victoriametrics.com

Packages #

operator.victoriametrics.com/v1beta1 #

Package v1beta1 contains API Schema definitions for the victoriametrics v1beta1 API group

Resource Types #

APIServerConfig #

APIServerConfig defines a host and auth methods to access apiserver.

Appears in:

FieldDescription
authorization
Authorization		(Optional)
basicAuth
BasicAuth		(Optional)
BasicAuth allow an endpoint to authenticate over basic authentication
bearerToken
string		(Optional)
Bearer token for accessing apiserver.
bearerTokenFile
string		(Optional)
File to read bearer token for accessing apiserver.
host
string		Host of apiserver.
A valid string consisting of a hostname or IP followed by an optional port number
tlsConfig
TLSConfig		(Optional)
TLSConfig Config to use for accessing apiserver.

AdditionalServiceSpec #

ServiceSpec defines additional service for CRD with user-defined params. by default, some of fields can be inherited from default service definition for the CRD: labels,selector, ports. if metadata.name is not defined, service will have format {{CRD_TYPE}}-{{CRD_NAME}}-additional-service. if UseAsDefault is set to true, changes applied to the main service without additional service creation

Appears in:

FieldDescription
metadata
EmbeddedObjectMetadata		(Optional)
Refer to Kubernetes API documentation for fields of metadata.
spec
ServiceSpec		ServiceSpec describes the attributes that a user creates on a service.
More info: https://kubernetes.io/docs/concepts/services-networking/service/
useAsDefault
boolean		(Optional)
UseAsDefault applies changes from given service definition to the main object Service
Changing from headless service to clusterIP or loadbalancer may break cross-component communication

AlertmanagerGossipConfig #

AlertmanagerGossipConfig defines Gossip TLS configuration for alertmanager

Appears in:

FieldDescription
tls_client_config
TLSClientConfig		TLSClientConfig defines client TLS configuration for alertmanager
tls_server_config
TLSServerConfig		TLSServerConfig defines server TLS configuration for alertmanager

AlertmanagerHTTPConfig #

AlertmanagerHTTPConfig defines http server configuration for alertmanager

Appears in:

FieldDescription
headers
object (keys:string, values:string)		(Optional)
Headers defines list of headers that can be added to HTTP responses.
http2
boolean		(Optional)
HTTP2 enables HTTP/2 support. Note that HTTP/2 is only supported with TLS.
This can not be changed on the fly.

AlertmanagerWebConfig #

AlertmanagerWebConfig defines web server configuration for alertmanager

Appears in:

FieldDescription
basic_auth_users
object (keys:string, values:string)		(Optional)
BasicAuthUsers Usernames and hashed passwords that have full access to the web server
Passwords must be hashed with bcrypt
http_server_config
AlertmanagerHTTPConfig		(Optional)
HTTPServerConfig defines http server configuration for alertmanager web server
tls_server_config
TLSServerConfig		(Optional)
TLSServerConfig defines server TLS configuration for alertmanager

ArbitraryFSAccessThroughSMsConfig #

ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service scrape selected by the vmagent instance is allowed to use arbitrary files on the file system of the vmagent container. This is the case when e.g. a service scrape specifies a BearerTokenFile in an endpoint. A malicious user could create a service scrape selecting arbitrary secret files in the vmagent container. Those secrets would then be sent with a scrape request by vmagent to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.

Appears in:

FieldDescription
deny
boolean

AttachMetadata #

AttachMetadata configures metadata attachment

Appears in:

FieldDescription
node
boolean		(Optional)
Node instructs vmagent to add node specific metadata from service discovery
Valid for roles: pod, endpoints, endpointslice.

Authorization #

Authorization configures generic authorization params

Appears in:

FieldDescription
credentials
SecretKeySelector		Reference to the secret with value for authorization
credentialsFile
string		(Optional)
File with value for authorization
type
string		(Optional)
Type of authorization, default to bearer

AzureSDConfig #

AzureSDConfig allow retrieving scrape targets from Azure VMs. See here

Appears in:

FieldDescription
authenticationMethod
string		(Optional)
# The authentication method, either OAuth or ManagedIdentity.
See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
clientID
string		(Optional)
Optional client ID. Only required with the OAuth authentication method.
clientSecret
SecretKeySelector		(Optional)
Optional client secret. Only required with the OAuth authentication method.
environment
string		(Optional)
The Azure environment.
port
integer		(Optional)
The port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
resourceGroup
string		(Optional)
Optional resource group name. Limits discovery to this resource group.
subscriptionID
string		The subscription ID. Always required.
tenantID
string		(Optional)
Optional tenant ID. Only required with the OAuth authentication method.

BasicAuth #

BasicAuth allow an endpoint to authenticate over basic authentication

Appears in:

FieldDescription
password
SecretKeySelector		(Optional)
Password defines reference for secret with password value
The secret needs to be in the same namespace as scrape object
password_file
string		(Optional)
PasswordFile defines path to password file at disk
must be pre-mounted
username
SecretKeySelector		(Optional)
Username defines reference for secret with username value
The secret needs to be in the same namespace as scrape object

BearerAuth #

BearerAuth defines auth with bearer token

Appears in:

FieldDescription
bearerTokenFile
string		(Optional)
Path to bearer token file
bearerTokenSecret
SecretKeySelector		(Optional)
Optional bearer auth token to use for -remoteWrite.url

CRDRef #

CRDRef describe CRD target reference.

Appears in:

FieldDescription
kind
string		Kind one of:
VMAgent,VMAlert, VMSingle, VMCluster/vmselect, VMCluster/vmstorage,VMCluster/vminsert or VMAlertManager
name
string		Name target CRD object name
namespace
string		Namespace target CRD object namespace.

Certs #

Certs defines TLS certs configuration

Appears in:

FieldDescription
cert_file
string		(Optional)
CertFile defines path to the pre-mounted file with certificate
mutually exclusive with CertSecretRef
cert_secret_ref
SecretKeySelector		(Optional)
CertSecretRef defines reference for secret with certificate content under given key
mutually exclusive with CertFile
key_file
string		(Optional)
KeyFile defines path to the pre-mounted file with certificate key
mutually exclusive with KeySecretRef
key_secret_ref
SecretKeySelector		(Optional)
Key defines reference for secret with certificate key content under given key
mutually exclusive with KeyFile

CommonApplicationDeploymentParams #

CommonApplicationDeploymentParams defines common params for deployment and statefulset specifications

Appears in:

FieldDescription
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

CommonConfigReloaderParams #

Appears in:

FieldDescription
configReloaderExtraArgs
object (keys:string, values:string)		(Optional)
ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
configReloaderImageTag
string		(Optional)
ConfigReloaderImageTag defines image:tag for config-reloader container
configReloaderResources
ResourceRequirements		(Optional)
ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
useVMConfigReloader
boolean		(Optional)
UseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates

CommonDefaultableParams #

CommonDefaultableParams contains Application settings with known values populated from operator configuration

Appears in:

FieldDescription
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
port
string		(Optional)
Port listen address
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions

Condition #

Condition defines status condition of the resource

Appears in:

FieldDescription
lastTransitionTime
Time		lastTransitionTime is the last time the condition transitioned from one status to another.
lastUpdateTime
Time		LastUpdateTime is the last time of given type update.
This value is used for status TTL update and removal
message
string		(Optional)
message is a human readable message indicating details about the transition.
This may be an empty string.
observedGeneration
integer		(Optional)
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
reason
string		reason contains a programmatic identifier indicating the reason for the condition’s last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
type
string		Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase.

ConfigMapKeyReference #

ConfigMapKeyReference refers to a key in a ConfigMap.

Appears in:

FieldDescription
key
string		The ConfigMap key to refer to.

ConsulSDConfig #

ConsulSDConfig defines a Consul service discovery configuration. See here

Appears in:

FieldDescription
allowStale
boolean		(Optional)
Allow stale Consul results (see https://developer.hashicorp.com/consul/api-docs/features/consistency). Will reduce load on Consul.
If unset, use its default value.
authorization
Authorization		(Optional)
Authorization header to use on every scrape request.
basicAuth
BasicAuth		(Optional)
BasicAuth information to use on every scrape request.
datacenter
string		(Optional)
Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter.
filter
string		(Optional)
Filter defines filter for /v1/catalog/services requests
See https://developer.hashicorp.com/consul/api-docs/features/filtering
followRedirects
boolean		(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects.
If unset, use its default value.
namespace
string		(Optional)
Namespaces are only supported in Consul Enterprise.
nodeMeta
object (keys:string, values:string)		(Optional)
Node metadata key/value pairs to filter nodes for a given service.
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
partition
string		(Optional)
Admin Partitions are only supported in Consul Enterprise.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
proxy_client_config
ProxyAuth		(Optional)
ProxyClientConfig configures proxy auth settings for scraping
See feature description
scheme
string		(Optional)
HTTP Scheme default “http”
server
string		A valid string consisting of a hostname or IP followed by an optional port number.
services
string array		(Optional)
A list of services for which targets are retrieved. If omitted, all services are scraped.
tagSeparator
string		(Optional)
The string by which Consul tags are joined into the tag label.
If unset, use its default value.
tags
string array		(Optional)
An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.
tlsConfig
TLSConfig		(Optional)
TLS configuration to use on every scrape request
tokenRef
SecretKeySelector		(Optional)
Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent.

ContainerSecurityContext #

ContainerSecurityContext defines security context for each application container

Appears in:

FieldDescription
allowPrivilegeEscalation
boolean		(Optional)
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.
capabilities
Capabilities		(Optional)
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.
privileged
boolean		(Optional)
Run containers in privileged mode.
Processes in privileged containers are essentially equivalent to root on the host.
Note that this field cannot be set when spec.os.name is windows.
procMount
ProcMountType		(Optional)
procMount denotes the type of proc mount to use for the containers.
The default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
readOnlyRootFilesystem
boolean		(Optional)
Whether this containers has a read-only root filesystem.
Default is false.
Note that this field cannot be set when spec.os.name is windows.

DNSSDConfig #

DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. The DNS servers to be contacted are read from /etc/resolv.conf. See here

Appears in:

FieldDescription
names
string array		A list of DNS domain names to be queried.
port
integer		(Optional)
The port number used if the query type is not SRV
Ignored for SRV records
type
string		(Optional)

DigitalOceanSDConfig #

DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean’s Droplets API. This service discovery uses the public IPv4 address by default, by that can be changed with relabeling. See here

Appears in:

FieldDescription
authorization
Authorization		(Optional)
Authorization header to use on every scrape request.
followRedirects
boolean		(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects.
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
port
integer		(Optional)
The port to scrape metrics from.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
proxy_client_config
ProxyAuth		(Optional)
ProxyClientConfig configures proxy auth settings for scraping
See feature description
tlsConfig
TLSConfig		(Optional)
TLS configuration to use on every scrape request

DiscordConfig #

Appears in:

FieldDescription
http_config
HTTPConfig		(Optional)
HTTP client configuration.
message
string		(Optional)
The message body template
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
title
string		(Optional)
The message title template
webhook_url
string		(Optional)
The discord webhook URL
one of urlSecret and url must be defined.
webhook_url_secret
SecretKeySelector		(Optional)
URLSecret defines secret name and key at the CRD namespace.
It must contain the webhook URL.
one of urlSecret and url must be defined.

DiscoverySelector #

DiscoverySelector can be used at CRD components discovery

Appears in:

FieldDescription
labelSelector
LabelSelector
namespaceSelector
NamespaceSelector

EC2Filter #

EC2Filter is the configuration for filtering EC2 instances.

Appears in:

FieldDescription
name
string
values
string array

EC2SDConfig #

EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets. See here

Appears in:

FieldDescription
accessKey
SecretKeySelector		(Optional)
AccessKey is the AWS API key.
filters
EC2Filter array		(Optional)
Filters can be used optionally to filter the instance list by other criteria.
Available filter criteria can be found here:
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html
port
integer		(Optional)
The port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
region
string		(Optional)
The AWS region
roleARN
string		(Optional)
AWS Role ARN, an alternative to using AWS API keys.
secretKey
SecretKeySelector		(Optional)
SecretKey is the AWS API secret.

EmailConfig #

EmailConfig configures notifications via Email.

Appears in:

FieldDescription
auth_identity
string		(Optional)
The identity to use for authentication.
auth_password
SecretKeySelector		(Optional)
AuthPassword defines secret name and key at CRD namespace.
auth_secret
SecretKeySelector		(Optional)
AuthSecret defines secrent name and key at CRD namespace.
It must contain the CRAM-MD5 secret.
auth_username
string		(Optional)
The username to use for authentication.
from
string		(Optional)
The sender address.
fallback to global setting if empty
headers
object (keys:string, values:string)		Further headers email header key/value pairs. Overrides any headers
previously set by the notification implementation.
hello
string		(Optional)
The hostname to identify to the SMTP server.
html
string		(Optional)
The HTML body of the email notification.
require_tls
boolean		(Optional)
The SMTP TLS requirement.
Note that Go does not support unencrypted connections to remote SMTP endpoints.
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
smarthost
string		(Optional)
The SMTP host through which emails are sent.
fallback to global setting if empty
text
string		(Optional)
The text body of the email notification.
tls_config
TLSConfig		(Optional)
TLS configuration
to
string		(Optional)
The email address to send notifications to.

