations and labels attached to PVC for given vmsingle CR | [EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| volumes | Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | -| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSingle container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | -| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | -| affinity | Affinity If specified, the pod's scheduling constraints. | *[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | -| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | -| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | *[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | -| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMSingle Pods. | string | false | -| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | -| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | -| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | -| hostAliases | HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. | []v1.HostAlias | false | -| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| priorityClassName | PriorityClassName assigned to the Pods | string | false | -| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | -| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | -| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | *v1.PodDNSConfig | false | -| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | -| insertPorts | InsertPorts - additional listen ports for data ingestion. | *[InsertPorts](#insertports) | false | -| port | Port listen port | string | false | -| removePvcAfterDelete | RemovePvcAfterDelete - if true, controller adds ownership to pvc and after VMSingle objest deletion - pvc will be garbage collected by controller manager | bool | false | -| retentionPeriod | RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention | string | true | -| vmBackup | VMBackup configuration for backup | *[VMBackup](#vmbackup) | false | -| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | *[License](#license) | false | -| extraArgs | ExtraArgs that will be passed to VMSingle pod for example remoteWrite.tmpDataPath: /tmp | map[string]string | false | -| extraEnvs | ExtraEnvs that will be added to VMSingle pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be added to vmsingle service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | -| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmsingle VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | -| livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | -| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | *int64 | false | -| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | -| streamAggrConfig | StreamAggrConfig defines stream aggregation configuration for VMSingle | *[StreamAggrConfig](#streamaggrconfig) | false | -| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | *bool | false | +| Field | Description | Scheme | Required | +| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods. | \*[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| image | Image - docker image settings for VMSingle if no specified operator uses default config version | [Image](#image) | false | +| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | +| secrets | Secrets is a list of Secrets in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods. | []string | false | +| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods. | []string | false | +| logLevel | LogLevel for victoria metrics single to be configured with. | string | false | +| logFormat | LogFormat for VMSingle to be configured with. | string | false | +| replicaCount | ReplicaCount is the expected size of the VMSingle it can be 0 or 1 if you need more - use vm cluster | \*int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | \*int32 | false | +| storageDataPath | StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath, its users responsibility to mount proper device into given path. | string | false | +| storage | Storage is the definition of how storage will be used by the VMSingle by default it`s empty dir | \*[v1.PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaimspec-v1-core) | false | +| storageMetadata | StorageMeta defines annotations and labels attached to PVC for given vmsingle CR | [EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| volumes | Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | +| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSingle container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | +| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | +| affinity | Affinity If specified, the pod's scheduling constraints. | \*[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | +| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | +| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | \*[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | +| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMSingle Pods. | string | false | +| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | +| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | \*string | false | +| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | +| hostAliases | HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. | []v1.HostAlias | false | +| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| priorityClassName | PriorityClassName assigned to the Pods | string | false | +| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | +| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | +| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | \*v1.PodDNSConfig | false | +| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | +| insertPorts | InsertPorts - additional listen ports for data ingestion. | \*[InsertPorts](#insertports) | false | +| port | Port listen port | string | false | +| removePvcAfterDelete | RemovePvcAfterDelete - if true, controller adds ownership to pvc and after VMSingle objest deletion - pvc will be garbage collected by controller manager | bool | false | +| retentionPeriod | RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention | string | true | +| vmBackup | VMBackup configuration for backup | \*[VMBackup](#vmbackup) | false | +| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | \*[License](#license) | false | +| extraArgs | ExtraArgs that will be passed to VMSingle pod for example remoteWrite.tmpDataPath: /tmp | map[string]string | false | +| extraEnvs | ExtraEnvs that will be added to VMSingle pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | +| serviceSpec | ServiceSpec that will be added to vmsingle service spec | \*[AdditionalServiceSpec](#additionalservicespec) | false | +| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmsingle VMServiceScrape spec | \*[VMServiceScrapeSpec](#vmservicescrapespec) | false | +| livenessProbe | LivenessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| readinessProbe | ReadinessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| startupProbe | StartupProbe that will be added to CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | +| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | \*int64 | false | +| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | +| streamAggrConfig | StreamAggrConfig defines stream aggregation configuration for VMSingle | \*[StreamAggrConfig](#streamaggrconfig) | false | +| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | \*bool | false | [Back to TOC](#table-of-contents) @@ -1380,14 +1368,14 @@ VMSingleSpec defines the desired state of VMSingle VMSingleStatus defines the observed state of VMSingle -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| replicas | ReplicaCount Total number of non-terminated pods targeted by this VMSingle. | int32 | true | -| updatedReplicas | UpdatedReplicas Total number of non-terminated pods targeted by this VMSingle. | int32 | true | -| availableReplicas | AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMSingle. | int32 | true | -| unavailableReplicas | UnavailableReplicas Total number of unavailable pods targeted by this VMSingle. | int32 | true | -| singleStatus | UpdateStatus defines a status of single node rollout | UpdateStatus | false | -| reason | Reason defines a reason in case of update failure | string | false | +| Field | Description | Scheme | Required | +| ------------------- | ---------------------------------------------------------------------------------------------------------------- | ------------ | -------- | +| replicas | ReplicaCount Total number of non-terminated pods targeted by this VMSingle. | int32 | true | +| updatedReplicas | UpdatedReplicas Total number of non-terminated pods targeted by this VMSingle. | int32 | true | +| availableReplicas | AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMSingle. | int32 | true | +| unavailableReplicas | UnavailableReplicas Total number of unavailable pods targeted by this VMSingle. | int32 | true | +| singleStatus | UpdateStatus defines a status of single node rollout | UpdateStatus | false | +| reason | Reason defines a reason in case of update failure | string | false | [Back to TOC](#table-of-contents) @@ -1395,17 +1383,17 @@ VMSingleStatus defines the observed state of VMSingle Rule describes an alerting or recording rule. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| record | Record represents a query, that will be recorded to dataSource | string | false | -| alert | Alert is a name for alert | string | false | -| expr | Expr is query, that will be evaluated at dataSource | string | true | -| debug | Debug enables logging for rule it useful for tracking | *bool | false | -| for | For evaluation interval in time.Duration format 30s, 1m, 1h or nanoseconds | string | false | -| keep_firing_for | KeepFiringFor will make alert continue firing for this long even when the alerting expression no longer has results. Use time.Duration format, 30s, 1m, 1h or nanoseconds | string | false | -| labels | Labels will be added to rule configuration | map[string]string | false | -| annotations | Annotations will be added to rule configuration | map[string]string | false | -| update_entries_limit | UpdateEntriesLimit defines max number of rule's state updates stored in memory. Overrides `-rule.updateEntriesLimit` in vmalert. | *int | false | +| Field | Description | Scheme | Required | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | -------- | +| record | Record represents a query, that will be recorded to dataSource | string | false | +| alert | Alert is a name for alert | string | false | +| expr | Expr is query, that will be evaluated at dataSource | string | true | +| debug | Debug enables logging for rule it useful for tracking | \*bool | false | +| for | For evaluation interval in time.Duration format 30s, 1m, 1h or nanoseconds | string | false | +| keep_firing_for | KeepFiringFor will make alert continue firing for this long even when the alerting expression no longer has results. Use time.Duration format, 30s, 1m, 1h or nanoseconds | string | false | +| labels | Labels will be added to rule configuration | map[string]string | false | +| annotations | Annotations will be added to rule configuration | map[string]string | false | +| update_entries_limit | UpdateEntriesLimit defines max number of rule's state updates stored in memory. Overrides `-rule.updateEntriesLimit` in vmalert. | \*int | false | [Back to TOC](#table-of-contents) @@ -1413,20 +1401,20 @@ Rule describes an alerting or recording rule. RuleGroup is a list of sequentially evaluated recording and alerting rules. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| name | Name of group | string | true | -| interval | evaluation interval for group | string | false | -| rules | Rules list of alert rules | [][Rule](#rule) | true | -| limit | Limit the number of alerts an alerting rule and series a recording rule can produce | int | false | -| concurrency | Concurrency defines how many rules execute at once. | int | false | -| labels | Labels optional list of labels added to every rule within a group. It has priority over the external labels. Labels are commonly used for adding environment or tenant-specific tag. | map[string]string | false | -| extra_filter_labels | ExtraFilterLabels optional list of label filters applied to every rule's request withing a group. Is compatible only with VM datasource. See more details at https://docs.victoriametrics.com#prometheus-querying-api-enhancements Deprecated, use params instead | map[string]string | false | -| tenant | Tenant id for group, can be used only with enterprise version of vmalert See more details at https://docs.victoriametrics.com/vmalert.html#multitenancy | string | false | -| params | Params optional HTTP URL parameters added to each rule request | url.Values | false | -| type | Type defines datasource type for enterprise version of vmalert possible values - prometheus,graphite | string | false | -| headers | Headers contains optional HTTP headers added to each rule request Must be in form `header-name: value` For example:\n headers:\n - \"CustomHeader: foo\"\n - \"CustomHeader2: bar\" | []string | false | -| notifier_headers | NotifierHeaders contains optional HTTP headers added to each alert request which will send to notifier Must be in form `header-name: value` For example:\n headers:\n - \"CustomHeader: foo\"\n - \"CustomHeader2: bar\" | []string | false | +| Field | Description | Scheme | Required | +| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | -------- | +| name | Name of group | string | true | +| interval | evaluation interval for group | string | false | +| rules | Rules list of alert rules | [][Rule](#rule) | true | +| limit | Limit the number of alerts an alerting rule and series a recording rule can produce | int | false | +| concurrency | Concurrency defines how many rules execute at once. | int | false | +| labels | Labels optional list of labels added to every rule within a group. It has priority over the external labels. Labels are commonly used for adding environment or tenant-specific tag. | map[string]string | false | +| extra_filter_labels | ExtraFilterLabels optional list of label filters applied to every rule's request withing a group. Is compatible only with VM datasource. See more details at https://docs.victoriametrics.com#prometheus-querying-api-enhancements Deprecated, use params instead | map[string]string | false | +| tenant | Tenant id for group, can be used only with enterprise version of vmalert See more details at https://docs.victoriametrics.com/vmalert.html#multitenancy | string | false | +| params | Params optional HTTP URL parameters added to each rule request | url.Values | false | +| type | Type defines datasource type for enterprise version of vmalert possible values - prometheus,graphite | string | false | +| headers | Headers contains optional HTTP headers added to each rule request Must be in form `header-name: value` For example:\n headers:\n - \"CustomHeader: foo\"\n - \"CustomHeader2: bar\" | []string | false | +| notifier_headers | NotifierHeaders contains optional HTTP headers added to each alert request which will send to notifier Must be in form `header-name: value` For example:\n headers:\n - \"CustomHeader: foo\"\n - \"CustomHeader2: bar\" | []string | false | [Back to TOC](#table-of-contents) @@ -1434,11 +1422,11 @@ RuleGroup is a list of sequentially evaluated recording and alerting rules. VMRule defines rule records for vmalert application -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMRuleSpec](#vmrulespec) | true | -| status | | [VMRuleStatus](#vmrulestatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMRuleSpec](#vmrulespec) | true | +| status | | [VMRuleStatus](#vmrulestatus) | false | [Back to TOC](#table-of-contents) @@ -1446,10 +1434,10 @@ VMRule defines rule records for vmalert application VMRuleList contains a list of VMRule -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | Items list of VMRule | []*[VMRule](#vmrule) | true | +| Field | Description | Scheme | Required | +| -------- | -------------------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | Items list of VMRule | []\*[VMRule](#vmrule) | true | [Back to TOC](#table-of-contents) @@ -1457,9 +1445,9 @@ VMRuleList contains a list of VMRule VMRuleSpec defines the desired state of VMRule -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| groups | Groups list of group rules | [][RuleGroup](#rulegroup) | true | +| Field | Description | Scheme | Required | +| ------ | -------------------------- | ------------------------- | -------- | +| groups | Groups list of group rules | [][RuleGroup](#rulegroup) | true | [Back to TOC](#table-of-contents) @@ -1467,14 +1455,14 @@ VMRuleSpec defines the desired state of VMRule APIServerConfig defines a host and auth methods to access apiserver. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| host | Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number | string | true | -| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication | *[BasicAuth](#basicauth) | false | -| bearerToken | Bearer token for accessing apiserver. | string | false | -| bearerTokenFile | File to read bearer token for accessing apiserver. | string | false | -| tlsConfig | TLSConfig Config to use for accessing apiserver. | *[TLSConfig](#tlsconfig) | false | -| authorization | | *[Authorization](#authorization) | false | +| Field | Description | Scheme | Required | +| --------------- | ---------------------------------------------------------------------------------------------------- | --------------------------------- | -------- | +| host | Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number | string | true | +| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication | \*[BasicAuth](#basicauth) | false | +| bearerToken | Bearer token for accessing apiserver. | string | false | +| bearerTokenFile | File to read bearer token for accessing apiserver. | string | false | +| tlsConfig | TLSConfig Config to use for accessing apiserver. | \*[TLSConfig](#tlsconfig) | false | +| authorization | | \*[Authorization](#authorization) | false | [Back to TOC](#table-of-contents) @@ -1482,9 +1470,9 @@ APIServerConfig defines a host and auth methods to access apiserver. More info: AttachMetadata configures metadata attachment -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| node | Node instructs vmagent to add node specific metadata from service discovery Valid for roles: pod, endpoints, endpointslice. | *bool | false | +| Field | Description | Scheme | Required | +| ----- | --------------------------------------------------------------------------------------------------------------------------- | ------ | -------- | +| node | Node instructs vmagent to add node specific metadata from service discovery Valid for roles: pod, endpoints, endpointslice. | \*bool | false | [Back to TOC](#table-of-contents) @@ -1492,11 +1480,11 @@ AttachMetadata configures metadata attachment Authorization configures generic authorization params -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| type | Type of authorization, default to bearer | string | false | -| credentials | Reference to the secret with value for authorization | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| credentialsFile | File with value for authorization | string | false | +| Field | Description | Scheme | Required | +| --------------- | ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| type | Type of authorization, default to bearer | string | false | +| credentials | Reference to the secret with value for authorization | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| credentialsFile | File with value for authorization | string | false | [Back to TOC](#table-of-contents) @@ -1504,32 +1492,32 @@ Authorization configures generic authorization params Endpoint defines a scrapeable endpoint serving Prometheus metrics. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| port | Name of the service port this endpoint refers to. Mutually exclusive with targetPort. | string | false | -| targetPort | Name or number of the pod port this endpoint refers to. Mutually exclusive with port. | *intstr.IntOrString | false | -| path | HTTP path to scrape for metrics. | string | false | -| scheme | HTTP scheme to use for scraping. | string | false | -| params | Optional HTTP URL parameters | map[string][]string | false | -| follow_redirects | FollowRedirects controls redirects for scraping. | *bool | false | -| interval | Interval at which metrics should be scraped | string | false | -| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | -| scrapeTimeout | Timeout after which the scrape is ended | string | false | -| sampleLimit | SampleLimit defines per-endpoint limit on number of scraped samples that will be accepted. | uint64 | false | -| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | -| oauth2 | OAuth2 defines auth configuration | *[OAuth2](#oauth2) | false | -| authorization | Authorization with http header Authorization | *[Authorization](#authorization) | false | -| tlsConfig | TLSConfig configuration to use when scraping the endpoint | *[TLSConfig](#tlsconfig) | false | -| bearerTokenFile | File to read bearer token for scraping targets. | string | false | -| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| honorLabels | HonorLabels chooses the metric's labels on collisions with target labels. | bool | false | -| honorTimestamps | HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. | *bool | false | -| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | *[BasicAuth](#basicauth) | false | -| metricRelabelConfigs | MetricRelabelConfigs to apply to samples before ingestion. | []*[RelabelConfig](#relabelconfig) | false | -| relabelConfigs | RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []*[RelabelConfig](#relabelconfig) | false | -| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | *string | false | -| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | *[VMScrapeParams](#vmscrapeparams) | false | -| attach_metadata | AttachMetadata configures metadata attaching from service discovery | [AttachMetadata](#attachmetadata) | false | +| Field | Description | Scheme | Required | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| port | Name of the service port this endpoint refers to. Mutually exclusive with targetPort. | string | false | +| targetPort | Name or number of the pod port this endpoint refers to. Mutually exclusive with port. | \*intstr.IntOrString | false | +| path | HTTP path to scrape for metrics. | string | false | +| scheme | HTTP scheme to use for scraping. | string | false | +| params | Optional HTTP URL parameters | map[string][]string | false | +| follow_redirects | FollowRedirects controls redirects for scraping. | \*bool | false | +| interval | Interval at which metrics should be scraped | string | false | +| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | +| scrapeTimeout | Timeout after which the scrape is ended | string | false | +| sampleLimit | SampleLimit defines per-endpoint limit on number of scraped samples that will be accepted. | uint64 | false | +| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | +| oauth2 | OAuth2 defines auth configuration | \*[OAuth2](#oauth2) | false | +| authorization | Authorization with http header Authorization | \*[Authorization](#authorization) | false | +| tlsConfig | TLSConfig configuration to use when scraping the endpoint | \*[TLSConfig](#tlsconfig) | false | +| bearerTokenFile | File to read bearer token for scraping targets. | string | false | +| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| honorLabels | HonorLabels chooses the metric's labels on collisions with target labels. | bool | false | +| honorTimestamps | HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. | \*bool | false | +| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | \*[BasicAuth](#basicauth) | false | +| metricRelabelConfigs | MetricRelabelConfigs to apply to samples before ingestion. | []\*[RelabelConfig](#relabelconfig) | false | +| relabelConfigs | RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []\*[RelabelConfig](#relabelconfig) | false | +| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | \*string | false | +| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | \*[VMScrapeParams](#vmscrapeparams) | false | +| attach_metadata | AttachMetadata configures metadata attaching from service discovery | [AttachMetadata](#attachmetadata) | false | [Back to TOC](#table-of-contents) @@ -1537,10 +1525,10 @@ Endpoint defines a scrapeable endpoint serving Prometheus metrics. NamespaceSelector is a selector for selecting either all namespaces or a list of namespaces. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| any | Boolean describing whether all namespaces are selected in contrast to a list restricting them. | bool | false | -| matchNames | List of namespace names. | []string | false | +| Field | Description | Scheme | Required | +| ---------- | ---------------------------------------------------------------------------------------------- | -------- | -------- | +| any | Boolean describing whether all namespaces are selected in contrast to a list restricting them. | bool | false | +| matchNames | List of namespace names. | []string | false | [Back to TOC](#table-of-contents) @@ -1548,14 +1536,14 @@ NamespaceSelector is a selector for selecting either all namespaces or a list of OAuth2 defines OAuth2 configuration -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| client_id | The secret or configmap containing the OAuth2 client id | [SecretOrConfigMap](#secretorconfigmap) | true | -| client_secret | The secret containing the OAuth2 client secret | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| client_secret_file | ClientSecretFile defines path for client secret file. | string | false | -| token_url | The URL to fetch the token from | string | true | -| scopes | OAuth2 scopes used for the token request | []string | false | -| endpoint_params | Parameters to append to the token URL | map[string]string | false | +| Field | Description | Scheme | Required | +| ------------------ | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| client_id | The secret or configmap containing the OAuth2 client id | [SecretOrConfigMap](#secretorconfigmap) | true | +| client_secret | The secret containing the OAuth2 client secret | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| client_secret_file | ClientSecretFile defines path for client secret file. | string | false | +| token_url | The URL to fetch the token from | string | true | +| scopes | OAuth2 scopes used for the token request | []string | false | +| endpoint_params | Parameters to append to the token URL | map[string]string | false | [Back to TOC](#table-of-contents) @@ -1563,12 +1551,12 @@ OAuth2 defines OAuth2 configuration ProxyAuth represent proxy auth config Only VictoriaMetrics scrapers supports it. See https://github.com/VictoriaMetrics/VictoriaMetrics/commit/a6a71ef861444eb11fe8ec6d2387f0fc0c4aea87 -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| basic_auth | | *[BasicAuth](#basicauth) | false | -| bearer_token | | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| bearer_token_file | | string | false | -| tls_config | | *[TLSConfig](#tlsconfig) | false | +| Field | Description | Scheme | Required | +| ----------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| basic_auth | | \*[BasicAuth](#basicauth) | false | +| bearer_token | | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| bearer_token_file | | string | false | +| tls_config | | \*[TLSConfig](#tlsconfig) | false | [Back to TOC](#table-of-contents) @@ -1576,20 +1564,20 @@ ProxyAuth represent proxy auth config Only VictoriaMetrics scrapers supports it. RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| source_labels | UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131 | []string | false | -| target_label | UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131 | string | false | -| sourceLabels | The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. | []string | false | -| separator | Separator placed between concatenated source label values. default is ';'. | string | false | -| targetLabel | Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. | string | false | -| regex | Regular expression against which the extracted value is matched. Default is '(.*)' | string | false | -| modulus | Modulus to take of the hash of the source label values. | uint64 | false | -| replacement | Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' | string | false | -| action | Action to perform based on regex matching. Default is 'replace' | string | false | -| if | If represents metricsQL match expression (or list of expressions): '{__name__=~\"foo_.*\"}' | StringOrArray | false | -| match | Match is used together with Labels for `action: graphite` | string | false | -| labels | Labels is used together with Match for `action: graphite` | map[string]string | false | +| Field | Description | Scheme | Required | +| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | -------- | +| source_labels | UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131 | []string | false | +| target_label | UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131 | string | false | +| sourceLabels | The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. | []string | false | +| separator | Separator placed between concatenated source label values. default is ';'. | string | false | +| targetLabel | Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. | string | false | +| regex | Regular expression against which the extracted value is matched. Default is '(.\*)' | string | false | +| modulus | Modulus to take of the hash of the source label values. | uint64 | false | +| replacement | Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' | string | false | +| action | Action to perform based on regex matching. Default is 'replace' | string | false | +| if | If represents metricsQL match expression (or list of expressions): '{**name**=~\"foo\_.\*\"}' | StringOrArray | false | +| match | Match is used together with Labels for `action: graphite` | string | false | +| labels | Labels is used together with Match for `action: graphite` | map[string]string | false | [Back to TOC](#table-of-contents) @@ -1597,10 +1585,10 @@ RelabelConfig allows dynamic rewriting of the label set, being applied to sample SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| secret | Secret containing data to use for the targets. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| configMap | ConfigMap containing data to use for the targets. | *v1.ConfigMapKeySelector | false | +| Field | Description | Scheme | Required | +| --------- | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| secret | Secret containing data to use for the targets. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| configMap | ConfigMap containing data to use for the targets. | \*v1.ConfigMapKeySelector | false | [Back to TOC](#table-of-contents) @@ -1608,16 +1596,16 @@ SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mu TLSConfig specifies TLSConfig configuration parameters. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| caFile | Path to the CA cert in the container to use for the targets. | string | false | -| ca | Stuct containing the CA cert to use for the targets. | [SecretOrConfigMap](#secretorconfigmap) | false | -| certFile | Path to the client cert file in the container for the targets. | string | false | -| cert | Struct containing the client cert file for the targets. | [SecretOrConfigMap](#secretorconfigmap) | false | -| keyFile | Path to the client key file in the container for the targets. | string | false | -| keySecret | Secret containing the client key file for the targets. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| serverName | Used to verify the hostname for the targets. | string | false | -| insecureSkipVerify | Disable target certificate validation. | bool | false | +| Field | Description | Scheme | Required | +| ------------------ | -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| caFile | Path to the CA cert in the container to use for the targets. | string | false | +| ca | Stuct containing the CA cert to use for the targets. | [SecretOrConfigMap](#secretorconfigmap) | false | +| certFile | Path to the client cert file in the container for the targets. | string | false | +| cert | Struct containing the client cert file for the targets. | [SecretOrConfigMap](#secretorconfigmap) | false | +| keyFile | Path to the client key file in the container for the targets. | string | false | +| keySecret | Secret containing the client key file for the targets. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| serverName | Used to verify the hostname for the targets. | string | false | +| insecureSkipVerify | Disable target certificate validation. | bool | false | [Back to TOC](#table-of-contents) @@ -1625,18 +1613,18 @@ TLSConfig specifies TLSConfig configuration parameters. VMScrapeParams defines scrape target configuration that compatible only with VictoriaMetrics scrapers VMAgent and VMSingle -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| relabel_debug | deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release | *bool | false | -| metric_relabel_debug | deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release | *bool | false | -| disable_compression | | *bool | false | -| disable_keep_alive | disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent.html#scrape_config-enhancements | *bool | false | -| no_stale_markers | | *bool | false | -| stream_parse | | *bool | false | -| scrape_align_interval | | *string | false | -| scrape_offset | | *string | false | -| proxy_client_config | ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy | *[ProxyAuth](#proxyauth) | false | -| headers | Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version | []string | false | +| Field | Description | Scheme | Required | +| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -------- | +| relabel_debug | deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release | \*bool | false | +| metric_relabel_debug | deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release | \*bool | false | +| disable_compression | | \*bool | false | +| disable_keep_alive | disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent.html#scrape_config-enhancements | \*bool | false | +| no_stale_markers | | \*bool | false | +| stream_parse | | \*bool | false | +| scrape_align_interval | | \*string | false | +| scrape_offset | | \*string | false | +| proxy_client_config | ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy | \*[ProxyAuth](#proxyauth) | false | +| headers | Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version | []string | false | [Back to TOC](#table-of-contents) @@ -1644,11 +1632,11 @@ VMScrapeParams defines scrape target configuration that compatible only with Vic VMServiceScrape is scrape configuration for endpoints associated with kubernetes service, it generates scrape configuration for vmagent based on selectors. result config will scrape service endpoints -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMServiceScrapeSpec](#vmservicescrapespec) | true | -| status | | [VMServiceScrapeStatus](#vmservicescrapestatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMServiceScrapeSpec](#vmservicescrapespec) | true | +| status | | [VMServiceScrapeStatus](#vmservicescrapestatus) | false | [Back to TOC](#table-of-contents) @@ -1656,10 +1644,10 @@ VMServiceScrape is scrape configuration for endpoints associated with kubernetes VMServiceScrapeList contains a list of VMServiceScrape -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMServiceScrape](#vmservicescrape) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMServiceScrape](#vmservicescrape) | true | [Back to TOC](#table-of-contents) @@ -1667,18 +1655,18 @@ VMServiceScrapeList contains a list of VMServiceScrape VMServiceScrapeSpec defines the desired state of VMServiceScrape -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| discoveryRole | DiscoveryRole - defines kubernetes_sd role for objects discovery. by default, its endpoints. can be changed to service or endpointslices. note, that with service setting, you have to use port: \"name\" and cannot use targetPort for endpoints. | string | false | -| jobLabel | The label to use to retrieve the job name from. | string | false | -| targetLabels | TargetLabels transfers labels on the Kubernetes Service onto the target. | []string | false | -| podTargetLabels | PodTargetLabels transfers labels on the Kubernetes Pod onto the target. | []string | false | -| endpoints | A list of endpoints allowed as part of this ServiceScrape. | [][Endpoint](#endpoint) | true | -| selector | Selector to select Endpoints objects by corresponding Service labels. | [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| namespaceSelector | Selector to select which namespaces the Endpoints objects are discovered from. | [NamespaceSelector](#namespaceselector) | false | -| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | -| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | -| attach_metadata | AttachMetadata configures metadata attaching from service discovery | [AttachMetadata](#attachmetadata) | false | +| Field | Description | Scheme | Required | +| ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------- | +| discoveryRole | DiscoveryRole - defines kubernetes_sd role for objects discovery. by default, its endpoints. can be changed to service or endpointslices. note, that with service setting, you have to use port: \"name\" and cannot use targetPort for endpoints. | string | false | +| jobLabel | The label to use to retrieve the job name from. | string | false | +| targetLabels | TargetLabels transfers labels on the Kubernetes Service onto the target. | []string | false | +| podTargetLabels | PodTargetLabels transfers labels on the Kubernetes Pod onto the target. | []string | false | +| endpoints | A list of endpoints allowed as part of this ServiceScrape. | [][Endpoint](#endpoint) | true | +| selector | Selector to select Endpoints objects by corresponding Service labels. | [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| namespaceSelector | Selector to select which namespaces the Endpoints objects are discovered from. | [NamespaceSelector](#namespaceselector) | false | +| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | +| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | +| attach_metadata | AttachMetadata configures metadata attaching from service discovery | [AttachMetadata](#attachmetadata) | false | [Back to TOC](#table-of-contents) @@ -1688,7 +1676,7 @@ ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| deny | | bool | false | +| deny | | bool | false | [Back to TOC](#table-of-contents) @@ -1696,33 +1684,33 @@ ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| port | Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. | string | false | -| targetPort | Deprecated: Use 'port' instead. | *intstr.IntOrString | false | -| path | HTTP path to scrape for metrics. | string | false | -| scheme | HTTP scheme to use for scraping. | string | false | -| params | Optional HTTP URL parameters | map[string][]string | false | -| follow_redirects | FollowRedirects controls redirects for scraping. | *bool | false | -| interval | Interval at which metrics should be scraped | string | false | -| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | -| scrapeTimeout | Timeout after which the scrape is ended | string | false | -| sampleLimit | SampleLimit defines per-podEndpoint limit on number of scraped samples that will be accepted. | uint64 | false | -| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | -| honorLabels | HonorLabels chooses the metric's labels on collisions with target labels. | bool | false | -| honorTimestamps | HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. | *bool | false | -| metricRelabelConfigs | MetricRelabelConfigs to apply to samples before ingestion. | []*[RelabelConfig](#relabelconfig) | false | -| relabelConfigs | RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []*[RelabelConfig](#relabelconfig) | false | -| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | *string | false | -| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | *[BasicAuth](#basicauth) | false | -| bearerTokenFile | File to read bearer token for scraping targets. | string | false | -| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| tlsConfig | TLSConfig configuration to use when scraping the endpoint | *[TLSConfig](#tlsconfig) | false | -| oauth2 | OAuth2 defines auth configuration | *[OAuth2](#oauth2) | false | -| authorization | Authorization with http header Authorization | *[Authorization](#authorization) | false | -| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | *[VMScrapeParams](#vmscrapeparams) | false | -| attach_metadata | AttachMetadata configures metadata attaching from service discovery | [AttachMetadata](#attachmetadata) | false | -| filterRunning | FilterRunning applies filter with pod status == running it prevents from scrapping metrics at failed or succeed state pods. enabled by default | *bool | false | +| Field | Description | Scheme | Required | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| port | Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. | string | false | +| targetPort | Deprecated: Use 'port' instead. | \*intstr.IntOrString | false | +| path | HTTP path to scrape for metrics. | string | false | +| scheme | HTTP scheme to use for scraping. | string | false | +| params | Optional HTTP URL parameters | map[string][]string | false | +| follow_redirects | FollowRedirects controls redirects for scraping. | \*bool | false | +| interval | Interval at which metrics should be scraped | string | false | +| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | +| scrapeTimeout | Timeout after which the scrape is ended | string | false | +| sampleLimit | SampleLimit defines per-podEndpoint limit on number of scraped samples that will be accepted. | uint64 | false | +| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | +| honorLabels | HonorLabels chooses the metric's labels on collisions with target labels. | bool | false | +| honorTimestamps | HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. | \*bool | false | +| metricRelabelConfigs | MetricRelabelConfigs to apply to samples before ingestion. | []\*[RelabelConfig](#relabelconfig) | false | +| relabelConfigs | RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []\*[RelabelConfig](#relabelconfig) | false | +| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | \*string | false | +| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | \*[BasicAuth](#basicauth) | false | +| bearerTokenFile | File to read bearer token for scraping targets. | string | false | +| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| tlsConfig | TLSConfig configuration to use when scraping the endpoint | \*[TLSConfig](#tlsconfig) | false | +| oauth2 | OAuth2 defines auth configuration | \*[OAuth2](#oauth2) | false | +| authorization | Authorization with http header Authorization | \*[Authorization](#authorization) | false | +| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | \*[VMScrapeParams](#vmscrapeparams) | false | +| attach_metadata | AttachMetadata configures metadata attaching from service discovery | [AttachMetadata](#attachmetadata) | false | +| filterRunning | FilterRunning applies filter with pod status == running it prevents from scrapping metrics at failed or succeed state pods. enabled by default | \*bool | false | [Back to TOC](#table-of-contents) @@ -1730,11 +1718,11 @@ PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Pro VMPodScrape is scrape configuration for pods, it generates vmagent's config for scraping pod targets based on selectors. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMPodScrapeSpec](#vmpodscrapespec) | false | -| status | | [VMPodScrapeStatus](#vmpodscrapestatus) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMPodScrapeSpec](#vmpodscrapespec) | false | +| status | | [VMPodScrapeStatus](#vmpodscrapestatus) | true | [Back to TOC](#table-of-contents) @@ -1742,10 +1730,10 @@ VMPodScrape is scrape configuration for pods, it generates vmagent's config for VMPodScrapeList contains a list of VMPodScrape -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMPodScrape](#vmpodscrape) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMPodScrape](#vmpodscrape) | true | [Back to TOC](#table-of-contents) @@ -1753,16 +1741,16 @@ VMPodScrapeList contains a list of VMPodScrape VMPodScrapeSpec defines the desired state of VMPodScrape -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| jobLabel | The label to use to retrieve the job name from. | string | false | -| podTargetLabels | PodTargetLabels transfers labels on the Kubernetes Pod onto the target. | []string | false | -| podMetricsEndpoints | A list of endpoints allowed as part of this PodMonitor. | [][PodMetricsEndpoint](#podmetricsendpoint) | true | -| selector | Selector to select Pod objects. | [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| namespaceSelector | Selector to select which namespaces the Endpoints objects are discovered from. | [NamespaceSelector](#namespaceselector) | false | -| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | -| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | -| attach_metadata | AttachMetadata configures metadata attaching from service discovery | [AttachMetadata](#attachmetadata) | false | +| Field | Description | Scheme | Required | +| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------- | +| jobLabel | The label to use to retrieve the job name from. | string | false | +| podTargetLabels | PodTargetLabels transfers labels on the Kubernetes Pod onto the target. | []string | false | +| podMetricsEndpoints | A list of endpoints allowed as part of this PodMonitor. | [][PodMetricsEndpoint](#podmetricsendpoint) | true | +| selector | Selector to select Pod objects. | [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| namespaceSelector | Selector to select which namespaces the Endpoints objects are discovered from. | [NamespaceSelector](#namespaceselector) | false | +| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | +| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | +| attach_metadata | AttachMetadata configures metadata attaching from service discovery | [AttachMetadata](#attachmetadata) | false | [Back to TOC](#table-of-contents) @@ -1770,54 +1758,50 @@ VMPodScrapeSpec defines the desired state of VMPodScrape Image defines docker image settings -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| repository | Repository contains name of docker image + it's repository if needed | string | false | -| tag | Tag contains desired docker image version | string | false | -| pullPolicy | PullPolicy describes how to pull docker image | [v1.PullPolicy](https://kubernetes.io/docs/concepts/containers/images#updating-images) | false | +| Field | Description | Scheme | Required | +| ---------- | ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------- | -------- | +| repository | Repository contains name of docker image + it's repository if needed | string | false | +| tag | Tag contains desired docker image version | string | false | +| pullPolicy | PullPolicy describes how to pull docker image | [v1.PullPolicy](https://kubernetes.io/docs/concepts/containers/images#updating-images) | false | [Back to TOC](#table-of-contents) ## InsertPorts - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| graphitePort | GraphitePort listen port | string | false | -| influxPort | InfluxPort listen port | string | false | -| openTSDBHTTPPort | OpenTSDBHTTPPort for http connections. | string | false | -| openTSDBPort | OpenTSDBPort for tcp and udp listen | string | false | +| Field | Description | Scheme | Required | +| ---------------- | -------------------------------------- | ------ | -------- | +| graphitePort | GraphitePort listen port | string | false | +| influxPort | InfluxPort listen port | string | false | +| openTSDBHTTPPort | OpenTSDBHTTPPort for http connections. | string | false | +| openTSDBPort | OpenTSDBPort for tcp and udp listen | string | false | [Back to TOC](#table-of-contents) ## VMBackup - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| acceptEULA | AcceptEULA accepts enterprise feature usage, must be set to true. otherwise backupmanager cannot be added to single/cluster version. https://victoriametrics.com/legal/esa/ | bool | true | -| snapshotCreateURL | SnapshotCreateURL overwrites url for snapshot create | string | false | -| snapshotDeleteURL | SnapShotDeleteURL overwrites url for snapshot delete | string | false | -| concurrency | Defines number of concurrent workers. Higher concurrency may reduce backup duration (default 10) | *int32 | false | -| destination | Defines destination for backup | string | false | -| destinationDisableSuffixAdd | DestinationDisableSuffixAdd - disables suffix adding for cluster version backups each vmstorage backup must have unique backup folder so operator adds POD_NAME as suffix for backup destination folder. | bool | false | -| customS3Endpoint | Custom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set | *string | false | -| credentialsSecret | CredentialsSecret is secret in the same namespace for access to remote storage The secret is mounted into /etc/vm/creds. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| disableHourly | Defines if hourly backups disabled (default false) | *bool | false | -| disableDaily | Defines if daily backups disabled (default false) | *bool | false | -| disableWeekly | Defines if weekly backups disabled (default false) | *bool | false | -| disableMonthly | Defines if monthly backups disabled (default false) | *bool | false | -| image | Image - docker image settings for VMBackuper | [Image](#image) | false | -| port | Port for health check connections | string | false | -| logFormat | LogFormat for VMBackup to be configured with. default or json | *string | false | -| logLevel | LogLevel for VMBackup to be configured with. | *string | false | -| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | -| extraArgs | extra args like maxBytesPerSecond default 0 | map[string]string | false | -| extraEnvs | | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | -| restore | Restore Allows to enable restore options for pod Read more: https://docs.victoriametrics.com/vmbackupmanager.html#restore-commands | *[VMRestore](#vmrestore) | false | +| Field | Description | Scheme | Required | +| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | -------- | +| acceptEULA | AcceptEULA accepts enterprise feature usage, must be set to true. otherwise backupmanager cannot be added to single/cluster version. https://victoriametrics.com/legal/esa/ | bool | true | +| snapshotCreateURL | SnapshotCreateURL overwrites url for snapshot create | string | false | +| snapshotDeleteURL | SnapShotDeleteURL overwrites url for snapshot delete | string | false | +| concurrency | Defines number of concurrent workers. Higher concurrency may reduce backup duration (default 10) | \*int32 | false | +| destination | Defines destination for backup | string | false | +| destinationDisableSuffixAdd | DestinationDisableSuffixAdd - disables suffix adding for cluster version backups each vmstorage backup must have unique backup folder so operator adds POD_NAME as suffix for backup destination folder. | bool | false | +| customS3Endpoint | Custom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set | \*string | false | +| credentialsSecret | CredentialsSecret is secret in the same namespace for access to remote storage The secret is mounted into /etc/vm/creds. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| disableHourly | Defines if hourly backups disabled (default false) | \*bool | false | +| disableDaily | Defines if daily backups disabled (default false) | \*bool | false | +| disableWeekly | Defines if weekly backups disabled (default false) | \*bool | false | +| disableMonthly | Defines if monthly backups disabled (default false) | \*bool | false | +| image | Image - docker image settings for VMBackuper | [Image](#image) | false | +| port | Port for health check connections | string | false | +| logFormat | LogFormat for VMBackup to be configured with. default or json | \*string | false | +| logLevel | LogLevel for VMBackup to be configured with. | \*string | false | +| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | +| extraArgs | extra args like maxBytesPerSecond default 0 | map[string]string | false | +| extraEnvs | | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | +| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | +| restore | Restore Allows to enable restore options for pod Read more: https://docs.victoriametrics.com/vmbackupmanager.html#restore-commands | \*[VMRestore](#vmrestore) | false | [Back to TOC](#table-of-contents) @@ -1825,11 +1809,11 @@ Image defines docker image settings VMCluster is fast, cost-effective and scalable time-series database. Cluster version with -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMClusterSpec](#vmclusterspec) | true | -| status | | [VMClusterStatus](#vmclusterstatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMClusterSpec](#vmclusterspec) | true | +| status | | [VMClusterStatus](#vmclusterstatus) | false | [Back to TOC](#table-of-contents) @@ -1837,10 +1821,10 @@ VMCluster is fast, cost-effective and scalable time-series database. Cluster ver VMClusterList contains a list of VMCluster -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMCluster](#vmcluster) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMCluster](#vmcluster) | true | [Back to TOC](#table-of-contents) @@ -1848,19 +1832,19 @@ VMClusterList contains a list of VMCluster VMClusterSpec defines the desired state of VMCluster -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| retentionPeriod | RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention | string | true | -| replicationFactor | ReplicationFactor defines how many copies of data make among distinct storage nodes | *int32 | false | -| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | -| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMSelect, VMStorage and VMInsert Pods. | string | false | -| clusterVersion | ClusterVersion defines default images tag for all components. it can be overwritten with component specific image.tag value. | string | false | -| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | -| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | *[License](#license) | false | -| vmselect | | *[VMSelect](#vmselect) | false | -| vminsert | | *[VMInsert](#vminsert) | false | -| vmstorage | | *[VMStorage](#vmstorage) | false | -| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | *bool | false | +| Field | Description | Scheme | Required | +| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | -------- | +| retentionPeriod | RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention | string | true | +| replicationFactor | ReplicationFactor defines how many copies of data make among distinct storage nodes | \*int32 | false | +| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | +| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMSelect, VMStorage and VMInsert Pods. | string | false | +| clusterVersion | ClusterVersion defines default images tag for all components. it can be overwritten with component specific image.tag value. | string | false | +| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | +| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | \*[License](#license) | false | +| vmselect | | \*[VMSelect](#vmselect) | false | +| vminsert | | \*[VMInsert](#vminsert) | false | +| vmstorage | | \*[VMStorage](#vmstorage) | false | +| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | \*bool | false | [Back to TOC](#table-of-contents) @@ -1868,200 +1852,190 @@ VMClusterSpec defines the desired state of VMCluster VMClusterStatus defines the observed state of VMCluster -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| updateFailCount | Deprecated. | int | true | -| lastSync | Deprecated. | string | false | -| clusterStatus | | UpdateStatus | false | -| reason | | string | false | +| Field | Description | Scheme | Required | +| --------------- | ----------- | ------------ | -------- | +| updateFailCount | Deprecated. | int | true | +| lastSync | Deprecated. | string | false | +| clusterStatus | | UpdateStatus | false | +| reason | | string | false | [Back to TOC](#table-of-contents) ## VMInsert - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMInsert pods. | *[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| image | Image - docker image settings for VMInsert | [Image](#image) | false | -| secrets | Secrets is a list of Secrets in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. | []string | false | -| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | -| logFormat | LogFormat for VMInsert to be configured with. default or json | string | false | -| logLevel | LogLevel for VMInsert to be configured with. | string | false | -| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | -| replicaCount | ReplicaCount is the expected size of the VMInsert cluster. The controller will eventually make the size of the running cluster equal to the expected size. | *int32 | true | -| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | -| volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | -| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMInsert container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | -| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | -| affinity | Affinity If specified, the pod's scheduling constraints. | *[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | -| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | -| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | *[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | -| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMInsert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| priorityClassName | Priority class assigned to the Pods | string | false | -| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | -| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | -| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | *v1.PodDNSConfig | false | -| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | -| extraArgs | | map[string]string | false | -| insertPorts | InsertPorts - additional listen ports for data ingestion. | *[InsertPorts](#insertports) | false | -| port | Port listen port | string | false | -| clusterNativeListenPort | ClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup | string | false | -| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | -| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | -| extraEnvs | ExtraEnvs that will be added to VMInsert pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be added to vminsert service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | -| serviceScrapeSpec | ServiceScrapeSpec that will be added to vminsert VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | -| updateStrategy | UpdateStrategy - overrides default update strategy. | *[appsv1.DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#deploymentstrategy-v1-apps) | false | -| rollingUpdate | RollingUpdate - overrides deployment update params. | *[appsv1.RollingUpdateDeployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#rollingupdatedeployment-v1-apps) | false | -| podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | -| livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| hpa | HPA defines kubernetes PodAutoScaling configuration version 2. | *[EmbeddedHPA](#embeddedhpa) | false | -| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | -| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | *int64 | false | -| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | +| Field | Description | Scheme | Required | +| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMInsert pods. | \*[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| image | Image - docker image settings for VMInsert | [Image](#image) | false | +| secrets | Secrets is a list of Secrets in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. | []string | false | +| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | +| logFormat | LogFormat for VMInsert to be configured with. default or json | string | false | +| logLevel | LogLevel for VMInsert to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | +| replicaCount | ReplicaCount is the expected size of the VMInsert cluster. The controller will eventually make the size of the running cluster equal to the expected size. | \*int32 | true | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | \*int32 | false | +| volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | +| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMInsert container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | +| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | +| affinity | Affinity If specified, the pod's scheduling constraints. | \*[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | +| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | +| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | \*[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | +| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMInsert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| priorityClassName | Priority class assigned to the Pods | string | false | +| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | +| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | +| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | \*v1.PodDNSConfig | false | +| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | +| extraArgs | | map[string]string | false | +| insertPorts | InsertPorts - additional listen ports for data ingestion. | \*[InsertPorts](#insertports) | false | +| port | Port listen port | string | false | +| clusterNativeListenPort | ClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup | string | false | +| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | +| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | \*string | false | +| extraEnvs | ExtraEnvs that will be added to VMInsert pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | +| serviceSpec | ServiceSpec that will be added to vminsert service spec | \*[AdditionalServiceSpec](#additionalservicespec) | false | +| serviceScrapeSpec | ServiceScrapeSpec that will be added to vminsert VMServiceScrape spec | \*[VMServiceScrapeSpec](#vmservicescrapespec) | false | +| updateStrategy | UpdateStrategy - overrides default update strategy. | \*[appsv1.DeploymentStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#deploymentstrategy-v1-apps) | false | +| rollingUpdate | RollingUpdate - overrides deployment update params. | \*[appsv1.RollingUpdateDeployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#rollingupdatedeployment-v1-apps) | false | +| podDisruptionBudget | PodDisruptionBudget created by operator | \*[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | +| livenessProbe | LivenessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| readinessProbe | ReadinessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| startupProbe | StartupProbe that will be added to CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| hpa | HPA defines kubernetes PodAutoScaling configuration version 2. | \*[EmbeddedHPA](#embeddedhpa) | false | +| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | +| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | \*int64 | false | +| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | [Back to TOC](#table-of-contents) ## VMRestore - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| onStart | OnStart defines configuration for restore on pod start | *[VMRestoreOnStartConfig](#vmrestoreonstartconfig) | false | +| Field | Description | Scheme | Required | +| ------- | ------------------------------------------------------ | --------------------------------------------------- | -------- | +| onStart | OnStart defines configuration for restore on pod start | \*[VMRestoreOnStartConfig](#vmrestoreonstartconfig) | false | [Back to TOC](#table-of-contents) ## VMRestoreOnStartConfig - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| enabled | Enabled defines if restore on start enabled | bool | false | +| Field | Description | Scheme | Required | +| ------- | ------------------------------------------- | ------ | -------- | +| enabled | Enabled defines if restore on start enabled | bool | false | [Back to TOC](#table-of-contents) ## VMSelect - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMSelect pods. | *[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| image | Image - docker image settings for VMSelect | [Image](#image) | false | -| secrets | Secrets is a list of Secrets in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. | []string | false | -| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | -| logFormat | LogFormat for VMSelect to be configured with. default or json | string | false | -| logLevel | LogLevel for VMSelect to be configured with. | string | false | -| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | -| replicaCount | ReplicaCount is the expected size of the VMSelect cluster. The controller will eventually make the size of the running cluster equal to the expected size. | *int32 | true | -| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | -| volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | -| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | -| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | -| affinity | Affinity If specified, the pod's scheduling constraints. | *[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | -| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | -| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | *[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | -| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMSelect configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| priorityClassName | Priority class assigned to the Pods | string | false | -| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | -| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | -| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | *v1.PodDNSConfig | false | -| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | -| cacheMountPath | CacheMountPath allows to add cache persistent for VMSelect, will use \"/cache\" as default if not specified. | string | false | -| persistentVolume | Storage - add persistent volume for cacheMounthPath its useful for persistent cache use storage instead of persistentVolume. | *[StorageSpec](#storagespec) | false | -| storage | StorageSpec - add persistent volume claim for cacheMountPath its needed for persistent cache | *[StorageSpec](#storagespec) | false | -| extraEnvs | ExtraEnvs that will be added to VMSelect pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| extraArgs | | map[string]string | false | -| port | Port listen port | string | false | -| clusterNativeListenPort | ClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup | string | false | -| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | -| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | -| serviceSpec | ServiceSpec that will be added to vmselect service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | -| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmselect VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | -| podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | -| livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| hpa | Configures horizontal pod autoscaling. Note, enabling this option disables vmselect to vmselect communication. In most cases it's not an issue. | *[EmbeddedHPA](#embeddedhpa) | false | -| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | -| rollingUpdateStrategy | RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate | [appsv1.StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#statefulsetupdatestrategy-v1-apps) | false | -| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | *int64 | false | -| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | -| claimTemplates | ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet | [][v1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaim-v1-core) | false | +| Field | Description | Scheme | Required | +| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMSelect pods. | \*[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| image | Image - docker image settings for VMSelect | [Image](#image) | false | +| secrets | Secrets is a list of Secrets in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. | []string | false | +| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | +| logFormat | LogFormat for VMSelect to be configured with. default or json | string | false | +| logLevel | LogLevel for VMSelect to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | +| replicaCount | ReplicaCount is the expected size of the VMSelect cluster. The controller will eventually make the size of the running cluster equal to the expected size. | \*int32 | true | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | \*int32 | false | +| volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | +| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | +| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | +| affinity | Affinity If specified, the pod's scheduling constraints. | \*[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | +| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | +| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | \*[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | +| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMSelect configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| priorityClassName | Priority class assigned to the Pods | string | false | +| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | +| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | +| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | \*v1.PodDNSConfig | false | +| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | +| cacheMountPath | CacheMountPath allows to add cache persistent for VMSelect, will use \"/cache\" as default if not specified. | string | false | +| persistentVolume | Storage - add persistent volume for cacheMounthPath its useful for persistent cache use storage instead of persistentVolume. | \*[StorageSpec](#storagespec) | false | +| storage | StorageSpec - add persistent volume claim for cacheMountPath its needed for persistent cache | \*[StorageSpec](#storagespec) | false | +| extraEnvs | ExtraEnvs that will be added to VMSelect pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | +| extraArgs | | map[string]string | false | +| port | Port listen port | string | false | +| clusterNativeListenPort | ClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup | string | false | +| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | +| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | \*string | false | +| serviceSpec | ServiceSpec that will be added to vmselect service spec | \*[AdditionalServiceSpec](#additionalservicespec) | false | +| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmselect VMServiceScrape spec | \*[VMServiceScrapeSpec](#vmservicescrapespec) | false | +| podDisruptionBudget | PodDisruptionBudget created by operator | \*[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | +| livenessProbe | LivenessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| readinessProbe | ReadinessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| startupProbe | StartupProbe that will be added to CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| hpa | Configures horizontal pod autoscaling. Note, enabling this option disables vmselect to vmselect communication. In most cases it's not an issue. | \*[EmbeddedHPA](#embeddedhpa) | false | +| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | +| rollingUpdateStrategy | RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate | [appsv1.StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#statefulsetupdatestrategy-v1-apps) | false | +| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | \*int64 | false | +| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | +| claimTemplates | ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet | [][v1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaim-v1-core) | false | [Back to TOC](#table-of-contents) ## VMStorage - - -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | -| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMStorage pods. | *[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| image | Image - docker image settings for VMStorage | [Image](#image) | false | -| secrets | Secrets is a list of Secrets in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. | []string | false | -| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | -| logFormat | LogFormat for VMStorage to be configured with. default or json | string | false | -| logLevel | LogLevel for VMStorage to be configured with. | string | false | -| replicaCount | ReplicaCount is the expected size of the VMStorage cluster. The controller will eventually make the size of the running cluster equal to the expected size. | *int32 | true | -| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | -| volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | -| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMStorage container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | -| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | -| affinity | Affinity If specified, the pod's scheduling constraints. | *[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | -| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | -| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | *[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | -| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMStorage configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| priorityClassName | Priority class assigned to the Pods | string | false | -| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | -| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | -| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | *v1.PodDNSConfig | false | -| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | -| storageDataPath | StorageDataPath - path to storage data | string | false | -| storage | Storage - add persistent volume for StorageDataPath its useful for persistent cache | *[StorageSpec](#storagespec) | false | -| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | int64 | false | -| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | -| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | -| port | Port for health check connetions | string | false | -| vmInsertPort | VMInsertPort for VMInsert connections | string | false | -| vmSelectPort | VMSelectPort for VMSelect connections | string | false | -| vmBackup | VMBackup configuration for backup | *[VMBackup](#vmbackup) | false | -| extraArgs | | map[string]string | false | -| extraEnvs | ExtraEnvs that will be added to VMStorage pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be create additional service for vmstorage | *[AdditionalServiceSpec](#additionalservicespec) | false | -| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmstorage VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | -| podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | -| livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| maintenanceInsertNodeIDs | MaintenanceInsertNodeIDs - excludes given node ids from insert requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. lets say, you have pod-0, pod-1, pod-2, pod-3. to exclude pod-0 and pod-3 from insert routing, define nodeIDs: [0,3]. Useful at storage expanding, when you want to rebalance some data at cluster. | []int32 | false | -| maintenanceSelectNodeIDs | MaintenanceInsertNodeIDs - excludes given node ids from select requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. | []int32 | false | -| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | -| rollingUpdateStrategy | RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate | [appsv1.StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#statefulsetupdatestrategy-v1-apps) | false | -| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | -| claimTemplates | ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet | [][v1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaim-v1-core) | false | +| Field | Description | Scheme | Required | +| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | +| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMStorage pods. | \*[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| image | Image - docker image settings for VMStorage | [Image](#image) | false | +| secrets | Secrets is a list of Secrets in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. | []string | false | +| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. | []string | false | +| logFormat | LogFormat for VMStorage to be configured with. default or json | string | false | +| logLevel | LogLevel for VMStorage to be configured with. | string | false | +| replicaCount | ReplicaCount is the expected size of the VMStorage cluster. The controller will eventually make the size of the running cluster equal to the expected size. | \*int32 | true | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | \*int32 | false | +| volumes | Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | +| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMStorage container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | +| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | +| affinity | Affinity If specified, the pod's scheduling constraints. | \*[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | +| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | +| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | \*[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | +| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMStorage configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| priorityClassName | Priority class assigned to the Pods | string | false | +| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | +| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | +| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | \*v1.PodDNSConfig | false | +| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | +| storageDataPath | StorageDataPath - path to storage data | string | false | +| storage | Storage - add persistent volume for StorageDataPath its useful for persistent cache | \*[StorageSpec](#storagespec) | false | +| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | int64 | false | +| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | +| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | \*string | false | +| port | Port for health check connetions | string | false | +| vmInsertPort | VMInsertPort for VMInsert connections | string | false | +| vmSelectPort | VMSelectPort for VMSelect connections | string | false | +| vmBackup | VMBackup configuration for backup | \*[VMBackup](#vmbackup) | false | +| extraArgs | | map[string]string | false | +| extraEnvs | ExtraEnvs that will be added to VMStorage pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | +| serviceSpec | ServiceSpec that will be create additional service for vmstorage | \*[AdditionalServiceSpec](#additionalservicespec) | false | +| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmstorage VMServiceScrape spec | \*[VMServiceScrapeSpec](#vmservicescrapespec) | false | +| podDisruptionBudget | PodDisruptionBudget created by operator | \*[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | +| livenessProbe | LivenessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| readinessProbe | ReadinessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| startupProbe | StartupProbe that will be added to CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| maintenanceInsertNodeIDs | MaintenanceInsertNodeIDs - excludes given node ids from insert requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. lets say, you have pod-0, pod-1, pod-2, pod-3. to exclude pod-0 and pod-3 from insert routing, define nodeIDs: [0,3]. Useful at storage expanding, when you want to rebalance some data at cluster. | []int32 | false | +| maintenanceSelectNodeIDs | MaintenanceInsertNodeIDs - excludes given node ids from select requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. | []int32 | false | +| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | +| rollingUpdateStrategy | RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate | [appsv1.StatefulSetUpdateStrategyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#statefulsetupdatestrategy-v1-apps) | false | +| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | +| claimTemplates | ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet | [][v1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaim-v1-core) | false | [Back to TOC](#table-of-contents) ## VMNodeScrape -VMNodeScrape defines discovery for targets placed on kubernetes nodes, usually its node-exporters and other host services. InternalIP is used as __address__ for scraping. +VMNodeScrape defines discovery for targets placed on kubernetes nodes, usually its node-exporters and other host services. InternalIP is used as **address** for scraping. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMNodeScrapeSpec](#vmnodescrapespec) | false | -| status | | [VMNodeScrapeStatus](#vmnodescrapestatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMNodeScrapeSpec](#vmnodescrapespec) | false | +| status | | [VMNodeScrapeStatus](#vmnodescrapestatus) | false | [Back to TOC](#table-of-contents) @@ -2069,10 +2043,10 @@ VMNodeScrape defines discovery for targets placed on kubernetes nodes, usually i VMNodeScrapeList contains a list of VMNodeScrape -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMNodeScrape](#vmnodescrape) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMNodeScrape](#vmnodescrape) | true | [Back to TOC](#table-of-contents) @@ -2080,33 +2054,33 @@ VMNodeScrapeList contains a list of VMNodeScrape VMNodeScrapeSpec defines specification for VMNodeScrape. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| jobLabel | The label to use to retrieve the job name from. | string | false | -| targetLabels | TargetLabels transfers labels on the Kubernetes Node onto the target. | []string | false | -| port | Name of the port exposed at Node. | string | false | -| path | HTTP path to scrape for metrics. | string | false | -| scheme | HTTP scheme to use for scraping. | string | false | -| params | Optional HTTP URL parameters | map[string][]string | false | -| follow_redirects | FollowRedirects controls redirects for scraping. | *bool | false | -| interval | Interval at which metrics should be scraped | string | false | -| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | -| scrapeTimeout | Timeout after which the scrape is ended | string | false | -| oauth2 | OAuth2 defines auth configuration | *[OAuth2](#oauth2) | false | -| authorization | Authorization with http header Authorization | *[Authorization](#authorization) | false | -| tlsConfig | | *[TLSConfig](#tlsconfig) | false | -| bearerTokenFile | File to read bearer token for scraping targets. | string | false | -| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be accessible by the victoria-metrics operator. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| honorLabels | HonorLabels chooses the metric's labels on collisions with target labels. | bool | false | -| honorTimestamps | HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. | *bool | false | -| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | *[BasicAuth](#basicauth) | false | -| metricRelabelConfigs | MetricRelabelConfigs to apply to samples before ingestion. | []*[RelabelConfig](#relabelconfig) | false | -| relabelConfigs | RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []*[RelabelConfig](#relabelconfig) | false | -| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | *string | false | -| selector | Selector to select kubernetes Nodes. | [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | -| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | -| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | *[VMScrapeParams](#vmscrapeparams) | false | +| Field | Description | Scheme | Required | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| jobLabel | The label to use to retrieve the job name from. | string | false | +| targetLabels | TargetLabels transfers labels on the Kubernetes Node onto the target. | []string | false | +| port | Name of the port exposed at Node. | string | false | +| path | HTTP path to scrape for metrics. | string | false | +| scheme | HTTP scheme to use for scraping. | string | false | +| params | Optional HTTP URL parameters | map[string][]string | false | +| follow_redirects | FollowRedirects controls redirects for scraping. | \*bool | false | +| interval | Interval at which metrics should be scraped | string | false | +| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | +| scrapeTimeout | Timeout after which the scrape is ended | string | false | +| oauth2 | OAuth2 defines auth configuration | \*[OAuth2](#oauth2) | false | +| authorization | Authorization with http header Authorization | \*[Authorization](#authorization) | false | +| tlsConfig | | \*[TLSConfig](#tlsconfig) | false | +| bearerTokenFile | File to read bearer token for scraping targets. | string | false | +| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be accessible by the victoria-metrics operator. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| honorLabels | HonorLabels chooses the metric's labels on collisions with target labels. | bool | false | +| honorTimestamps | HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. | \*bool | false | +| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | \*[BasicAuth](#basicauth) | false | +| metricRelabelConfigs | MetricRelabelConfigs to apply to samples before ingestion. | []\*[RelabelConfig](#relabelconfig) | false | +| relabelConfigs | RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []\*[RelabelConfig](#relabelconfig) | false | +| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | \*string | false | +| selector | Selector to select kubernetes Nodes. | [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | +| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | +| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | \*[VMScrapeParams](#vmscrapeparams) | false | [Back to TOC](#table-of-contents) @@ -2114,11 +2088,11 @@ VMNodeScrapeSpec defines specification for VMNodeScrape. CRDRef describe CRD target reference. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| kind | Kind one of: VMAgent VMAlert VMCluster VMSingle or VMAlertManager | string | true | -| name | Name target CRD object name | string | true | -| namespace | Namespace target CRD object namespace. | string | true | +| Field | Description | Scheme | Required | +| --------- | ----------------------------------------------------------------- | ------ | -------- | +| kind | Kind one of: VMAgent VMAlert VMCluster VMSingle or VMAlertManager | string | true | +| name | Name target CRD object name | string | true | +| namespace | Namespace target CRD object namespace. | string | true | [Back to TOC](#table-of-contents) @@ -2126,10 +2100,10 @@ CRDRef describe CRD target reference. StaticRef - user-defined routing host address. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| url | URL http url for given staticRef. | string | false | -| urls | URLs allows setting multiple urls for load-balancing at vmauth-side. | []string | false | +| Field | Description | Scheme | Required | +| ----- | -------------------------------------------------------------------- | -------- | -------- | +| url | URL http url for given staticRef. | string | false | +| urls | URLs allows setting multiple urls for load-balancing at vmauth-side. | []string | false | [Back to TOC](#table-of-contents) @@ -2137,18 +2111,30 @@ StaticRef - user-defined routing host address. TargetRef describes target for user traffic forwarding. one of target types can be chosen: crd or static per targetRef. user can define multiple targetRefs with different ref Types. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| crd | CRD describes exist operator's CRD object, operator generates access url based on CRD params. | *[CRDRef](#crdref) | false | -| static | Static - user defined url for traffic forward, for instance http://vmsingle:8429 | *[StaticRef](#staticref) | false | -| paths | Paths - matched path to route. | []string | false | -| hosts | | []string | false | -| target_path_suffix | QueryParams []string `json:\"queryParams,omitempty\"` TargetPathSuffix allows to add some suffix to the target path It allows to hide tenant configuration from user with crd as ref. it also may contain any url encoded params. | string | false | -| headers | Headers represent additional http headers, that vmauth uses in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.68.0 version of vmauth | []string | false | -| response_headers | ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.93.0 version of vmauth | []string | false | -| retry_status_codes | RetryStatusCodes defines http status codes in numeric format for request retries Can be defined per target or at VMUser.spec level e.g. [429,503] | []int | false | -| load_balancing_policy | LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default \"least_loaded\") | *string | false | -| drop_src_path_prefix_parts | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. | *int | false | +| Field | Description | Scheme | Required | +| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | -------- | +| crd | CRD describes exist operator's CRD object, operator generates access url based on CRD params. | \*[CRDRef](#crdref) | false | +| static | Static - user defined url for traffic forward, for instance http://vmsingle:8429 | \*[StaticRef](#staticref) | false | +| paths | Paths - matched path to route. | []string | false | +| hosts | | []string | false | +| target_path_suffix | QueryParams []string `json:\"queryParams,omitempty\"` TargetPathSuffix allows to add some suffix to the target path It allows to hide tenant configuration from user with crd as ref. it also may contain any url encoded params. | string | false | +| headers | Headers represent additional http headers, that vmauth uses in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.68.0 version of vmauth | []string | false | +| response_headers | ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.93.0 version of vmauth | []string | false | +| retry_status_codes | RetryStatusCodes defines http status codes in numeric format for request retries Can be defined per target or at VMUser.spec level e.g. [429,503] | []int | false | +| load_balancing_policy | LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default \"least_loaded\") | \*string | false | +| drop_src_path_prefix_parts | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. | \*int | false | +| targetRefBasicAuth | TargetRefBasicAuth allow an target endpoint to authenticate over basic authentication | \*[TargetRefBasicAuth](#targetrefbasicauth) | false | + +[Back to TOC](#table-of-contents) + +## TargetRefBasicAuth + +TargetRefBasicAuth target basic authentication + +| Field | Description | Scheme | Required | +| -------- | ---------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------- | +| username | The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD | [v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | true | +| password | The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD | [v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | true | [Back to TOC](#table-of-contents) @@ -2156,11 +2142,11 @@ TargetRef describes target for user traffic forwarding. one of target types can VMUser is the Schema for the vmusers API -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMUserSpec](#vmuserspec) | false | -| status | | [VMUserStatus](#vmuserstatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMUserSpec](#vmuserspec) | false | +| status | | [VMUserStatus](#vmuserstatus) | false | [Back to TOC](#table-of-contents) @@ -2168,10 +2154,10 @@ VMUser is the Schema for the vmusers API VMUserIPFilters defines filters for IP addresses supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filters -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| deny_list | | []string | false | -| allow_list | | []string | false | +| Field | Description | Scheme | Required | +| ---------- | ----------- | -------- | -------- | +| deny_list | | []string | false | +| allow_list | | []string | false | [Back to TOC](#table-of-contents) @@ -2179,10 +2165,10 @@ VMUserIPFilters defines filters for IP addresses supported only with enterprise VMUserList contains a list of VMUser -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMUser](#vmuser) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMUser](#vmuser) | true | [Back to TOC](#table-of-contents) @@ -2190,27 +2176,27 @@ VMUserList contains a list of VMUser VMUserSpec defines the desired state of VMUser -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| name | Name of the VMUser object. | *string | false | -| username | UserName basic auth user name for accessing protected endpoint, will be replaced with metadata.name of VMUser if omitted. | *string | false | -| password | Password basic auth password for accessing protected endpoint. | *string | false | -| passwordRef | PasswordRef allows fetching password from user-create secret by its name and key. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| tokenRef | TokenRef allows fetching token from user-created secrets by its name and key. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| generatePassword | GeneratePassword instructs operator to generate password for user if spec.password if empty. | bool | false | -| bearerToken | BearerToken Authorization header value for accessing protected endpoint. | *string | false | -| targetRefs | TargetRefs - reference to endpoints, which user may access. | [][TargetRef](#targetref) | true | -| default_url | DefaultURLs backend url for non-matching paths filter usually used for default backend with error message | []string | false | -| ip_filters | IPFilters defines per target src ip filters supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filters | [VMUserIPFilters](#vmuseripfilters) | false | -| headers | Headers represent additional http headers, that vmauth uses in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.68.0 version of vmauth | []string | false | -| response_headers | ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.93.0 version of vmauth | []string | false | -| retry_status_codes | RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503] | []int | false | -| max_concurrent_requests | MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth | *int | false | -| load_balancing_policy | LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default \"least_loaded\") | *string | false | -| drop_src_path_prefix_parts | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. | *int | false | -| tls_insecure_skip_verify | TLSInsecureSkipVerify - whether to skip TLS verification when connecting to backend over HTTPS. See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup | bool | false | -| metric_labels | MetricLabels - additional labels for metrics exported by vmauth for given user. | map[string]string | false | -| disable_secret_creation | DisableSecretCreation skips related secret creation for vmuser | bool | false | +| Field | Description | Scheme | Required | +| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| name | Name of the VMUser object. | \*string | false | +| username | UserName basic auth user name for accessing protected endpoint, will be replaced with metadata.name of VMUser if omitted. | \*string | false | +| password | Password basic auth password for accessing protected endpoint. | \*string | false | +| passwordRef | PasswordRef allows fetching password from user-create secret by its name and key. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| tokenRef | TokenRef allows fetching token from user-created secrets by its name and key. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| generatePassword | GeneratePassword instructs operator to generate password for user if spec.password if empty. | bool | false | +| bearerToken | BearerToken Authorization header value for accessing protected endpoint. | \*string | false | +| targetRefs | TargetRefs - reference to endpoints, which user may access. | [][TargetRef](#targetref) | true | +| default_url | DefaultURLs backend url for non-matching paths filter usually used for default backend with error message | []string | false | +| ip_filters | IPFilters defines per target src ip filters supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filters | [VMUserIPFilters](#vmuseripfilters) | false | +| headers | Headers represent additional http headers, that vmauth uses in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.68.0 version of vmauth | []string | false | +| response_headers | ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.93.0 version of vmauth | []string | false | +| retry_status_codes | RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503] | []int | false | +| max_concurrent_requests | MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth | \*int | false | +| load_balancing_policy | LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default \"least_loaded\") | \*string | false | +| drop_src_path_prefix_parts | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. | \*int | false | +| tls_insecure_skip_verify | TLSInsecureSkipVerify - whether to skip TLS verification when connecting to backend over HTTPS. See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup | bool | false | +| metric_labels | MetricLabels - additional labels for metrics exported by vmauth for given user. | map[string]string | false | +| disable_secret_creation | DisableSecretCreation skips related secret creation for vmuser | bool | false | [Back to TOC](#table-of-contents) @@ -2218,17 +2204,17 @@ VMUserSpec defines the desired state of VMUser EmbeddedIngress describes ingress configuration options. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| class_name | ClassName defines ingress class name for VMAuth | *string | false | -| name | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names | string | false | -| labels | Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | map[string]string | false | -| annotations | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations | map[string]string | false | -| tlsHosts | TlsHosts configures TLS access for ingress, tlsSecretName must be defined for it. | []string | false | -| tlsSecretName | TlsSecretName defines secretname at the VMAuth namespace with cert and key https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | string | false | -| extraRules | ExtraRules - additional rules for ingress, must be checked for correctness by user. | [][v12.IngressRule](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#ingressrule-v1-networking-k8s-io) | false | -| extraTls | ExtraTLS - additional TLS configuration for ingress must be checked for correctness by user. | [][v12.IngressTLS](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#ingresstls-v1-networking-k8s-io) | false | -| host | Host defines ingress host parameter for default rule It will be used, only if TlsHosts is empty | string | false | +| Field | Description | Scheme | Required | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------- | +| class_name | ClassName defines ingress class name for VMAuth | \*string | false | +| name | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names | string | false | +| labels | Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | map[string]string | false | +| annotations | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations | map[string]string | false | +| tlsHosts | TlsHosts configures TLS access for ingress, tlsSecretName must be defined for it. | []string | false | +| tlsSecretName | TlsSecretName defines secretname at the VMAuth namespace with cert and key https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | string | false | +| extraRules | ExtraRules - additional rules for ingress, must be checked for correctness by user. | [][v12.IngressRule](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#ingressrule-v1-networking-k8s-io) | false | +| extraTls | ExtraTLS - additional TLS configuration for ingress must be checked for correctness by user. | [][v12.IngressTLS](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#ingresstls-v1-networking-k8s-io) | false | +| host | Host defines ingress host parameter for default rule It will be used, only if TlsHosts is empty | string | false | [Back to TOC](#table-of-contents) @@ -2236,11 +2222,11 @@ EmbeddedIngress describes ingress configuration options. VMAuth is the Schema for the vmauths API -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMAuthSpec](#vmauthspec) | false | -| status | | [VMAuthStatus](#vmauthstatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMAuthSpec](#vmauthspec) | false | +| status | | [VMAuthStatus](#vmauthstatus) | false | [Back to TOC](#table-of-contents) @@ -2248,10 +2234,10 @@ VMAuth is the Schema for the vmauths API VMAuthList contains a list of VMAuth -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMAuth](#vmauth) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMAuth](#vmauth) | true | [Back to TOC](#table-of-contents) @@ -2259,56 +2245,56 @@ VMAuthList contains a list of VMAuth VMAuthSpec defines the desired state of VMAuth -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMAuth pods. | *[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | -| image | Image - docker image settings for VMAuth if no specified operator uses default config version | [Image](#image) | false | -| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | -| secrets | Secrets is a list of Secrets in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods. | []string | false | -| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods. | []string | false | -| logLevel | LogLevel for victoria metrics single to be configured with. | string | false | -| logFormat | LogFormat for VMAuth to be configured with. | string | false | -| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | -| replicaCount | ReplicaCount is the expected size of the VMAuth | *int32 | false | -| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | *int32 | false | -| volumes | Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | -| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAuth container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | -| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | -| affinity | Affinity If specified, the pod's scheduling constraints. | *[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | -| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | -| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | *[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | -| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMAuth Pods. | string | false | -| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | -| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | *string | false | -| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | -| hostAliases | HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. | []v1.HostAlias | false | -| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | -| priorityClassName | PriorityClassName assigned to the Pods | string | false | -| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | -| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | -| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | *v1.PodDNSConfig | false | -| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | -| port | Port listen port | string | false | -| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such userSelector. with selectAllByDefault: true and empty userSelector and userNamespaceSelector Operator selects all exist users with selectAllByDefault: false - selects nothing | bool | false | -| userSelector | UserSelector defines VMUser to be selected for config file generation. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAuth namespace. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| userNamespaceSelector | UserNamespaceSelector Namespaces to be selected for VMAuth discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAuth namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| extraArgs | ExtraArgs that will be passed to VMAuth pod for example remoteWrite.tmpDataPath: /tmp | map[string]string | false | -| extraEnvs | ExtraEnvs that will be added to VMAuth pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | -| serviceSpec | ServiceSpec that will be added to vmsingle service spec | *[AdditionalServiceSpec](#additionalservicespec) | false | -| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmauth VMServiceScrape spec | *[VMServiceScrapeSpec](#vmservicescrapespec) | false | -| podDisruptionBudget | PodDisruptionBudget created by operator | *[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | -| ingress | Ingress enables ingress configuration for VMAuth. | *[EmbeddedIngress](#embeddedingress) | false | -| livenessProbe | LivenessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| readinessProbe | ReadinessProbe that will be added CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| startupProbe | StartupProbe that will be added to CRD pod | *[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | -| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | -| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | *int64 | false | -| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | -| unauthorizedAccessConfig | UnauthorizedAccessConfig configures access for un authorized users | [][VMAuthUnauthorizedPath](#vmauthunauthorizedpath) | false | -| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | *bool | false | -| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | *[License](#license) | false | -| configSecret | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAuth object, which contains auth configuration for vmauth, configuration must be inside secret key: config.yaml. It must be created and managed manually. If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders | string | false | +| Field | Description | Scheme | Required | +| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | -------- | +| podMetadata | PodMetadata configures Labels and Annotations which are propagated to the VMAuth pods. | \*[EmbeddedObjectMetadata](#embeddedobjectmetadata) | false | +| image | Image - docker image settings for VMAuth if no specified operator uses default config version | [Image](#image) | false | +| imagePullSecrets | ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#localobjectreference-v1-core) | false | +| secrets | Secrets is a list of Secrets in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods. | []string | false | +| configMaps | ConfigMaps is a list of ConfigMaps in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods. | []string | false | +| logLevel | LogLevel for victoria metrics single to be configured with. | string | false | +| logFormat | LogFormat for VMAuth to be configured with. | string | false | +| minReadySeconds | MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state | int32 | false | +| replicaCount | ReplicaCount is the expected size of the VMAuth | \*int32 | false | +| revisionHistoryLimitCount | The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. | \*int32 | false | +| volumes | Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core) | false | +| volumeMounts | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAuth container, that are generated as a result of StorageSpec objects. | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core) | false | +| resources | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | false | +| affinity | Affinity If specified, the pod's scheduling constraints. | \*[v1.Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core) | false | +| tolerations | Tolerations If specified, the pod's tolerations. | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core) | false | +| securityContext | SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | \*[v1.PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#podsecuritycontext-v1-core) | false | +| serviceAccountName | ServiceAccountName is the name of the ServiceAccount to use to run the VMAuth Pods. | string | false | +| schedulerName | SchedulerName - defines kubernetes scheduler name | string | false | +| runtimeClassName | RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ | \*string | false | +| podSecurityPolicyName | PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. | string | false | +| hostAliases | HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. | []v1.HostAlias | false | +| containers | Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | [][v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#container-v1-core) | false | +| priorityClassName | PriorityClassName assigned to the Pods | string | false | +| hostNetwork | HostNetwork controls whether the pod may use the node network namespace | bool | false | +| dnsPolicy | DNSPolicy sets DNS policy for the pod | [v1.DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#pod-v1-core) | false | +| dnsConfig | Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. | \*v1.PodDNSConfig | false | +| topologySpreadConstraints | TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | [][v1.TopologySpreadConstraint](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | false | +| port | Port listen port | string | false | +| selectAllByDefault | SelectAllByDefault changes default behavior for empty CRD selectors, such userSelector. with selectAllByDefault: true and empty userSelector and userNamespaceSelector Operator selects all exist users with selectAllByDefault: false - selects nothing | bool | false | +| userSelector | UserSelector defines VMUser to be selected for config file generation. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAuth namespace. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| userNamespaceSelector | UserNamespaceSelector Namespaces to be selected for VMAuth discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAuth namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault | \*[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| extraArgs | ExtraArgs that will be passed to VMAuth pod for example remoteWrite.tmpDataPath: /tmp | map[string]string | false | +| extraEnvs | ExtraEnvs that will be added to VMAuth pod | [][v1.EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) | false | +| serviceSpec | ServiceSpec that will be added to vmsingle service spec | \*[AdditionalServiceSpec](#additionalservicespec) | false | +| serviceScrapeSpec | ServiceScrapeSpec that will be added to vmauth VMServiceScrape spec | \*[VMServiceScrapeSpec](#vmservicescrapespec) | false | +| podDisruptionBudget | PodDisruptionBudget created by operator | \*[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec) | false | +| ingress | Ingress enables ingress configuration for VMAuth. | \*[EmbeddedIngress](#embeddedingress) | false | +| livenessProbe | LivenessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| readinessProbe | ReadinessProbe that will be added CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| startupProbe | StartupProbe that will be added to CRD pod | \*[v1.Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#probe-v1-core) | false | +| nodeSelector | NodeSelector Define which Nodes the Pods are scheduled on. | map[string]string | false | +| terminationGracePeriodSeconds | TerminationGracePeriodSeconds period for container graceful termination | \*int64 | false | +| readinessGates | ReadinessGates defines pod readiness gates | []v1.PodReadinessGate | false | +| unauthorizedAccessConfig | UnauthorizedAccessConfig configures access for un authorized users | [][VMAuthUnauthorizedPath](#vmauthunauthorizedpath) | false | +| useStrictSecurity | UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions | \*bool | false | +| license | License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html | \*[License](#license) | false | +| configSecret | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAuth object, which contains auth configuration for vmauth, configuration must be inside secret key: config.yaml. It must be created and managed manually. If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders | string | false | [Back to TOC](#table-of-contents) @@ -2316,10 +2302,10 @@ VMAuthSpec defines the desired state of VMAuth VMAuthStatus defines the observed state of VMAuth -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| updateStatus | UpdateStatus defines a status for update rollout, effective only for statefuleMode | UpdateStatus | false | -| reason | Reason defines fail reason for update process, effective only for statefuleMode | string | false | +| Field | Description | Scheme | Required | +| ------------ | ---------------------------------------------------------------------------------- | ------------ | -------- | +| updateStatus | UpdateStatus defines a status for update rollout, effective only for statefuleMode | UpdateStatus | false | +| reason | Reason defines fail reason for update process, effective only for statefuleMode | string | false | [Back to TOC](#table-of-contents) @@ -2327,17 +2313,17 @@ VMAuthStatus defines the observed state of VMAuth VMAuthUnauthorizedPath defines url_map for unauthorized access -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| src_paths | Paths src request paths | []string | false | -| url_prefix | URLs defines url_prefix for dst routing | []string | false | -| ip_filters | IPFilters defines filter for src ip address enterprise only | [VMUserIPFilters](#vmuseripfilters) | false | -| src_hosts | SrcHosts is the list of regular expressions, which match the request hostname. | []string | false | -| headers | Headers represent additional http headers, that vmauth uses in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.68.0 version of vmauth | []string | false | -| response_headers | ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.93.0 version of vmauth | []string | false | -| retry_status_codes | RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503] | []int | false | -| load_balancing_policy | LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default \"least_loaded\") | *string | false | -| drop_src_path_prefix_parts | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. | *int | false | +| Field | Description | Scheme | Required | +| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -------- | +| src_paths | Paths src request paths | []string | false | +| url_prefix | URLs defines url_prefix for dst routing | []string | false | +| ip_filters | IPFilters defines filter for src ip address enterprise only | [VMUserIPFilters](#vmuseripfilters) | false | +| src_hosts | SrcHosts is the list of regular expressions, which match the request hostname. | []string | false | +| headers | Headers represent additional http headers, that vmauth uses in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.68.0 version of vmauth | []string | false | +| response_headers | ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [\"header_key: header_value\"] multiple values for header key: [\"header_key: value1,value2\"] it's available since 1.93.0 version of vmauth | []string | false | +| retry_status_codes | RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503] | []int | false | +| load_balancing_policy | LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default \"least_loaded\") | \*string | false | +| drop_src_path_prefix_parts | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. | \*int | false | [Back to TOC](#table-of-contents) @@ -2345,44 +2331,44 @@ VMAuthUnauthorizedPath defines url_map for unauthorized access TargetEndpoint defines single static target endpoint. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| targets | Targets static targets addresses in form of [\"192.122.55.55:9100\",\"some-name:9100\"]. | []string | true | -| labels | Labels static labels for targets. | map[string]string | false | -| port | Default port for target. | string | false | -| path | HTTP path to scrape for metrics. | string | false | -| scheme | HTTP scheme to use for scraping. | string | false | -| params | Optional HTTP URL parameters | map[string][]string | false | -| follow_redirects | FollowRedirects controls redirects for scraping. | *bool | false | -| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | -| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | -| interval | Interval at which metrics should be scraped | string | false | -| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | -| scrapeTimeout | Timeout after which the scrape is ended | string | false | -| oauth2 | OAuth2 defines auth configuration | *[OAuth2](#oauth2) | false | -| tlsConfig | TLSConfig configuration to use when scraping the endpoint | *[TLSConfig](#tlsconfig) | false | -| bearerTokenFile | File to read bearer token for scraping targets. | string | false | -| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | *[BasicAuth](#basicauth) | false | -| authorization | Authorization with http header Authorization | *[Authorization](#authorization) | false | -| metricRelabelConfigs | MetricRelabelConfigs to apply to samples before ingestion. | []*[RelabelConfig](#relabelconfig) | false | -| relabelConfigs | RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []*[RelabelConfig](#relabelconfig) | false | -| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | *string | false | -| honorLabels | HonorLabels chooses the metric's labels on collisions with target labels. | bool | false | -| honorTimestamps | HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. | *bool | false | -| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | *[VMScrapeParams](#vmscrapeparams) | false | +| Field | Description | Scheme | Required | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| targets | Targets static targets addresses in form of [\"192.122.55.55:9100\",\"some-name:9100\"]. | []string | true | +| labels | Labels static labels for targets. | map[string]string | false | +| port | Default port for target. | string | false | +| path | HTTP path to scrape for metrics. | string | false | +| scheme | HTTP scheme to use for scraping. | string | false | +| params | Optional HTTP URL parameters | map[string][]string | false | +| follow_redirects | FollowRedirects controls redirects for scraping. | \*bool | false | +| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | +| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | +| interval | Interval at which metrics should be scraped | string | false | +| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | +| scrapeTimeout | Timeout after which the scrape is ended | string | false | +| oauth2 | OAuth2 defines auth configuration | \*[OAuth2](#oauth2) | false | +| tlsConfig | TLSConfig configuration to use when scraping the endpoint | \*[TLSConfig](#tlsconfig) | false | +| bearerTokenFile | File to read bearer token for scraping targets. | string | false | +| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | \*[BasicAuth](#basicauth) | false | +| authorization | Authorization with http header Authorization | \*[Authorization](#authorization) | false | +| metricRelabelConfigs | MetricRelabelConfigs to apply to samples before ingestion. | []\*[RelabelConfig](#relabelconfig) | false | +| relabelConfigs | RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []\*[RelabelConfig](#relabelconfig) | false | +| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | \*string | false | +| honorLabels | HonorLabels chooses the metric's labels on collisions with target labels. | bool | false | +| honorTimestamps | HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. | \*bool | false | +| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | \*[VMScrapeParams](#vmscrapeparams) | false | [Back to TOC](#table-of-contents) ## VMStaticScrape -VMStaticScrape defines static targets configuration for scraping. +VMStaticScrape defines static targets configuration for scraping. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMStaticScrapeSpec](#vmstaticscrapespec) | false | -| status | | [VMStaticScrapeStatus](#vmstaticscrapestatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMStaticScrapeSpec](#vmstaticscrapespec) | false | +| status | | [VMStaticScrapeStatus](#vmstaticscrapestatus) | false | [Back to TOC](#table-of-contents) @@ -2390,10 +2376,10 @@ VMStaticScrape defines static targets configuration for scraping. VMStaticScrapeList contains a list of VMStaticScrape -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMStaticScrape](#vmstaticscrape) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMStaticScrape](#vmstaticscrape) | true | [Back to TOC](#table-of-contents) @@ -2401,12 +2387,12 @@ VMStaticScrapeList contains a list of VMStaticScrape VMStaticScrapeSpec defines the desired state of VMStaticScrape. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| jobName | JobName name of job. | string | false | -| targetEndpoints | A list of target endpoints to scrape metrics from. | []*[TargetEndpoint](#targetendpoint) | true | -| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | -| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | +| Field | Description | Scheme | Required | +| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | -------- | +| jobName | JobName name of job. | string | false | +| targetEndpoints | A list of target endpoints to scrape metrics from. | []\*[TargetEndpoint](#targetendpoint) | true | +| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | +| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | [Back to TOC](#table-of-contents) @@ -2414,11 +2400,11 @@ VMStaticScrapeSpec defines the desired state of VMStaticScrape. ProbeTargetIngress defines the set of Ingress objects considered for probing. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| selector | Select Ingress objects by labels. | [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | -| namespaceSelector | Select Ingress objects by namespace. | [NamespaceSelector](#namespaceselector) | false | -| relabelingConfigs | RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []*[RelabelConfig](#relabelconfig) | false | +| Field | Description | Scheme | Required | +| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------- | +| selector | Select Ingress objects by labels. | [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta) | false | +| namespaceSelector | Select Ingress objects by namespace. | [NamespaceSelector](#namespaceselector) | false | +| relabelingConfigs | RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []\*[RelabelConfig](#relabelconfig) | false | [Back to TOC](#table-of-contents) @@ -2426,11 +2412,11 @@ ProbeTargetIngress defines the set of Ingress objects considered for probing. VMProbe defines a probe for targets, that will be executed with prober, like blackbox exporter. It helps to monitor reachability of target with various checks. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | -| spec | | [VMProbeSpec](#vmprobespec) | true | -| status | | [VMProbeStatus](#vmprobestatus) | false | +| Field | Description | Scheme | Required | +| -------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -------- | +| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | false | +| spec | | [VMProbeSpec](#vmprobespec) | true | +| status | | [VMProbeStatus](#vmprobestatus) | false | [Back to TOC](#table-of-contents) @@ -2438,10 +2424,10 @@ VMProbe defines a probe for targets, that will be executed with prober, like bla VMProbeList contains a list of VMProbe -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | -| items | | [][VMProbe](#vmprobe) | true | +| Field | Description | Scheme | Required | +| -------- | ----------- | -------------------------------------------------------------------------------------------------------- | -------- | +| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | false | +| items | | [][VMProbe](#vmprobe) | true | [Back to TOC](#table-of-contents) @@ -2449,27 +2435,27 @@ VMProbeList contains a list of VMProbe VMProbeSpec contains specification parameters for a Probe. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| jobName | The job name assigned to scraped metrics by default. | string | false | -| vmProberSpec | Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. | [VMProberSpec](#vmproberspec) | true | -| module | The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml | string | false | -| targets | Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. | [VMProbeTargets](#vmprobetargets) | false | -| interval | Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. | string | false | -| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | -| scrapeTimeout | Timeout for scraping metrics from the Prometheus exporter. | string | false | -| params | Optional HTTP URL parameters | map[string][]string | false | -| follow_redirects | FollowRedirects controls redirects for scraping. | *bool | false | -| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | -| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | -| bearerTokenFile | File to read bearer token for scraping targets. | string | false | -| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | -| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | *[BasicAuth](#basicauth) | false | -| oauth2 | OAuth2 defines auth configuration | *[OAuth2](#oauth2) | false | -| authorization | Authorization with http header Authorization | *[Authorization](#authorization) | false | -| tlsConfig | TLSConfig configuration to use when scraping the endpoint | *[TLSConfig](#tlsconfig) | false | -| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | *string | false | -| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | *[VMScrapeParams](#vmscrapeparams) | false | +| Field | Description | Scheme | Required | +| ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------- | +| jobName | The job name assigned to scraped metrics by default. | string | false | +| vmProberSpec | Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. | [VMProberSpec](#vmproberspec) | true | +| module | The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml | string | false | +| targets | Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. | [VMProbeTargets](#vmprobetargets) | false | +| interval | Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. | string | false | +| scrape_interval | ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used | string | false | +| scrapeTimeout | Timeout for scraping metrics from the Prometheus exporter. | string | false | +| params | Optional HTTP URL parameters | map[string][]string | false | +| follow_redirects | FollowRedirects controls redirects for scraping. | \*bool | false | +| sampleLimit | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | uint64 | false | +| seriesLimit | SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h. | uint64 | false | +| bearerTokenFile | File to read bearer token for scraping targets. | string | false | +| bearerTokenSecret | Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. | \*[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | false | +| basicAuth | BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints | \*[BasicAuth](#basicauth) | false | +| oauth2 | OAuth2 defines auth configuration | \*[OAuth2](#oauth2) | false | +| authorization | Authorization with http header Authorization | \*[Authorization](#authorization) | false | +| tlsConfig | TLSConfig configuration to use when scraping the endpoint | \*[TLSConfig](#tlsconfig) | false | +| proxyURL | ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. | \*string | false | +| vm_scrape_params | VMScrapeParams defines VictoriaMetrics specific scrape parametrs | \*[VMScrapeParams](#vmscrapeparams) | false | [Back to TOC](#table-of-contents) @@ -2477,11 +2463,11 @@ VMProbeSpec contains specification parameters for a Probe. VMProbeTargetStaticConfig defines the set of static targets considered for probing. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| targets | Targets is a list of URLs to probe using the configured prober. | []string | true | -| labels | Labels assigned to all metrics scraped from the targets. | map[string]string | false | -| relabelingConfigs | More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []*[RelabelConfig](#relabelconfig) | false | +| Field | Description | Scheme | Required | +| ----------------- | --------------------------------------------------------------------------------------------------- | ----------------------------------- | -------- | +| targets | Targets is a list of URLs to probe using the configured prober. | []string | true | +| labels | Labels assigned to all metrics scraped from the targets. | map[string]string | false | +| relabelingConfigs | More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | []\*[RelabelConfig](#relabelconfig) | false | [Back to TOC](#table-of-contents) @@ -2489,10 +2475,10 @@ VMProbeTargetStaticConfig defines the set of static targets considered for probi VMProbeTargets defines a set of static and dynamically discovered targets for the prober. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| staticConfig | StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. | *[VMProbeTargetStaticConfig](#vmprobetargetstaticconfig) | false | -| ingress | Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. | *[ProbeTargetIngress](#probetargetingress) | false | +| Field | Description | Scheme | Required | +| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------- | -------- | +| staticConfig | StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. | \*[VMProbeTargetStaticConfig](#vmprobetargetstaticconfig) | false | +| ingress | Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. | \*[ProbeTargetIngress](#probetargetingress) | false | [Back to TOC](#table-of-contents) @@ -2500,10 +2486,10 @@ VMProbeTargets defines a set of static and dynamically discovered targets for th VMProberSpec contains specification parameters for the Prober used for probing. -| Field | Description | Scheme | Required | -| ----- | ----------- | ------ | -------- | -| url | Mandatory URL of the prober. | string | true | -| scheme | HTTP scheme to use for scraping. Defaults to `http`. | string | false | -| path | Path to collect metrics from. Defaults to `/probe`. | string | false | +| Field | Description | Scheme | Required | +| ------ | ---------------------------------------------------- | ------ | -------- | +| url | Mandatory URL of the prober. | string | true | +| scheme | HTTP scheme to use for scraping. Defaults to `http`. | string | false | +| path | Path to collect metrics from. Defaults to `/probe`. | string | false | [Back to TOC](#table-of-contents)