EmbeddedHPA #

EmbeddedHPA embeds HorizontalPodAutoScaler spec v2. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2/

Appears in:

FieldDescription
behaviour
HorizontalPodAutoscalerBehavior
maxReplicas
integer
metrics
MetricSpec array
minReplicas
integer

EmbeddedIngress #

EmbeddedIngress describes ingress configuration options.

Appears in:

FieldDescription
annotations
object (keys:string, values:string)		(Optional)
Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
class_name
string		(Optional)
ClassName defines ingress class name for VMAuth
extraRules
IngressRule array		(Optional)
ExtraRules - additional rules for ingress,
must be checked for correctness by user.
extraTls
IngressTLS array		(Optional)
ExtraTLS - additional TLS configuration for ingress
must be checked for correctness by user.
host
string		(Optional)
Host defines ingress host parameter for default rule
It will be used, only if TlsHosts is empty
labels
object (keys:string, values:string)		(Optional)
Labels Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
name
string		(Optional)
Name must be unique within a namespace. Is required when creating resources, although
some resources may allow a client to request the generation of an appropriate name
automatically. Name is primarily intended for creation idempotence and configuration
definition.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
tlsHosts
string array		TlsHosts configures TLS access for ingress, tlsSecretName must be defined for it.
tlsSecretName
string		(Optional)
TlsSecretName defines secretname at the VMAuth namespace with cert and key
https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

EmbeddedObjectMetadata #

EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included.

Appears in:

FieldDescription
annotations
object (keys:string, values:string)		(Optional)
Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
labels
object (keys:string, values:string)		(Optional)
Labels Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
name
string		(Optional)
Name must be unique within a namespace. Is required when creating resources, although
some resources may allow a client to request the generation of an appropriate name
automatically. Name is primarily intended for creation idempotence and configuration
definition.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names

EmbeddedPersistentVolumeClaim #

EmbeddedPersistentVolumeClaim is an embedded version of k8s.io/api/core/v1.PersistentVolumeClaim. It contains TypeMeta and a reduced ObjectMeta.

Appears in:

FieldDescription
metadata
EmbeddedObjectMetadata		(Optional)
Refer to Kubernetes API documentation for fields of metadata.
spec
PersistentVolumeClaimSpec		(Optional)
Spec defines the desired characteristics of a volume requested by a pod author.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

EmbeddedPodDisruptionBudgetSpec #

Appears in:

FieldDescription
maxUnavailable
IntOrString		(Optional)
An eviction is allowed if at most “maxUnavailable” pods selected by
“selector” are unavailable after the eviction, i.e. even in absence of
the evicted pod. For example, one can prevent all voluntary evictions
by specifying 0. This is a mutually exclusive setting with “minAvailable”.
minAvailable
IntOrString		(Optional)
An eviction is allowed if at least “minAvailable” pods selected by
“selector” will still be available after the eviction, i.e. even in the
absence of the evicted pod. So for example you can prevent all voluntary
evictions by specifying “100%”.
selectorLabels
object (keys:string, values:string)		(Optional)
replaces default labels selector generated by operator
it’s useful when you need to create custom budget

EmbeddedProbes #

EmbeddedProbes - it allows to override some probe params. its not necessary to specify all options, operator will replace missing spec with default values.

Appears in:

FieldDescription
livenessProbe
Probe		(Optional)
LivenessProbe that will be added CRD pod
readinessProbe
Probe		(Optional)
ReadinessProbe that will be added CRD pod
startupProbe
Probe		(Optional)
StartupProbe that will be added to CRD pod

Endpoint #

Endpoint defines a scrapeable endpoint serving metrics.

Appears in:

FieldDescription
attach_metadata
AttachMetadata		(Optional)
AttachMetadata configures metadata attaching from service discovery
authorization
Authorization		(Optional)
Authorization with http header Authorization
basicAuth
BasicAuth		(Optional)
BasicAuth allow an endpoint to authenticate over basic authentication
bearerTokenFile
string		(Optional)
File to read bearer token for scraping targets.
bearerTokenSecret
SecretKeySelector		(Optional)
Secret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
follow_redirects
boolean		(Optional)
FollowRedirects controls redirects for scraping.
honorLabels
boolean		(Optional)
HonorLabels chooses the metric’s labels on collisions with target labels.
honorTimestamps
boolean		(Optional)
HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
interval
string		(Optional)
Interval at which metrics should be scraped
max_scrape_size
string		(Optional)
MaxScrapeSize defines a maximum size of scraped data for a job
metricRelabelConfigs
RelabelConfig array		(Optional)
MetricRelabelConfigs to apply to samples after scrapping.
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
params
object (keys:string, values:string array)		(Optional)
Optional HTTP URL parameters
path
string		(Optional)
HTTP path to scrape for metrics.
port
string		(Optional)
Name of the port exposed at Service.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
relabelConfigs
RelabelConfig array		(Optional)
RelabelConfigs to apply to samples during service discovery.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
scheme
string		(Optional)
HTTP scheme to use for scraping.
scrapeTimeout
string		(Optional)
Timeout after which the scrape is ended
scrape_interval
string		(Optional)
ScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
targetPort
IntOrString		(Optional)
TargetPort
Name or number of the pod port this endpoint refers to. Mutually exclusive with port.
tlsConfig
TLSConfig		(Optional)
TLSConfig configuration to use when scraping the endpoint
vm_scrape_params
VMScrapeParams		(Optional)
VMScrapeParams defines VictoriaMetrics specific scrape parameters

EndpointAuth #

EndpointAuth defines target endpoint authorization options for scrapping

Appears in:

FieldDescription
authorization
Authorization		(Optional)
Authorization with http header Authorization
basicAuth
BasicAuth		(Optional)
BasicAuth allow an endpoint to authenticate over basic authentication
bearerTokenFile
string		(Optional)
File to read bearer token for scraping targets.
bearerTokenSecret
SecretKeySelector		(Optional)
Secret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
tlsConfig
TLSConfig		(Optional)
TLSConfig configuration to use when scraping the endpoint

EndpointRelabelings #

EndpointRelabelings defines service discovery and metrics relabeling configuration for endpoints

Appears in:

FieldDescription
metricRelabelConfigs
RelabelConfig array		(Optional)
MetricRelabelConfigs to apply to samples after scrapping.
relabelConfigs
RelabelConfig array		(Optional)
RelabelConfigs to apply to samples during service discovery.

EndpointScrapeParams #

ScrapeTargetParams defines common configuration params for all scrape endpoint targets

Appears in:

FieldDescription
follow_redirects
boolean		(Optional)
FollowRedirects controls redirects for scraping.
honorLabels
boolean		(Optional)
HonorLabels chooses the metric’s labels on collisions with target labels.
honorTimestamps
boolean		(Optional)
HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
interval
string		(Optional)
Interval at which metrics should be scraped
max_scrape_size
string		(Optional)
MaxScrapeSize defines a maximum size of scraped data for a job
params
object (keys:string, values:string array)		(Optional)
Optional HTTP URL parameters
path
string		(Optional)
HTTP path to scrape for metrics.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
scheme
string		(Optional)
HTTP scheme to use for scraping.
scrapeTimeout
string		(Optional)
Timeout after which the scrape is ended
scrape_interval
string		(Optional)
ScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
vm_scrape_params
VMScrapeParams		(Optional)
VMScrapeParams defines VictoriaMetrics specific scrape parameters

ExternalConfig #

ExternalConfig defines external source of configuration

Appears in:

FieldDescription
localPath
string		(Optional)
LocalPath contains static path to a config, which is managed externally for cases
when using secrets is not applicable, e.g.: Vault sidecar.
secretRef
SecretKeySelector		(Optional)
SecretRef defines selector for externally managed secret which contains configuration

FileSDConfig #

FileSDConfig defines a file service discovery configuration. See here

Appears in:

FieldDescription
files
string array		List of files to be used for file discovery.

GCESDConfig #

GCESDConfig configures scrape targets from GCP GCE instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. See here

The GCE service discovery will load the Google Cloud credentials from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform

Appears in:

FieldDescription
filter
string		(Optional)
Filter can be used optionally to filter the instance list by other criteria
Syntax of this filter is described in the filter query parameter section:
https://cloud.google.com/compute/docs/reference/latest/instances/list
port
integer		(Optional)
The port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
project
string		The Google Cloud Project ID
tagSeparator
string		(Optional)
The tag separator is used to separate the tags on concatenation
zone
StringOrArray		The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs.

HTTPAuth #

HTTPAuth generic auth used with http protocols

Appears in:

FieldDescription
basicAuth
BasicAuth		(Optional)
headers
string array		(Optional)
Headers allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
oauth2
OAuth2		(Optional)
tlsConfig
TLSConfig		(Optional)

HTTPConfig #

HTTPConfig defines a client HTTP configuration for VMAlertmanagerConfig objects See https://prometheus.io/docs/alerting/latest/configuration/#http_config

Appears in:

FieldDescription
authorization
Authorization		(Optional)
Authorization header configuration for the client.
This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
basic_auth
BasicAuth		(Optional)
BasicAuth for the client.
bearer_token_file
string		(Optional)
BearerTokenFile defines filename for bearer token, it must be mounted to pod.
bearer_token_secret
SecretKeySelector		(Optional)
The secret’s key that contains the bearer token
It must be at them same namespace as CRD
oauth2
OAuth2		(Optional)
OAuth2 client credentials used to fetch a token for the targets.
proxyURL
string		(Optional)
Optional proxy URL.
tls_config
TLSConfig		(Optional)
TLS configuration for the client.

HTTPSDConfig #

HTTPSDConfig defines a HTTP service discovery configuration. See here

Appears in:

FieldDescription
authorization
Authorization		(Optional)
Authorization header to use on every scrape request.
basicAuth
BasicAuth		(Optional)
BasicAuth information to use on every scrape request.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
proxy_client_config
ProxyAuth		(Optional)
ProxyClientConfig configures proxy auth settings for scraping
See feature description
tlsConfig
TLSConfig		(Optional)
TLS configuration to use on every scrape request
url
string		URL from which the targets are fetched.

Image #

Image defines docker image settings

Appears in:

FieldDescription
pullPolicy
PullPolicy		PullPolicy describes how to pull docker image
repository
string		Repository contains name of docker image + it’s repository if needed
tag
string		Tag contains desired docker image version

ImageConfig #

ImageConfig is used to attach images to the incident. See https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event#the-images-property for more information.

Appears in:

FieldDescription
alt
string		(Optional)
href
string		(Optional)
source
string

InhibitRule #

InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. Note, it doesn’t support deprecated alertmanager config options. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule

Appears in:

FieldDescription
equal
string array		(Optional)
Labels that must have an equal value in the source and target alert for
the inhibition to take effect.
source_matchers
string array		(Optional)
SourceMatchers defines a list of matchers for which one or more alerts have
to exist for the inhibition to take effect.
target_matchers
string array		(Optional)
TargetMatchers defines a list of matchers that have to be fulfilled by the target
alerts to be muted.

InsertPorts #

Appears in:

FieldDescription
graphitePort
string		(Optional)
GraphitePort listen port
influxPort
string		(Optional)
InfluxPort listen port
openTSDBHTTPPort
string		(Optional)
OpenTSDBHTTPPort for http connections.
openTSDBPort
string		(Optional)
OpenTSDBPort for tcp and udp listen

K8SSelectorConfig #

K8SSelectorConfig is Kubernetes Selector Config

Appears in:

FieldDescription
field
string
label
string
role
string

KubernetesSDConfig #

KubernetesSDConfig allows retrieving scrape targets from Kubernetes’ REST API. See here

Appears in:

FieldDescription
apiServer
string		(Optional)
The API server address consisting of a hostname or IP address followed
by an optional port number.
If left empty, assuming process is running inside
of the cluster. It will discover API servers automatically and use the pod’s
CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
attach_metadata
AttachMetadata		(Optional)
AttachMetadata configures metadata attaching from service discovery
authorization
Authorization		(Optional)
Authorization header to use on every scrape request.
basicAuth
BasicAuth		(Optional)
BasicAuth information to use on every scrape request.
followRedirects
boolean		(Optional)
Configure whether HTTP requests follow HTTP 3xx redirects.
namespaces
NamespaceDiscovery		(Optional)
Optional namespace discovery. If omitted, discover targets across all namespaces.
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
proxy_client_config
ProxyAuth		(Optional)
ProxyClientConfig configures proxy auth settings for scraping
See feature description
role
string		Role of the Kubernetes entities that should be discovered.
selectors
K8SSelectorConfig array		(Optional)
Selector to select objects.
tlsConfig
TLSConfig		(Optional)
TLS configuration to use on every scrape request

License #

License holds license key for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See here

Appears in:

FieldDescription
forceOffline
boolean		Enforce offline verification of the license key.
key
string		Enterprise license key. This flag is available only in VictoriaMetrics enterprise.
To request a trial license, go to
keyRef
SecretKeySelector		KeyRef is reference to secret with license key for enterprise features.
reloadInterval
string		Interval to be used for checking for license key changes. Note that this is only applicable when using KeyRef.

LinkConfig #

LinkConfig is used to attach text links to the incident. See https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event#the-links-property for more information.

Appears in:

FieldDescription
href
string
text
string

MSTeamsConfig #

Appears in:

FieldDescription
http_config
HTTPConfig		(Optional)
HTTP client configuration.
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
text
string		(Optional)
The text body of the teams notification.
title
string		(Optional)
The title of the teams notification.
webhook_url
string		(Optional)
The incoming webhook URL
one of urlSecret and url must be defined.
webhook_url_secret
SecretKeySelector		(Optional)
URLSecret defines secret name and key at the CRD namespace.
It must contain the webhook URL.
one of urlSecret and url must be defined.

ManagedObjectsMetadata #

ManagedObjectsMetadata contains Labels and Annotations

Appears in:

FieldDescription
annotations
object (keys:string, values:string)		Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
labels
object (keys:string, values:string)		Labels Map of string keys and values that can be used to organize and categorize
(scope and select) objects.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels

NamespaceDiscovery #

NamespaceDiscovery is the configuration for discovering Kubernetes namespaces.

Appears in:

FieldDescription
names
string array		(Optional)
List of namespaces where to watch for resources.
If empty and ownNamespace isn’t true, watch for resources in all namespaces.
ownNamespace
boolean		(Optional)
Includes the namespace in which the pod exists to the list of watched namespaces.

NamespaceSelector #

NamespaceSelector is a selector for selecting either all namespaces or a list of namespaces.

Appears in:

FieldDescription
any
boolean		(Optional)
Boolean describing whether all namespaces are selected in contrast to a
list restricting them.
matchNames
string array		(Optional)
List of namespace names.

OAuth2 #

OAuth2 defines OAuth2 configuration

Appears in:

FieldDescription
client_id
SecretOrConfigMap		The secret or configmap containing the OAuth2 client id
client_secret
SecretKeySelector		(Optional)
The secret containing the OAuth2 client secret
client_secret_file
string		(Optional)
ClientSecretFile defines path for client secret file.
endpoint_params
object (keys:string, values:string)		(Optional)
Parameters to append to the token URL
scopes
string array		(Optional)
OAuth2 scopes used for the token request
token_url
string		The URL to fetch the token from

OpenStackSDConfig #

OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. See here

Appears in:

FieldDescription
allTenants
boolean		(Optional)
Whether the service discovery should list all instances for all projects.
It is only relevant for the ‘instance’ role and usually requires admin permissions.
applicationCredentialId
string		(Optional)
ApplicationCredentialID
applicationCredentialName
string		(Optional)
The ApplicationCredentialID or ApplicationCredentialName fields are
required if using an application credential to authenticate. Some providers
allow you to create an application credential to authenticate rather than a
password.
applicationCredentialSecret
SecretKeySelector		(Optional)
The applicationCredentialSecret field is required if using an application
credential to authenticate.
availability
string		(Optional)
Availability of the endpoint to connect to.
domainID
string		(Optional)
DomainID
domainName
string		(Optional)
At most one of domainId and domainName must be provided if using username
with Identity V3. Otherwise, either are optional.
identityEndpoint
string		(Optional)
IdentityEndpoint specifies the HTTP endpoint that is required to work with
the Identity API of the appropriate version.
password
SecretKeySelector		(Optional)
Password for the Identity V2 and V3 APIs. Consult with your provider’s
control panel to discover your account’s preferred method of authentication.
port
integer		(Optional)
The port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
projectID
string		(Optional)
ProjectID
projectName
string		(Optional)
The ProjectId and ProjectName fields are optional for the Identity V2 API.
Some providers allow you to specify a ProjectName instead of the ProjectId.
Some require both. Your provider’s authentication policies will determine
how these fields influence authentication.
region
string		The OpenStack Region.
role
string		The OpenStack role of entities that should be discovered.
tlsConfig
TLSConfig		(Optional)
TLS configuration to use on every scrape request
userid
string		(Optional)
UserID
username
string		(Optional)
Username is required if using Identity V2 API. Consult with your provider’s
control panel to discover your account’s username.
In Identity V3, either userid or a combination of username
and domainId or domainName are needed

OpsGenieConfig #

OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config

Appears in:

FieldDescription
actions
string		Comma separated list of actions that will be available for the alert.
apiURL
string		(Optional)
The URL to send OpsGenie API requests to.
api_key
SecretKeySelector		(Optional)
The secret’s key that contains the OpsGenie API key.
It must be at them same namespace as CRD
fallback to global setting if empty
description
string		(Optional)
Description of the incident.
details
object (keys:string, values:string)		(Optional)
A set of arbitrary key/value pairs that provide further detail about the incident.
entity
string		Optional field that can be used to specify which domain alert is related to.
http_config
HTTPConfig		(Optional)
HTTP client configuration.
message
string		(Optional)
Alert text limited to 130 characters.
note
string		(Optional)
Additional alert note.
priority
string		(Optional)
Priority level of alert. Possible values are P1, P2, P3, P4, and P5.
responders
OpsGenieConfigResponder array		(Optional)
List of responders responsible for notifications.
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
source
string		(Optional)
Backlink to the sender of the notification.
tags
string		(Optional)
Comma separated list of tags attached to the notifications.
update_alerts
boolean		Whether to update message and description of the alert in OpsGenie if it already exists
By default, the alert is never updated in OpsGenie, the new message only appears in activity log.

OpsGenieConfigResponder #

OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined.

Appears in:

FieldDescription
id
string		(Optional)
ID of the responder.
name
string		(Optional)
Name of the responder.
type
string		Type of responder.
username
string		(Optional)
Username of the responder.

PagerDutyConfig #

PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config

Appears in:

FieldDescription
class
string		(Optional)
The class/type of the event.
client
string		(Optional)
Client identification.
client_url
string		(Optional)
Backlink to the sender of notification.
component
string		(Optional)
The part or component of the affected system that is broken.
description
string		(Optional)
Description of the incident.
details
object (keys:string, values:string)		(Optional)
Arbitrary key/value pairs that provide further detail about the incident.
group
string		(Optional)
A cluster or grouping of sources.
http_config
HTTPConfig		(Optional)
HTTP client configuration.
images
ImageConfig array		(Optional)
Images to attach to the incident.
links
LinkConfig array		(Optional)
Links to attach to the incident.
routing_key
SecretKeySelector		(Optional)
The secret’s key that contains the PagerDuty integration key (when using
Events API v2). Either this field or serviceKey needs to be defined.
It must be at them same namespace as CRD
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
service_key
SecretKeySelector		(Optional)
The secret’s key that contains the PagerDuty service key (when using
integration type “Prometheus”). Either this field or routingKey needs to
be defined.
It must be at them same namespace as CRD
severity
string		(Optional)
Severity of the incident.
url
string		(Optional)
The URL to send requests to.

PodMetricsEndpoint #

PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving metrics.

Appears in:

FieldDescription
attach_metadata
AttachMetadata		(Optional)
AttachMetadata configures metadata attaching from service discovery
authorization
Authorization		(Optional)
Authorization with http header Authorization
basicAuth
BasicAuth		(Optional)
BasicAuth allow an endpoint to authenticate over basic authentication
bearerTokenFile
string		(Optional)
File to read bearer token for scraping targets.
bearerTokenSecret
SecretKeySelector		(Optional)
Secret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
filterRunning
boolean		(Optional)
FilterRunning applies filter with pod status == running
it prevents from scrapping metrics at failed or succeed state pods.
enabled by default
follow_redirects
boolean		(Optional)
FollowRedirects controls redirects for scraping.
honorLabels
boolean		(Optional)
HonorLabels chooses the metric’s labels on collisions with target labels.
honorTimestamps
boolean		(Optional)
HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
interval
string		(Optional)
Interval at which metrics should be scraped
max_scrape_size
string		(Optional)
MaxScrapeSize defines a maximum size of scraped data for a job
metricRelabelConfigs
RelabelConfig array		(Optional)
MetricRelabelConfigs to apply to samples after scrapping.
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
params
object (keys:string, values:string array)		(Optional)
Optional HTTP URL parameters
path
string		(Optional)
HTTP path to scrape for metrics.
port
string		(Optional)
Name of the port exposed at Pod.
portNumber
integer		(Optional)
PortNumber defines the Pod port number which exposes the endpoint.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
relabelConfigs
RelabelConfig array		(Optional)
RelabelConfigs to apply to samples during service discovery.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
scheme
string		(Optional)
HTTP scheme to use for scraping.
scrapeTimeout
string		(Optional)
Timeout after which the scrape is ended
scrape_interval
string		(Optional)
ScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
targetPort
IntOrString		(Optional)
TargetPort defines name or number of the pod port this endpoint refers to.
Mutually exclusive with Port and PortNumber.
tlsConfig
TLSConfig		(Optional)
TLSConfig configuration to use when scraping the endpoint
vm_scrape_params
VMScrapeParams		(Optional)
VMScrapeParams defines VictoriaMetrics specific scrape parameters

ProbeTargetIngress #

ProbeTargetIngress defines the set of Ingress objects considered for probing.

Appears in:

FieldDescription
namespaceSelector
NamespaceSelector		Select Ingress objects by namespace.
relabelingConfigs
RelabelConfig array		RelabelConfigs to apply to samples during service discovery.
selector
LabelSelector		Select Ingress objects by labels.

ProxyAuth #

ProxyAuth represent proxy auth config Only VictoriaMetrics scrapers supports it. See https://github.com/VictoriaMetrics/VictoriaMetrics/commit/a6a71ef861444eb11fe8ec6d2387f0fc0c4aea87

Appears in:

FieldDescription
basic_auth
BasicAuth
bearer_token
SecretKeySelector
bearer_token_file
string
tls_config
TLSConfig

PushoverConfig #

PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config

Appears in:

FieldDescription
expire
string		(Optional)
How long your notification will continue to be retried for, unless the user
acknowledges the notification.
html
boolean		(Optional)
Whether notification message is HTML or plain text.
http_config
HTTPConfig		(Optional)
HTTP client configuration.
message
string		(Optional)
Notification message.
priority
string		(Optional)
Priority, see https://pushover.net/api#priority
retry
string		(Optional)
How often the Pushover servers will send the same notification to the user.
Must be at least 30 seconds.
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
sound
string		(Optional)
The name of one of the sounds supported by device clients to override the user’s default sound choice
title
string		(Optional)
Notification title.
token
SecretKeySelector		The secret’s key that contains the registered application’s API token, see https://pushover.net/apps.
It must be at them same namespace as CRD
url
string		(Optional)
A supplementary URL shown alongside the message.
url_title
string		(Optional)
A title for supplementary URL, otherwise just the URL is shown
user_key
SecretKeySelector		The secret’s key that contains the recipient user’s user key.
It must be at them same namespace as CRD

Receiver #

Receiver defines one or more notification integrations.

Appears in:

FieldDescription
discord_configs
DiscordConfig array		(Optional)
email_configs
EmailConfig array		(Optional)
EmailConfigs defines email notification configurations.
msteams_configs
MSTeamsConfig array		(Optional)
name
string		Name of the receiver. Must be unique across all items from the list.
opsgenie_configs
OpsGenieConfig array		(Optional)
OpsGenieConfigs defines ops genie notification configurations.
pagerduty_configs
PagerDutyConfig array		(Optional)
PagerDutyConfigs defines pager duty notification configurations.
pushover_configs
PushoverConfig array		(Optional)
PushoverConfigs defines push over notification configurations.
slack_configs
SlackConfig array		(Optional)
SlackConfigs defines slack notification configurations.
sns_configs
SnsConfig array		(Optional)
telegram_configs
TelegramConfig array		(Optional)
victorops_configs
VictorOpsConfig array		(Optional)
VictorOpsConfigs defines victor ops notification configurations.
webex_configs
WebexConfig array		(Optional)
webhook_configs
WebhookConfig array		(Optional)
WebhookConfigs defines webhook notification configurations.
wechat_configs
WeChatConfig array		(Optional)
WeChatConfigs defines wechat notification configurations.

RelabelConfig #

RelabelConfig allows dynamic rewriting of the label set More info: https://docs.victoriametrics.com/#relabeling

Appears in:

FieldDescription
action
string		(Optional)
Action to perform based on regex matching. Default is ‘replace’
if
StringOrArray		(Optional)
If represents metricsQL match expression (or list of expressions): ‘{name=~“foo_.*”}’
labels
object (keys:string, values:string)		(Optional)
Labels is used together with Match for action: graphite
match
string		(Optional)
Match is used together with Labels for action: graphite
modulus
integer		(Optional)
Modulus to take of the hash of the source label values.
regex
StringOrArray		(Optional)
Regular expression against which the extracted value is matched. Default is ‘(.*)’
victoriaMetrics supports multiline regex joined with |
https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
replacement
string		(Optional)
Replacement value against which a regex replace is performed if the
regular expression matches. Regex capture groups are available. Default is ‘$1’
separator
string		(Optional)
Separator placed between concatenated source label values. default is ‘;’.
sourceLabels
string array		(Optional)
The source labels select values from existing labels. Their content is concatenated
using the configured separator and matched against the configured regular expression
for the replace, keep, and drop actions.
source_labels
string array		(Optional)
UnderScoreSourceLabels - additional form of source labels source_labels
for compatibility with original relabel config.
if set both sourceLabels and source_labels, sourceLabels has priority.
for details https://github.com/VictoriaMetrics/operator/issues/131
targetLabel
string		(Optional)
Label to which the resulting value is written in a replace action.
It is mandatory for replace actions. Regex capture groups are available.
target_label
string		(Optional)
UnderScoreTargetLabel - additional form of target label - target_label
for compatibility with original relabel config.
if set both targetLabel and target_label, targetLabel has priority.
for details https://github.com/VictoriaMetrics/operator/issues/131

Route #

Route defines a node in the routing tree.

Appears in:

FieldDescription
active_time_intervals
string array		(Optional)
ActiveTimeIntervals Times when the route should be active
These must match the name at time_intervals
continue
boolean		(Optional)
Continue indicating whether an alert should continue matching subsequent
sibling nodes. It will always be true for the first-level route if disableRouteContinueEnforce for vmalertmanager not set.
group_by
string array		(Optional)
List of labels to group by.
group_interval
string		(Optional)
How long to wait before sending an updated notification.
group_wait
string		(Optional)
How long to wait before sending the initial notification.
matchers
string array		(Optional)
List of matchers that the alert’s labels should match. For the first
level route, the operator adds a namespace: “CRD_NS” matcher.
https://prometheus.io/docs/alerting/latest/configuration/#matcher
mute_time_intervals
string array		(Optional)
MuteTimeIntervals is a list of interval names that will mute matched alert
receiver
string		Name of the receiver for this route.
repeat_interval
string		(Optional)
How long to wait before repeating the last notification.
routes
JSON array		Child routes.
https://prometheus.io/docs/alerting/latest/configuration/#route

Rule #

Rule describes an alerting or recording rule.

Appears in:

FieldDescription
alert
string		(Optional)
Alert is a name for alert
annotations
object (keys:string, values:string)		(Optional)
Annotations will be added to rule configuration
debug
boolean		(Optional)
Debug enables logging for rule
it useful for tracking
expr
string		(Optional)
Expr is query, that will be evaluated at dataSource
for
string		(Optional)
For evaluation interval in time.Duration format
30s, 1m, 1h or nanoseconds
keep_firing_for
string		(Optional)
KeepFiringFor will make alert continue firing for this long
even when the alerting expression no longer has results.
Use time.Duration format, 30s, 1m, 1h or nanoseconds
labels
object (keys:string, values:string)		(Optional)
Labels will be added to rule configuration
record
string		(Optional)
Record represents a query, that will be recorded to dataSource
update_entries_limit
integer		(Optional)
UpdateEntriesLimit defines max number of rule’s state updates stored in memory.
Overrides -rule.updateEntriesLimit in vmalert.

RuleGroup #

RuleGroup is a list of sequentially evaluated recording and alerting rules.

Appears in:

FieldDescription
concurrency
integer		(Optional)
Concurrency defines how many rules execute at once.
eval_alignment
boolean		Optional
The evaluation timestamp will be aligned with group’s interval,
instead of using the actual timestamp that evaluation happens at.
It is enabled by default to get more predictable results
and to visually align with graphs plotted via Grafana or vmui.
eval_delay
string		Optional
Adjust the time parameter of group evaluation requests to compensate intentional query delay from the datasource.
eval_offset
string		Optional
Group will be evaluated at the exact offset in the range of [0…interval].
extra_filter_labels
object (keys:string, values:string)		(Optional)
ExtraFilterLabels optional list of label filters applied to every rule’s
request within a group. Is compatible only with VM datasource.
See more details here
Deprecated, use params instead
headers
string array		(Optional)
Headers contains optional HTTP headers added to each rule request
Must be in form header-name: value
For example:
headers:
- “CustomHeader: foo”
- “CustomHeader2: bar”
interval
string		(Optional)
evaluation interval for group
labels
object (keys:string, values:string)		(Optional)
Labels optional list of labels added to every rule within a group.
It has priority over the external labels.
Labels are commonly used for adding environment
or tenant-specific tag.
limit
integer		(Optional)
Limit the number of alerts an alerting rule and series a recording
rule can produce
name
string		Name of group
notifier_headers
string array		(Optional)
NotifierHeaders contains optional HTTP headers added to each alert request which will send to notifier
Must be in form header-name: value
For example:
headers:
- “CustomHeader: foo”
- “CustomHeader2: bar”
params
Values		(Optional)
Params optional HTTP URL parameters added to each rule request
rules
Rule array		Rules list of alert rules
tenant
string		(Optional)
Tenant id for group, can be used only with enterprise version of vmalert.
See more details here.
type
string		(Optional)
Type defines datasource type for enterprise version of vmalert
possible values - prometheus,graphite,vlogs

SecretOrConfigMap #

SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.

Appears in:

FieldDescription
configMap
ConfigMapKeySelector		(Optional)
ConfigMap containing data to use for the targets.
secret
SecretKeySelector		(Optional)
Secret containing data to use for the targets.

SecurityContext #

SecurityContext extends PodSecurityContext with ContainerSecurityContext It allows to globally configure security params for pod and all containers

Appears in:

Sigv4Config #

Appears in:

FieldDescription
access_key
string		(Optional)
The AWS API keys. Both access_key and secret_key must be supplied or both must be blank.
If blank the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are used.
access_key_selector
SecretKeySelector		(Optional)
secret key selector to get the keys from a Kubernetes Secret
profile
string		(Optional)
Named AWS profile used to authenticate
region
string		(Optional)
AWS region, if blank the region from the default credentials chain is used
role_arn
string		(Optional)
AWS Role ARN, an alternative to using AWS API keys
secret_key_selector
SecretKeySelector		(Optional)
secret key selector to get the keys from a Kubernetes Secret

SlackAction #

SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.

Appears in:

FieldDescription
confirm
SlackConfirmationField		(Optional)
name
string		(Optional)
style
string		(Optional)
text
string
type
string
url
string		(Optional)
value
string		(Optional)

SlackConfig #

SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config

Appears in:

FieldDescription
actions
SlackAction array		(Optional)
A list of Slack actions that are sent with each notification.
api_url
SecretKeySelector		(Optional)
The secret’s key that contains the Slack webhook URL.
It must be at them same namespace as CRD
fallback to global setting if empty
callback_id
string		(Optional)
channel
string		(Optional)
The channel or user to send notifications to.
color
string		(Optional)
fallback
string		(Optional)
fields
SlackField array		(Optional)
A list of Slack fields that are sent with each notification.
footer
string		(Optional)
http_config
HTTPConfig		(Optional)
HTTP client configuration.
icon_emoji
string		(Optional)
icon_url
string		(Optional)
image_url
string		(Optional)
link_names
boolean		(Optional)
mrkdwn_in
string array		(Optional)
pretext
string		(Optional)
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
short_fields
boolean		(Optional)
text
string		(Optional)
thumb_url
string		(Optional)
title
string		(Optional)
title_link
string		(Optional)
username
string		(Optional)

SlackConfirmationField #

SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.

Appears in:

FieldDescription
dismiss_text
string		(Optional)
ok_text
string		(Optional)
text
string
title
string		(Optional)

SlackField #

SlackField configures a single Slack field that is sent with each notification. See https://api.slack.com/docs/message-attachments#fields for more information.

Appears in:

FieldDescription
short
boolean		(Optional)
title
string
value
string

SnsConfig #

Appears in:

FieldDescription
api_url
string		(Optional)
The api URL
attributes
object (keys:string, values:string)		(Optional)
SNS message attributes
http_config
HTTPConfig		(Optional)
HTTP client configuration.
message
string		(Optional)
The message content of the SNS notification.
phone_number
string		Phone number if message is delivered via SMS
Specify this, topic_arn or target_arn
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
sigv4
Sigv4Config		Configure the AWS Signature Verification 4 signing process
subject
string		(Optional)
The subject line if message is delivered to an email endpoint.
target_arn
string		(Optional)
Mobile platform endpoint ARN if message is delivered via mobile notifications
Specify this, topic_arn or phone_number
topic_arn
string		(Optional)
SNS topic ARN, either specify this, phone_number or target_arn

StaticConfig #

StaticConfig defines a static configuration. See here

Appears in:

FieldDescription
labels
object (keys:string, values:string)		(Optional)
Labels assigned to all metrics scraped from the targets.
targets
string array		(Optional)
List of targets for this static configuration.

StaticRef #

StaticRef - user-defined routing host address.

Appears in:

FieldDescription
url
string		URL http url for given staticRef.
urls
string array		(Optional)
URLs allows setting multiple urls for load-balancing at vmauth-side.

StatusMetadata #

StatusMetadata holds metadata of application update status

Appears in:

FieldDescription
conditions
Condition array		Known .status.conditions.type are: “Available”, “Progressing”, and “Degraded”
observedGeneration
integer		ObservedGeneration defines current generation picked by operator for the
reconcile
reason
string		Reason defines human readable error reason
updateStatus
UpdateStatus		UpdateStatus defines a status for update rollout

StorageSpec #

StorageSpec defines the configured storage for a group Prometheus servers. If neither emptyDir nor volumeClaimTemplate is specified, then by default an EmptyDir will be used.

Appears in:

FieldDescription
disableMountSubPath
boolean		(Optional)
Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary.
DisableMountSubPath allows to remove any subPath usage in volume mounts.
emptyDir
EmptyDirVolumeSource		(Optional)
EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More
info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
volumeClaimTemplate
EmbeddedPersistentVolumeClaim		(Optional)
A PVC spec to be used by the VMAlertManager StatefulSets.

StreamAggrConfig #

StreamAggrConfig defines the stream aggregation config

Appears in:

FieldDescription
configmap
ConfigMapKeySelector		(Optional)
ConfigMap with stream aggregation rules
dedupInterval
string		(Optional)
Allows setting different de-duplication intervals per each configured remote storage
dropInput
boolean		(Optional)
Allow drop all the input samples after the aggregation
dropInputLabels
string array		(Optional)
labels to drop from samples for aggregator before stream de-duplication and aggregation
enableWindows
boolean		(Optional)
EnableWindows enables aggregating data in separate windows ( available from v0.54.0).
ignoreFirstIntervals
integer		(Optional)
IgnoreFirstIntervals instructs to ignore first interval
ignoreOldSamples
boolean		(Optional)
IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
keepInput
boolean		(Optional)
Allows writing both raw and aggregate data
rules
StreamAggrRule array		(Optional)
Stream aggregation rules

StreamAggrRule #

StreamAggrRule defines the rule in stream aggregation config

Appears in:

FieldDescription
by
string array		(Optional)
By is an optional list of labels for grouping input series.

See also Without.

If neither By nor Without are set, then the Outputs are calculated
individually per each input time series.
dedup_interval
string		(Optional)
DedupInterval is an optional interval for deduplication.
drop_input_labels
string		(Optional)
DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.

Labels are dropped before de-duplication and aggregation.
enable_windows
boolean		(Optional)
EnableWindows enables aggregating data in separate windows
flush_on_shutdown
boolean		(Optional)
FlushOnShutdown defines whether to flush the aggregation state on process termination
or config reload. Is false by default.
It is not recommended changing this setting, unless unfinished aggregations states
are preferred to missing data points.
ignore_first_intervals
integer
ignore_old_samples
boolean		(Optional)
IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
input_relabel_configs
RelabelConfig array		(Optional)
InputRelabelConfigs is an optional relabeling rules, which are applied on the input
before aggregation.
interval
string		Interval is the interval between aggregations.
keep_metric_names
boolean		(Optional)
KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.
match
StringOrArray		(Optional)
Match is a label selector (or list of label selectors) for filtering time series for the given selector.

If the match isn’t set, then all the input time series are processed.
no_align_flush_to_interval
boolean		(Optional)
NoAlignFlushToInterval disables aligning of flushes to multiples of Interval.
By default flushes are aligned to Interval.
output_relabel_configs
RelabelConfig array		(Optional)
OutputRelabelConfigs is an optional relabeling rules, which are applied
on the aggregated output before being sent to remote storage.
outputs
string array		Outputs is a list of output aggregate functions to produce.

The following names are allowed:

- total - aggregates input counters
- increase - counts the increase over input counters
- count_series - counts the input series
- count_samples - counts the input samples
- sum_samples - sums the input samples
- last - the last biggest sample value
- min - the minimum sample value
- max - the maximum sample value
- avg - the average value across all the samples
- stddev - standard deviation across all the samples
- stdvar - standard variance across all the samples
- histogram_bucket - creates VictoriaMetrics histogram for input samples
- quantiles(phi1, …, phiN) - quantiles’ estimation for phi in the range [0..1]

The output time series will have the following names:

input_name:aggr__
staleness_interval
string		(Optional)
Staleness interval is interval after which the series state will be reset if no samples have been sent during it.
The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.
without
string array		(Optional)
Without is an optional list of labels, which must be excluded when grouping input series.

See also By.

If neither By nor Without are set, then the Outputs are calculated
individually per each input time series.

StringOrArray #

Underlying type: string array

StringOrArray is a helper type for storing string or array of string.

Appears in:

TLSClientConfig #

TLSClientConfig defines TLS configuration for the application’s client

Appears in:

FieldDescription
ca_file
string		(Optional)
CAFile defines path to the pre-mounted file with CA
mutually exclusive with CASecretRef
ca_secret_ref
SecretKeySelector		(Optional)
CA defines reference for secret with CA content under given key
mutually exclusive with CAFile
cert_file
string		(Optional)
CertFile defines path to the pre-mounted file with certificate
mutually exclusive with CertSecretRef
cert_secret_ref
SecretKeySelector		(Optional)
CertSecretRef defines reference for secret with certificate content under given key
mutually exclusive with CertFile
insecure_skip_verify
boolean		(Optional)
Cert defines reference for secret with CA content under given key
mutually exclusive with CertFile
key_file
string		(Optional)
KeyFile defines path to the pre-mounted file with certificate key
mutually exclusive with KeySecretRef
key_secret_ref
SecretKeySelector		(Optional)
Key defines reference for secret with certificate key content under given key
mutually exclusive with KeyFile
server_name
string		(Optional)
ServerName indicates a name of a server

TLSConfig #

TLSConfig specifies TLSConfig configuration parameters.

Appears in:

FieldDescription
ca
SecretOrConfigMap		(Optional)
Struct containing the CA cert to use for the targets.
caFile
string		(Optional)
Path to the CA cert in the container to use for the targets.
cert
SecretOrConfigMap		(Optional)
Struct containing the client cert file for the targets.
certFile
string		(Optional)
Path to the client cert file in the container for the targets.
insecureSkipVerify
boolean		(Optional)
Disable target certificate validation.
keyFile
string		(Optional)
Path to the client key file in the container for the targets.
keySecret
SecretKeySelector		(Optional)
Secret containing the client key file for the targets.
serverName
string		(Optional)
Used to verify the hostname for the targets.

TLSServerConfig #

TLSServerConfig defines TLS configuration for the application’s server

Appears in:

FieldDescription
cert_file
string		(Optional)
CertFile defines path to the pre-mounted file with certificate
mutually exclusive with CertSecretRef
cert_secret_ref
SecretKeySelector		(Optional)
CertSecretRef defines reference for secret with certificate content under given key
mutually exclusive with CertFile
cipher_suites
string array		(Optional)
CipherSuites defines list of supported cipher suites for TLS versions up to TLS 1.2
https://golang.org/pkg/crypto/tls/#pkg-constants
client_auth_type
string		(Optional)
Cert defines reference for secret with CA content under given key
mutually exclusive with CertFile
ClientAuthType defines server policy for client authentication
If you want to enable client authentication (aka mTLS), you need to use RequireAndVerifyClientCert
Note, mTLS is supported only at enterprise version of VictoriaMetrics components
client_ca_file
string		(Optional)
ClientCAFile defines path to the pre-mounted file with CA
mutually exclusive with ClientCASecretRef
client_ca_secret_ref
SecretKeySelector		(Optional)
ClientCASecretRef defines reference for secret with CA content under given key
mutually exclusive with ClientCAFile
curve_preferences
string array		(Optional)
CurvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference order.
https://golang.org/pkg/crypto/tls/#CurveID
key_file
string		(Optional)
KeyFile defines path to the pre-mounted file with certificate key
mutually exclusive with KeySecretRef
key_secret_ref
SecretKeySelector		(Optional)
Key defines reference for secret with certificate key content under given key
mutually exclusive with KeyFile
max_version
string		(Optional)
MaxVersion maximum TLS version that is acceptable.
min_version
string		(Optional)
MinVersion minimum TLS version that is acceptable.
prefer_server_cipher_suites
boolean		(Optional)
PreferServerCipherSuites controls whether the server selects the
client’s most preferred ciphersuite

TargetEndpoint #

TargetEndpoint defines single static target endpoint.

Appears in:

FieldDescription
authorization
Authorization		(Optional)
Authorization with http header Authorization
basicAuth
BasicAuth		(Optional)
BasicAuth allow an endpoint to authenticate over basic authentication
bearerTokenFile
string		(Optional)
File to read bearer token for scraping targets.
bearerTokenSecret
SecretKeySelector		(Optional)
Secret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
follow_redirects
boolean		(Optional)
FollowRedirects controls redirects for scraping.
honorLabels
boolean		(Optional)
HonorLabels chooses the metric’s labels on collisions with target labels.
honorTimestamps
boolean		(Optional)
HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
interval
string		(Optional)
Interval at which metrics should be scraped
labels
object (keys:string, values:string)		(Optional)
Labels static labels for targets.
max_scrape_size
string		(Optional)
MaxScrapeSize defines a maximum size of scraped data for a job
metricRelabelConfigs
RelabelConfig array		(Optional)
MetricRelabelConfigs to apply to samples after scrapping.
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
params
object (keys:string, values:string array)		(Optional)
Optional HTTP URL parameters
path
string		(Optional)
HTTP path to scrape for metrics.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
relabelConfigs
RelabelConfig array		(Optional)
RelabelConfigs to apply to samples during service discovery.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
scheme
string		(Optional)
HTTP scheme to use for scraping.
scrapeTimeout
string		(Optional)
Timeout after which the scrape is ended
scrape_interval
string		(Optional)
ScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
targets
string array		Targets static targets addresses in form of [“192.122.55.55:9100”,“some-name:9100”].
tlsConfig
TLSConfig		(Optional)
TLSConfig configuration to use when scraping the endpoint
vm_scrape_params
VMScrapeParams		(Optional)
VMScrapeParams defines VictoriaMetrics specific scrape parameters

TargetRef #

TargetRef describes target for user traffic forwarding. one of target types can be chosen: crd or static per targetRef. user can define multiple targetRefs with different ref Types.

Appears in:

FieldDescription
URLMapCommon
URLMapCommon
crd
CRDRef		(Optional)
CRD describes exist operator’s CRD object,
operator generates access url based on CRD params.
hosts
string array
paths
string array		(Optional)
Paths - matched path to route.
static
StaticRef		(Optional)
Static - user defined url for traffic forward,
for instance http://vmsingle:8429
targetRefBasicAuth
TargetRefBasicAuth		(Optional)
TargetRefBasicAuth allow an target endpoint to authenticate over basic authentication
target_path_suffix
string		(Optional)
TargetPathSuffix allows to add some suffix to the target path
It allows to hide tenant configuration from user with crd as ref.
it also may contain any url encoded params.

TargetRefBasicAuth #

TargetRefBasicAuth target basic authentication

Appears in:

FieldDescription
password
SecretKeySelector		The secret in the service scrape namespace that contains the password
for authentication.
It must be at them same namespace as CRD
username
SecretKeySelector		The secret in the service scrape namespace that contains the username
for authentication.
It must be at them same namespace as CRD

TelegramConfig #

TelegramConfig configures notification via telegram https://prometheus.io/docs/alerting/latest/configuration/#telegram_config

Appears in:

FieldDescription
api_url
string		(Optional)
APIUrl the Telegram API URL i.e. https://api.telegram.org.
bot_token
SecretKeySelector		BotToken token for the bot
https://core.telegram.org/bots/api
chat_id
integer		ChatID is ID of the chat where to send the messages.
disable_notifications
boolean		(Optional)
DisableNotifications
http_config
HTTPConfig		(Optional)
HTTP client configuration.
message
string		(Optional)
Message is templated message
message_thread_id
integer		(Optional)
MessageThreadID defines ID of the message thread where to send the messages.
parse_mode
string		(Optional)
ParseMode for telegram message,
supported values are MarkdownV2, Markdown, Markdown and empty string for plain text.
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.

TimeInterval #

TimeInterval defines intervals of time

Appears in:

FieldDescription
days_of_month
string array		(Optional)
DayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted.
for example, [‘1:5’, ‘-3:-1’]
location
string		(Optional)
Location in golang time location form, e.g. UTC
months
string array		(Optional)
Months defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1.
For example, [‘1:3’, ‘may:august’, ‘december’]
times
TimeRange array		(Optional)
Times defines time range for mute
weekdays
string array		(Optional)
Weekdays defines list of days of the week, where the week begins on Sunday and ends on Saturday.
years
string array		(Optional)
Years defines numerical list of years, ranges are accepted.
For example, [‘2020:2022’, ‘2030’]

TimeIntervals #

TimeIntervals for alerts

Appears in:

FieldDescription
name
string		Name of interval
time_intervals
TimeInterval array		TimeIntervals interval configuration

TimeRange #

TimeRange ranges inclusive of the starting time and exclusive of the end time

Appears in:

FieldDescription
end_time
string		EndTime for example HH:MM
start_time
string		StartTime for example HH:MM

URLMapCommon #

URLMapCommon contains common fields for unauthorized user and user in vmuser

Appears in:

FieldDescription
discover_backend_ips
boolean		DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
drop_src_path_prefix_parts
integer		(Optional)
DropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
headers
string array		(Optional)
RequestHeaders represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
load_balancing_policy
string		(Optional)
LoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
response_headers
string array		(Optional)
ResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
retry_status_codes
integer array		(Optional)
RetryStatusCodes defines http status codes in numeric format for request retries
Can be defined per target or at VMUser.spec level
e.g. [429,503]
src_headers
string array		SrcHeaders is an optional list of headers, which must match request headers.
src_query_args
string array		SrcQueryArgs is an optional list of query args, which must match request URL query args.

UnauthorizedAccessConfigURLMap #

UnauthorizedAccessConfigURLMap defines element of url_map routing configuration For UnauthorizedAccessConfig and VMAuthUnauthorizedUserAccessSpec.URLMap

Appears in:

FieldDescription
URLMapCommon
URLMapCommon
src_hosts
string array		SrcHosts is an optional list of regular expressions, which must match the request hostname.
src_paths
string array		SrcPaths is an optional list of regular expressions, which must match the request path.
url_prefix
StringOrArray		UrlPrefix contains backend url prefixes for the proxied request url.
URLPrefix defines prefix prefix for destination

UpdateStatus #

Underlying type: string

UpdateStatus defines status for application

Appears in:

VLogs #

VLogs is fast, cost-effective and scalable logs database. VLogs is the Schema for the vlogs API

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVLogs
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VLogsSpec

VLogsSpec #

VLogsSpec defines the desired state of VLogs

Appears in:

FieldDescription
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
futureRetention
string		FutureRetention for the stored logs
Log entries with timestamps bigger than now+futureRetention are rejected during data ingestion; see https://docs.victoriametrics.com/victorialogs/#retention
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
logFormat
string		(Optional)
LogFormat for VLogs to be configured with.
logIngestedRows
boolean		Whether to log all the ingested log entries; this can be useful for debugging of data ingestion; see https://docs.victoriametrics.com/victorialogs/data-ingestion/
logLevel
string		(Optional)
LogLevel for VictoriaLogs to be configured with.
logNewStreams
boolean		LogNewStreams Whether to log creation of new streams; this can be useful for debugging of high cardinality issues with log streams; see https://docs.victoriametrics.com/victorialogs/keyconcepts/#stream-fields
managedMetadata
ManagedObjectsMetadata		ManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
podMetadata
EmbeddedObjectMetadata		(Optional)
PodMetadata configures Labels and Annotations which are propagated to the VLogs pods.
port
string		(Optional)
Port listen address
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
removePvcAfterDelete
boolean		(Optional)
RemovePvcAfterDelete - if true, controller adds ownership to pvc
and after VLogs object deletion - pvc will be garbage collected
by controller manager
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
retentionPeriod
string		RetentionPeriod for the stored logs
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
serviceAccountName
string		(Optional)
ServiceAccountName is the name of the ServiceAccount to use to run the pods
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vlogs VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		(Optional)
ServiceSpec that will be added to vlogs service spec
storage
PersistentVolumeClaimSpec		(Optional)
Storage is the definition of how storage will be used by the VLogs
by default it`s empty dir
storageDataPath
string		(Optional)
StorageDataPath disables spec.storage option and overrides arg for victoria-logs binary –storageDataPath,
its users responsibility to mount proper device into given path.
storageMetadata
EmbeddedObjectMetadata		(Optional)
StorageMeta defines annotations and labels attached to PVC for given vlogs CR
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

VMAgent #

VMAgent - is a tiny but brave agent, which helps you collect metrics from various sources and stores them in VictoriaMetrics or any other Prometheus-compatible storage system that supports the remote_write protocol.

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAgent
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMAgentSpec

VMAgentRemoteWriteSettings #

VMAgentRemoteWriteSettings - defines global settings for all remoteWrite urls.

Appears in:

FieldDescription
flushInterval
string		(Optional)
Interval for flushing the data to remote storage. (default 1s)
label
object (keys:string, values:string)		(Optional)
Labels in the form ’name=value’ to add to all the metrics before sending them. This overrides the label if it already exists.
maxBlockSize
integer		(Optional)
The maximum size in bytes of unpacked request to send to remote storage
maxDiskUsagePerURL
integer		(Optional)
The maximum file-based buffer size in bytes at -remoteWrite.tmpDataPath
queues
integer		(Optional)
The number of concurrent queues
showURL
boolean		(Optional)
Whether to show -remoteWrite.url in the exported metrics. It is hidden by default, since it can contain sensitive auth info
tmpDataPath
string		(Optional)
Path to directory where temporary data for remote write component is stored (default vmagent-remotewrite-data)
useMultiTenantMode
boolean		(Optional)
Configures vmagent accepting data via the same multitenant endpoints as vminsert at VictoriaMetrics cluster does,
see here.
it’s global setting and affects all remote storage configurations

VMAgentRemoteWriteSpec #

VMAgentRemoteWriteSpec defines the remote storage configuration for VmAgent

Appears in:

FieldDescription
basicAuth
BasicAuth		(Optional)
BasicAuth allow an endpoint to authenticate over basic authentication
bearerTokenSecret
SecretKeySelector		(Optional)
Optional bearer auth token to use for -remoteWrite.url
forceVMProto
boolean		(Optional)
ForceVMProto forces using VictoriaMetrics protocol for sending data to -remoteWrite.url
headers
string array		(Optional)
Headers allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName: headerValue
vmagent supports since 1.79.0 version
inlineUrlRelabelConfig
RelabelConfig array		(Optional)
InlineUrlRelabelConfig defines relabeling config for remoteWriteURL, it can be defined at crd spec.
maxDiskUsage
string		(Optional)
MaxDiskUsage defines the maximum file-based buffer size in bytes for -remoteWrite.url
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
sendTimeout
string		(Optional)
Timeout for sending a single block of data to -remoteWrite.url (default 1m0s)
streamAggrConfig
StreamAggrConfig		(Optional)
StreamAggrConfig defines stream aggregation configuration for VMAgent for -remoteWrite.url
tlsConfig
TLSConfig		(Optional)
TLSConfig describes tls configuration for remote write target
url
string		URL of the endpoint to send samples to.
urlRelabelConfig
ConfigMapKeySelector		(Optional)
ConfigMap with relabeling config which is applied to metrics before sending them to the corresponding -remoteWrite.url

VMAgentSecurityEnforcements #

VMAgentSecurityEnforcements defines security configuration for endpoint scrapping

Appears in:

FieldDescription
arbitraryFSAccessThroughSMs
ArbitraryFSAccessThroughSMsConfig		(Optional)
ArbitraryFSAccessThroughSMs configures whether configuration
based on EndpointAuth can access arbitrary files on the file system
of the VMAgent container e.g. bearer token files, basic auth, tls certs
enforcedNamespaceLabel
string		(Optional)
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
and metric that is user created. The label value will always be the namespace of the object that is
being created.
ignoreNamespaceSelectors
boolean		(Optional)
IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from
scrape objects, and they will only discover endpoints
within their current namespace. Defaults to false.
overrideHonorLabels
boolean		(Optional)
OverrideHonorLabels if set to true overrides all user configured honor_labels.
If HonorLabels is set in scrape objects to true, this overrides honor_labels to false.
overrideHonorTimestamps
boolean		(Optional)
OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.

VMAgentSpec #

VMAgentSpec defines the desired state of VMAgent

Appears in:

FieldDescription
aPIServerConfig
APIServerConfig		(Optional)
APIServerConfig allows specifying a host and auth methods to access apiserver.
If left empty, VMAgent is assumed to run inside of the cluster
and will discover API servers automatically and use the pod’s CA certificate
and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
aPIServerConfig is deprecated use apiServerConfig instead
additionalScrapeConfigs
SecretKeySelector		(Optional)
AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it
is valid. Note that using this feature may expose the possibility to
break upgrades of VMAgent. It is advised to review VMAgent release
notes to ensure that no incompatible scrape configs are going to break
VMAgent after the upgrade.
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
apiServerConfig
APIServerConfig		(Optional)
APIServerConfig allows specifying a host and auth methods to access apiserver.
If left empty, VMAgent is assumed to run inside of the cluster
and will discover API servers automatically and use the pod’s CA certificate
and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
arbitraryFSAccessThroughSMs
ArbitraryFSAccessThroughSMsConfig		(Optional)
ArbitraryFSAccessThroughSMs configures whether configuration
based on EndpointAuth can access arbitrary files on the file system
of the VMAgent container e.g. bearer token files, basic auth, tls certs
claimTemplates
PersistentVolumeClaim array		ClaimTemplates allows adding additional VolumeClaimTemplates for VMAgent in StatefulMode
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
configReloaderExtraArgs
object (keys:string, values:string)		(Optional)
ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
configReloaderImageTag
string		(Optional)
ConfigReloaderImageTag defines image:tag for config-reloader container
configReloaderResources
ResourceRequirements		(Optional)
ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
enforcedNamespaceLabel
string		(Optional)
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
and metric that is user created. The label value will always be the namespace of the object that is
being created.
externalLabels
object (keys:string, values:string)		(Optional)
ExternalLabels The labels to add to any time series scraped by vmagent.
it doesn’t affect metrics ingested directly by push API’s
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
ignoreNamespaceSelectors
boolean		(Optional)
IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from
scrape objects, and they will only discover endpoints
within their current namespace. Defaults to false.
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
ingestOnlyMode
boolean		(Optional)
IngestOnlyMode switches vmagent into unmanaged mode
it disables any config generation for scraping
Currently it prevents vmagent from managing tls and auth options for remote write
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
inlineRelabelConfig
RelabelConfig array		(Optional)
InlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD.
inlineScrapeConfig
string		(Optional)
InlineScrapeConfig As scrape configs are appended, the user is responsible to make sure it
is valid. Note that using this feature may expose the possibility to
break upgrades of VMAgent. It is advised to review VMAgent release
notes to ensure that no incompatible scrape configs are going to break
VMAgent after the upgrade.
it should be defined as single yaml file.
inlineScrapeConfig: |
- job_name: “prometheus”
static_configs:
- targets: [“localhost:9090”]
insertPorts
InsertPorts		InsertPorts - additional listen ports for data ingestion.
license
License		(Optional)
License allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
logFormat
string		(Optional)
LogFormat for VMAgent to be configured with.
logLevel
string		(Optional)
LogLevel for VMAgent to be configured with.
INFO, WARN, ERROR, FATAL, PANIC
managedMetadata
ManagedObjectsMetadata		ManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
maxScrapeInterval
string		MaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes
If interval is higher than defined limit, maxScrapeInterval will be used.
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
minScrapeInterval
string		MinScrapeInterval allows limiting minimal scrape interval for VMServiceScrape, VMPodScrape and other scrapes
If interval is lower than defined limit, minScrapeInterval will be used.
nodeScrapeNamespaceSelector
LabelSelector		(Optional)
NodeScrapeNamespaceSelector defines Namespaces to be selected for VMNodeScrape discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
nodeScrapeRelabelTemplate
RelabelConfig array		(Optional)
NodeScrapeRelabelTemplate defines relabel config, that will be added to each VMNodeScrape.
it’s useful for adding specific labels to all targets
nodeScrapeSelector
LabelSelector		(Optional)
NodeScrapeSelector defines VMNodeScrape to be selected for scraping.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
overrideHonorLabels
boolean		(Optional)
OverrideHonorLabels if set to true overrides all user configured honor_labels.
If HonorLabels is set in scrape objects to true, this overrides honor_labels to false.
overrideHonorTimestamps
boolean		(Optional)
OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
podDisruptionBudget
EmbeddedPodDisruptionBudgetSpec		(Optional)
PodDisruptionBudget created by operator
podMetadata
EmbeddedObjectMetadata		(Optional)
PodMetadata configures Labels and Annotations which are propagated to the vmagent pods.
podScrapeNamespaceSelector
LabelSelector		(Optional)
PodScrapeNamespaceSelector defines Namespaces to be selected for VMPodScrape discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
podScrapeRelabelTemplate
RelabelConfig array		(Optional)
PodScrapeRelabelTemplate defines relabel config, that will be added to each VMPodScrape.
it’s useful for adding specific labels to all targets
podScrapeSelector
LabelSelector		(Optional)
PodScrapeSelector defines PodScrapes to be selected for target discovery.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
port
string		(Optional)
Port listen address
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
probeNamespaceSelector
LabelSelector		(Optional)
ProbeNamespaceSelector defines Namespaces to be selected for VMProbe discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
probeScrapeRelabelTemplate
RelabelConfig array		(Optional)
ProbeScrapeRelabelTemplate defines relabel config, that will be added to each VMProbeScrape.
it’s useful for adding specific labels to all targets
probeSelector
LabelSelector		(Optional)
ProbeSelector defines VMProbe to be selected for target probing.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
relabelConfig
ConfigMapKeySelector		(Optional)
RelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig
This relabeling is applied to all the collected metrics before sending them to remote storage.
remoteWrite
VMAgentRemoteWriteSpec array		RemoteWrite list of victoria metrics /some other remote write system
for vm it must looks like: http://victoria-metrics-single:8429/api/v1/write
or for cluster different url
https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent#splitting-data-streams-among-multiple-systems
remoteWriteSettings
VMAgentRemoteWriteSettings		(Optional)
RemoteWriteSettings defines global settings for all remoteWrite urls.
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
rollingUpdate
RollingUpdateDeployment		(Optional)
RollingUpdate - overrides deployment update params.
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
scrapeConfigNamespaceSelector
LabelSelector		(Optional)
ScrapeConfigNamespaceSelector defines Namespaces to be selected for VMScrapeConfig discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
scrapeConfigRelabelTemplate
RelabelConfig array		(Optional)
ScrapeConfigRelabelTemplate defines relabel config, that will be added to each VMScrapeConfig.
it’s useful for adding specific labels to all targets
scrapeConfigSelector
LabelSelector		(Optional)
ScrapeConfigSelector defines VMScrapeConfig to be selected for target discovery.
Works in combination with NamespaceSelector.
scrapeInterval
string		(Optional)
ScrapeInterval defines how often scrape targets by default
scrapeTimeout
string		(Optional)
ScrapeTimeout defines global timeout for targets scrape
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
selectAllByDefault
boolean		(Optional)
SelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector.
with selectAllByDefault: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector
Operator selects all exist serviceScrapes
with selectAllByDefault: false - selects nothing
serviceAccountName
string		(Optional)
ServiceAccountName is the name of the ServiceAccount to use to run the pods
serviceScrapeNamespaceSelector
LabelSelector		(Optional)
ServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
serviceScrapeRelabelTemplate
RelabelConfig array		(Optional)
ServiceScrapeRelabelTemplate defines relabel config, that will be added to each VMServiceScrape.
it’s useful for adding specific labels to all targets
serviceScrapeSelector
LabelSelector		(Optional)
ServiceScrapeSelector defines ServiceScrapes to be selected for target discovery.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vmagent VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		(Optional)
ServiceSpec that will be added to vmagent service spec
shardCount
integer		(Optional)
ShardCount - numbers of shards of VMAgent
in this case operator will use 1 deployment/sts per shard with
replicas count according to spec.replicas,
see here
statefulMode
boolean		(Optional)
StatefulMode enables StatefulSet for VMAgent instead of Deployment
it allows using persistent storage for vmagent’s persistentQueue
statefulRollingUpdateStrategy
StatefulSetUpdateStrategyType		(Optional)
StatefulRollingUpdateStrategy allows configuration for strategyType
set it to RollingUpdate for disabling operator statefulSet rollingUpdate
statefulStorage
StorageSpec		(Optional)
StatefulStorage configures storage for StatefulSet
staticScrapeNamespaceSelector
LabelSelector		(Optional)
StaticScrapeNamespaceSelector defines Namespaces to be selected for VMStaticScrape discovery.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
staticScrapeRelabelTemplate
RelabelConfig array		(Optional)
StaticScrapeRelabelTemplate defines relabel config, that will be added to each VMStaticScrape.
it’s useful for adding specific labels to all targets
staticScrapeSelector
LabelSelector		(Optional)
StaticScrapeSelector defines VMStaticScrape to be selected for target discovery.
Works in combination with NamespaceSelector.
If both nil - match everything.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
streamAggrConfig
StreamAggrConfig		(Optional)
StreamAggrConfig defines global stream aggregation configuration for VMAgent
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
updateStrategy
DeploymentStrategyType		(Optional)
UpdateStrategy - overrides default update strategy.
works only for deployments, statefulset always use OnDelete.
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
useVMConfigReloader
boolean		(Optional)
UseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates
vmAgentExternalLabelName
string		(Optional)
VMAgentExternalLabelName Name of vmAgent external label used to denote vmAgent instance
name. Defaults to the value of prometheus. External label will
not be added when value is set to empty string ("").
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

VMAlert #

VMAlert executes a list of given alerting or recording rules against configured address.

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAlert
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMAlertSpec

VMAlertDatasourceSpec #

VMAlertDatasourceSpec defines the remote storage configuration for VmAlert to read alerts from

Appears in:

FieldDescription
basicAuth
BasicAuth		(Optional)
headers
string array		(Optional)
Headers allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
oauth2
OAuth2		(Optional)
tlsConfig
TLSConfig		(Optional)
url
string		Victoria Metrics or VMSelect url. Required parameter. E.g. http://127.0.0.1:8428

VMAlertNotifierSpec #

VMAlertNotifierSpec defines the notifier url for sending information about alerts

Appears in:

FieldDescription
basicAuth
BasicAuth		(Optional)
headers
string array		(Optional)
Headers allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
oauth2
OAuth2		(Optional)
selector
DiscoverySelector		(Optional)
Selector allows service discovery for alertmanager
in this case all matched vmalertmanager replicas will be added into vmalert notifier.url
as statefulset pod.fqdn
tlsConfig
TLSConfig		(Optional)
url
string		(Optional)
AlertManager url. E.g. http://127.0.0.1:9093

VMAlertRemoteReadSpec #

VMAlertRemoteReadSpec defines the remote storage configuration for VmAlert to read alerts from

Appears in:

FieldDescription
basicAuth
BasicAuth		(Optional)
headers
string array		(Optional)
Headers allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
lookback
string		(Optional)
Lookback defines how far to look into past for alerts timeseries. For example, if lookback=1h then range from now() to now()-1h will be scanned. (default 1h0m0s)
Applied only to RemoteReadSpec
oauth2
OAuth2		(Optional)
tlsConfig
TLSConfig		(Optional)
url
string		URL of the endpoint to send samples to.

VMAlertRemoteWriteSpec #

VMAlertRemoteWriteSpec defines the remote storage configuration for VmAlert

Appears in:

FieldDescription
basicAuth
BasicAuth		(Optional)
concurrency
integer		(Optional)
Defines number of readers that concurrently write into remote storage (default 1)
flushInterval
string		(Optional)
Defines interval of flushes to remote write endpoint (default 5s)
headers
string array		(Optional)
Headers allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
maxBatchSize
integer		(Optional)
Defines defines max number of timeseries to be flushed at once (default 1000)
maxQueueSize
integer		(Optional)
Defines the max number of pending datapoints to remote write endpoint (default 100000)
oauth2
OAuth2		(Optional)
tlsConfig
TLSConfig		(Optional)
url
string		URL of the endpoint to send samples to.

VMAlertSpec #

VMAlertSpec defines the desired state of VMAlert

Appears in:

FieldDescription
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
configReloaderExtraArgs
object (keys:string, values:string)		(Optional)
ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
configReloaderImageTag
string		(Optional)
ConfigReloaderImageTag defines image:tag for config-reloader container
configReloaderResources
ResourceRequirements		(Optional)
ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
datasource
VMAlertDatasourceSpec		Datasource Victoria Metrics or VMSelect url. Required parameter. e.g. http://127.0.0.1:8428
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
enforcedNamespaceLabel
string		(Optional)
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
and metric that is user created. The label value will always be the namespace of the object that is
being created.
evaluationInterval
string		(Optional)
EvaluationInterval defines how often to evaluate rules by default
externalLabels
object (keys:string, values:string)		(Optional)
ExternalLabels in the form ’name: value’ to add to all generated recording rules and alerts.
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
license
License		(Optional)
License allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
logFormat
string		(Optional)
LogFormat for VMAlert to be configured with.
default or json
logLevel
string		(Optional)
LogLevel for VMAlert to be configured with.
managedMetadata
ManagedObjectsMetadata		ManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
notifier
VMAlertNotifierSpec		(Optional)
Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093
If specified both notifier and notifiers, notifier will be added as last element to notifiers.
only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier
notifierConfigRef
SecretKeySelector		(Optional)
NotifierConfigRef reference for secret with notifier configuration for vmalert
only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier
notifiers
VMAlertNotifierSpec array		(Optional)
Notifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093
If specified both notifier and notifiers, notifier will be added as last element to notifiers.
only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
podDisruptionBudget
EmbeddedPodDisruptionBudgetSpec		(Optional)
PodDisruptionBudget created by operator
podMetadata
EmbeddedObjectMetadata		PodMetadata configures Labels and Annotations which are propagated to the VMAlert pods.
port
string		(Optional)
Port listen address
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
remoteRead
VMAlertRemoteReadSpec		(Optional)
RemoteRead Optional URL to read vmalert state (persisted via RemoteWrite)
This configuration only makes sense if alerts state has been successfully
persisted (via RemoteWrite) before.
see -remoteRead.url docs in vmalerts for details.
E.g. http://127.0.0.1:8428
remoteWrite
VMAlertRemoteWriteSpec		(Optional)
RemoteWrite Optional URL to remote-write compatible storage to persist
vmalert state and rule results to.
Rule results will be persisted according to each rule.
Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE
see -remoteWrite.url docs in vmalerts for details.
E.g. http://127.0.0.1:8428
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
rollingUpdate
RollingUpdateDeployment		(Optional)
RollingUpdate - overrides deployment update params.
ruleNamespaceSelector
LabelSelector		(Optional)
RuleNamespaceSelector to be selected for VMRules discovery.
Works in combination with Selector.
If both nil - behaviour controlled by selectAllByDefault
NamespaceSelector nil - only objects at VMAlert namespace.
rulePath
string array		(Optional)
RulePath to the file with alert rules.
Supports patterns. Flag can be specified multiple times.
Examples:
-rule /path/to/file. Path to a single file with alerting rules
-rule dir/.yaml -rule /.yaml. Relative path to all .yaml files in folder,
absolute path to all .yaml files in root.
by default operator adds /etc/vmalert/configs/base/vmalert.yaml
ruleSelector
LabelSelector		(Optional)
RuleSelector selector to select which VMRules to mount for loading alerting
rules from.
Works in combination with NamespaceSelector.
If both nil - behaviour controlled by selectAllByDefault
NamespaceSelector nil - only objects at VMAlert namespace.
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
selectAllByDefault
boolean		(Optional)
SelectAllByDefault changes default behavior for empty CRD selectors, such RuleSelector.
with selectAllByDefault: true and empty serviceScrapeSelector and RuleNamespaceSelector
Operator selects all exist serviceScrapes
with selectAllByDefault: false - selects nothing
serviceAccountName
string		(Optional)
ServiceAccountName is the name of the ServiceAccount to use to run the pods
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vmalert VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		(Optional)
ServiceSpec that will be added to vmalert service spec
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
updateStrategy
DeploymentStrategyType		(Optional)
UpdateStrategy - overrides default update strategy.
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
useVMConfigReloader
boolean		(Optional)
UseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

VMAlertmanager #

VMAlertmanager represents Victoria-Metrics deployment for Alertmanager.

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAlertmanager
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMAlertmanagerSpec		Specification of the desired behavior of the VMAlertmanager cluster. More info:
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

VMAlertmanagerConfig #

VMAlertmanagerConfig is the Schema for the vmalertmanagerconfigs API

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAlertmanagerConfig
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMAlertmanagerConfigSpec

VMAlertmanagerConfigSpec #

VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig it must reference only locally defined objects

Appears in:

FieldDescription
inhibit_rules
InhibitRule array		(Optional)
InhibitRules will only apply for alerts matching
the resource’s namespace.
receivers
Receiver array		Receivers defines alert receivers
route
Route		Route definition for alertmanager, may include nested routes.
time_intervals
TimeIntervals array		(Optional)
TimeIntervals defines named interval for active/mute notifications interval
See https://prometheus.io/docs/alerting/latest/configuration/#time_interval

VMAlertmanagerSpec #

VMAlertmanagerSpec is a specification of the desired behavior of the VMAlertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Appears in:

FieldDescription
additionalPeers
string array		AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
claimTemplates
PersistentVolumeClaim array		ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet
clusterAdvertiseAddress
string		(Optional)
ClusterAdvertiseAddress is the explicit address to advertise in cluster.
Needs to be provided for non RFC1918 [1] (public) addresses.
[1] RFC1918: https://tools.ietf.org/html/rfc1918
clusterDomainName
string		(Optional)
ClusterDomainName defines domain name suffix for in-cluster dns addresses
aka .cluster.local
used to build pod peer addresses for in-cluster communication
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
configNamespaceSelector
LabelSelector		(Optional)
ConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAlertmanager namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
configRawYaml
string		(Optional)
ConfigRawYaml - raw configuration for alertmanager,
it helps it to start without secret.
priority -> hardcoded ConfigRaw -> ConfigRaw, provided by user -> ConfigSecret.
configReloaderExtraArgs
object (keys:string, values:string)		(Optional)
ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
configReloaderImageTag
string		(Optional)
ConfigReloaderImageTag defines image:tag for config-reloader container
configReloaderResources
ResourceRequirements		(Optional)
ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
configSecret
string		(Optional)
ConfigSecret is the name of a Kubernetes Secret in the same namespace as the
VMAlertmanager object, which contains configuration for this VMAlertmanager,
configuration must be inside secret key: alertmanager.yaml.
It must be created by user.
instance. Defaults to ‘vmalertmanager-
The secret is mounted into /etc/alertmanager/config.
configSelector
LabelSelector		(Optional)
ConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAlertmanager namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableNamespaceMatcher
boolean		(Optional)
DisableNamespaceMatcher disables top route namespace label matcher for VMAlertmanagerConfig
It may be useful if alert doesn’t have namespace label for some reason
disableRouteContinueEnforce
boolean		(Optional)
DisableRouteContinueEnforce cancel the behavior for VMAlertmanagerConfig that always enforce first-level route continue to true
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
enforcedTopRouteMatchers
string array		EnforcedTopRouteMatchers defines label matchers to be added for the top route
of VMAlertmanagerConfig
It allows to make some set of labels required for alerts.
https://prometheus.io/docs/alerting/latest/configuration/#matcher
externalURL
string		(Optional)
ExternalURL the VMAlertmanager instances will be available under. This is
necessary to generate correct URLs. This is necessary if VMAlertmanager is not
served from root of a DNS name.
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
gossipConfig
AlertmanagerGossipConfig		(Optional)
GossipConfig defines gossip TLS configuration for Alertmanager cluster
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
listenLocal
boolean		(Optional)
ListenLocal makes the VMAlertmanager server listen on loopback, so that it
does not bind against the Pod IP. Note this is only for the VMAlertmanager
UI, not the gossip communication.
logFormat
string		(Optional)
LogFormat for VMAlertmanager to be configured with.
logLevel
string		(Optional)
Log level for VMAlertmanager to be configured with.
managedMetadata
ManagedObjectsMetadata		ManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
podDisruptionBudget
EmbeddedPodDisruptionBudgetSpec		(Optional)
PodDisruptionBudget created by operator
podMetadata
EmbeddedObjectMetadata		(Optional)
PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods.
port
string		(Optional)
Port listen address
portName
string		(Optional)
PortName used for the pods and governing service.
This defaults to web
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
retention
string		(Optional)
Retention Time duration VMAlertmanager shall retain data for. Default is ‘120h’,
and must match the regular expression [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
rollingUpdateStrategy
StatefulSetUpdateStrategyType		(Optional)
RollingUpdateStrategy defines strategy for application updates
Default is OnDelete, in this case operator handles update process
Can be changed for RollingUpdate
routePrefix
string		(Optional)
RoutePrefix VMAlertmanager registers HTTP handlers for. This is useful,
if using ExternalURL and a proxy is rewriting HTTP routes of a request,
and the actual ExternalURL is still true, but the server serves requests
under a different route prefix. For example for use with kubectl proxy.
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
selectAllByDefault
boolean		(Optional)
SelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector.
with selectAllByDefault: true and undefined ConfigSelector and ConfigNamespaceSelector
Operator selects all exist alertManagerConfigs
with selectAllByDefault: false - selects nothing
serviceAccountName
string		(Optional)
ServiceAccountName is the name of the ServiceAccount to use to run the pods
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vmalertmanager VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		(Optional)
ServiceSpec that will be added to vmalertmanager service spec
storage
StorageSpec		(Optional)
Storage is the definition of how storage will be used by the VMAlertmanager
instances.
templates
ConfigMapKeyReference array		(Optional)
Templates is a list of ConfigMap key references for ConfigMaps in the same namespace as the VMAlertmanager
object, which shall be mounted into the VMAlertmanager Pods.
The Templates are mounted into /etc/vm/templates//.
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
useVMConfigReloader
boolean		(Optional)
UseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
webConfig
AlertmanagerWebConfig		(Optional)
WebConfig defines configuration for webserver
https://github.com/prometheus/alertmanager/blob/main/docs/https.md

VMAuth #

VMAuth is the Schema for the vmauths API

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAuth
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMAuthSpec

VMAuthLoadBalancer #

VMAuthLoadBalancer configures vmauth as a load balancer for the requests

Appears in:

FieldDescription
disableInsertBalancing
boolean
disableSelectBalancing
boolean
enabled
boolean
spec
VMAuthLoadBalancerSpec

VMAuthLoadBalancerSpec #

VMAuthLoadBalancerSpec defines configuration spec for VMAuth used as load-balancer for VMCluster component

Appears in:

FieldDescription
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
logFormat
string		(Optional)
LogFormat for vmauth
default or json
logLevel
string		(Optional)
LogLevel for vmauth container.
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
podDisruptionBudget
EmbeddedPodDisruptionBudgetSpec		(Optional)
PodDisruptionBudget created by operator
podMetadata
EmbeddedObjectMetadata		Common params for scheduling
PodMetadata configures Labels and Annotations which are propagated to the vmauth lb pods.
port
string		(Optional)
Port listen address
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vmauthlb VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		AdditionalServiceSpec defines service override configuration for vmauth lb deployment
it’ll be only applied to vmclusterlb- service
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

VMAuthSpec #

VMAuthSpec defines the desired state of VMAuth

Appears in:

FieldDescription
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
configReloaderExtraArgs
object (keys:string, values:string)		(Optional)
ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
configReloaderImageTag
string		(Optional)
ConfigReloaderImageTag defines image:tag for config-reloader container
configReloaderResources
ResourceRequirements		(Optional)
ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
configSecret
string		ConfigSecret is the name of a Kubernetes Secret in the same namespace as the
VMAuth object, which contains auth configuration for vmauth,
configuration must be inside secret key: config.yaml.
It must be created and managed manually.
If it’s defined, configuration for vmauth becomes unmanaged and operator’ll not create any related secrets/config-reloaders
Deprecated, use externalConfig.secretRef instead
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
default_url
string array		DefaultURLs backend url for non-matching paths filter
usually used for default backend with error message
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
discover_backend_ips
boolean		DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
drop_src_path_prefix_parts
integer		(Optional)
DropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
dump_request_on_errors
boolean		(Optional)
DumpRequestOnErrors instructs vmauth to return detailed request params to the client
if routing rules don’t allow to forward request to the backends.
Useful for debugging src_hosts and src_headers based routing rules

available since v1.107.0 vmauth version
externalConfig
ExternalConfig		(Optional)
ExternalConfig defines a source of external VMAuth configuration.
If it’s defined, configuration for vmauth becomes unmanaged and operator’ll not create any related secrets/config-reloaders
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
headers
string array		(Optional)
Headers represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
ingress
EmbeddedIngress		Ingress enables ingress configuration for VMAuth.
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
ip_filters
VMUserIPFilters		(Optional)
IPFilters defines per target src ip filters
supported only with enterprise version of vmauth
license
License		(Optional)
License allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
load_balancing_policy
string		(Optional)
LoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
logFormat
string		(Optional)
LogFormat for VMAuth to be configured with.
logLevel
string		(Optional)
LogLevel for victoria metrics single to be configured with.
managedMetadata
ManagedObjectsMetadata		ManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
max_concurrent_requests
integer		(Optional)
MaxConcurrentRequests defines max concurrent requests per user
300 is default value for vmauth
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
podDisruptionBudget
EmbeddedPodDisruptionBudgetSpec		(Optional)
PodDisruptionBudget created by operator
podMetadata
EmbeddedObjectMetadata		(Optional)
PodMetadata configures Labels and Annotations which are propagated to the VMAuth pods.
port
string		(Optional)
Port listen address
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
response_headers
string array		(Optional)
ResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
retry_status_codes
integer array		(Optional)
RetryStatusCodes defines http status codes in numeric format for request retries
e.g. [429,503]
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
selectAllByDefault
boolean		(Optional)
SelectAllByDefault changes default behavior for empty CRD selectors, such userSelector.
with selectAllByDefault: true and empty userSelector and userNamespaceSelector
Operator selects all exist users
with selectAllByDefault: false - selects nothing
serviceAccountName
string		(Optional)
ServiceAccountName is the name of the ServiceAccount to use to run the pods
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vmauth VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		(Optional)
ServiceSpec that will be added to vmsingle service spec
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tlsConfig
TLSConfig		(Optional)
TLSConfig defines tls configuration for the backend connection
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
unauthorizedAccessConfig
UnauthorizedAccessConfigURLMap array		UnauthorizedAccessConfig configures access for un authorized users

Deprecated, use unauthorizedUserAccessSpec instead
will be removed at v1.0 release
unauthorizedUserAccessSpec
VMAuthUnauthorizedUserAccessSpec		(Optional)
UnauthorizedUserAccessSpec defines unauthorized_user config section of vmauth config
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
useVMConfigReloader
boolean		(Optional)
UseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates
userNamespaceSelector
LabelSelector		(Optional)
UserNamespaceSelector Namespaces to be selected for VMAuth discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAuth namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
userSelector
LabelSelector		(Optional)
UserSelector defines VMUser to be selected for config file generation.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAuth namespace.
If both nil - behaviour controlled by selectAllByDefault
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

VMAuthUnauthorizedUserAccessSpec #

VMAuthUnauthorizedUserAccessSpec defines unauthorized_user section configuration for vmauth

Appears in:

FieldDescription
default_url
string array		DefaultURLs backend url for non-matching paths filter
usually used for default backend with error message
discover_backend_ips
boolean		DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
drop_src_path_prefix_parts
integer		(Optional)
DropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
dump_request_on_errors
boolean		(Optional)
DumpRequestOnErrors instructs vmauth to return detailed request params to the client
if routing rules don’t allow to forward request to the backends.
Useful for debugging src_hosts and src_headers based routing rules

available since v1.107.0 vmauth version
headers
string array		(Optional)
Headers represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
ip_filters
VMUserIPFilters		(Optional)
IPFilters defines per target src ip filters
supported only with enterprise version of vmauth
load_balancing_policy
string		(Optional)
LoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
max_concurrent_requests
integer		(Optional)
MaxConcurrentRequests defines max concurrent requests per user
300 is default value for vmauth
metric_labels
object (keys:string, values:string)		(Optional)
MetricLabels - additional labels for metrics exported by vmauth for given user.
response_headers
string array		(Optional)
ResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
retry_status_codes
integer array		(Optional)
RetryStatusCodes defines http status codes in numeric format for request retries
e.g. [429,503]
tlsConfig
TLSConfig		(Optional)
TLSConfig defines tls configuration for the backend connection
url_map
UnauthorizedAccessConfigURLMap array
url_prefix
StringOrArray		URLPrefix defines prefix prefix for destination

VMBackup #

Appears in:

FieldDescription
acceptEULA
boolean		(Optional)
AcceptEULA accepts enterprise feature usage, must be set to true.
otherwise backupmanager cannot be added to single/cluster version.
https://victoriametrics.com/legal/esa/
concurrency
integer		(Optional)
Defines number of concurrent workers. Higher concurrency may reduce backup duration (default 10)
credentialsSecret
SecretKeySelector		(Optional)
CredentialsSecret is secret in the same namespace for access to remote storage
The secret is mounted into /etc/vm/creds.
customS3Endpoint
string		(Optional)
Custom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set
destination
string		Defines destination for backup
destinationDisableSuffixAdd
boolean		(Optional)
DestinationDisableSuffixAdd - disables suffix adding for cluster version backups
each vmstorage backup must have unique backup folder
so operator adds POD_NAME as suffix for backup destination folder.
disableDaily
boolean		(Optional)
Defines if daily backups disabled (default false)
disableHourly
boolean		(Optional)
Defines if hourly backups disabled (default false)
disableMonthly
boolean		(Optional)
Defines if monthly backups disabled (default false)
disableWeekly
boolean		(Optional)
Defines if weekly backups disabled (default false)
extraArgs
object (keys:string, values:string)		(Optional)
extra args like maxBytesPerSecond default 0
extraEnvs
EnvVar array		(Optional)
image
Image		(Optional)
Image - docker image settings for VMBackuper
logFormat
string		(Optional)
LogFormat for VMBackup to be configured with.
default or json
logLevel
string		(Optional)
LogLevel for VMBackup to be configured with.
port
string		Port for health check connections
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
restore
VMRestore		(Optional)
Restore Allows to enable restore options for pod
Read more
snapshotCreateURL
string		(Optional)
SnapshotCreateURL overwrites url for snapshot create
snapshotDeleteURL
string		(Optional)
SnapShotDeleteURL overwrites url for snapshot delete
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition.
VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container,
that are generated as a result of StorageSpec objects.

VMCluster #

VMCluster is fast, cost-effective and scalable time-series database. Cluster version with

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMCluster
metadata
ObjectMeta		(Optional)
Refer to Kubernetes API documentation for fields of metadata.
spec
VMClusterSpec

VMClusterSpec #

VMClusterSpec defines the desired state of VMCluster

Appears in:

FieldDescription
clusterDomainName
string		(Optional)
ClusterDomainName defines domain name suffix for in-cluster dns addresses
aka .cluster.local
used by vminsert and vmselect to build vmstorage address
clusterVersion
string		(Optional)
ClusterVersion defines default images tag for all components.
it can be overwritten with component specific image.tag value.
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
license
License		(Optional)
License allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
managedMetadata
ManagedObjectsMetadata		ManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
replicationFactor
integer		(Optional)
ReplicationFactor defines how many copies of data make among
distinct storage nodes
requestsLoadBalancer
VMAuthLoadBalancer		RequestsLoadBalancer configures load-balancing for vminsert and vmselect requests
it helps to evenly spread load across pods
usually it’s not possible with kubernetes TCP based service
retentionPeriod
string		RetentionPeriod for the stored metrics
Note VictoriaMetrics has data/ and indexdb/ folders
metrics from data/ removed eventually as soon as partition leaves retention period
reverse index data at indexdb rotates once at the half of configured
retention period
serviceAccountName
string		(Optional)
ServiceAccountName is the name of the ServiceAccount to use to run the
VMSelect, VMStorage and VMInsert Pods.
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
vminsert
VMInsert		(Optional)
vmselect
VMSelect		(Optional)
vmstorage
VMStorage		(Optional)

VMInsert #

Appears in:

FieldDescription
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
clusterNativeListenPort
string		(Optional)
ClusterNativePort for multi-level cluster setup.
More details
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
hpa
EmbeddedHPA		HPA defines kubernetes PodAutoScaling configuration version 2.
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
insertPorts
InsertPorts		InsertPorts - additional listen ports for data ingestion.
logFormat
string		(Optional)
LogFormat for VMInsert to be configured with.
default or json
logLevel
string		(Optional)
LogLevel for VMInsert to be configured with.
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
podDisruptionBudget
EmbeddedPodDisruptionBudgetSpec		(Optional)
PodDisruptionBudget created by operator
podMetadata
EmbeddedObjectMetadata		PodMetadata configures Labels and Annotations which are propagated to the VMInsert pods.
port
string		(Optional)
Port listen address
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
rollingUpdate
RollingUpdateDeployment		(Optional)
RollingUpdate - overrides deployment update params.
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vminsert VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		(Optional)
ServiceSpec that will be added to vminsert service spec
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
updateStrategy
DeploymentStrategyType		(Optional)
UpdateStrategy - overrides default update strategy.
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

VMNodeScrape #

VMNodeScrape defines discovery for targets placed on kubernetes nodes, usually its node-exporters and other host services. InternalIP is used as address for scraping.

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMNodeScrape
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMNodeScrapeSpec

VMNodeScrapeSpec #

VMNodeScrapeSpec defines specification for VMNodeScrape.

Appears in:

FieldDescription
authorization
Authorization		(Optional)
Authorization with http header Authorization
basicAuth
BasicAuth		(Optional)
BasicAuth allow an endpoint to authenticate over basic authentication
bearerTokenFile
string		(Optional)
File to read bearer token for scraping targets.
bearerTokenSecret
SecretKeySelector		(Optional)
Secret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
follow_redirects
boolean		(Optional)
FollowRedirects controls redirects for scraping.
honorLabels
boolean		(Optional)
HonorLabels chooses the metric’s labels on collisions with target labels.
honorTimestamps
boolean		(Optional)
HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
interval
string		(Optional)
Interval at which metrics should be scraped
jobLabel
string		(Optional)
The label to use to retrieve the job name from.
max_scrape_size
string		(Optional)
MaxScrapeSize defines a maximum size of scraped data for a job
metricRelabelConfigs
RelabelConfig array		(Optional)
MetricRelabelConfigs to apply to samples after scrapping.
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
params
object (keys:string, values:string array)		(Optional)
Optional HTTP URL parameters
path
string		(Optional)
HTTP path to scrape for metrics.
port
string		(Optional)
Name of the port exposed at Node.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
relabelConfigs
RelabelConfig array		(Optional)
RelabelConfigs to apply to samples during service discovery.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
scheme
string		(Optional)
HTTP scheme to use for scraping.
scrapeTimeout
string		(Optional)
Timeout after which the scrape is ended
scrape_interval
string		(Optional)
ScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
selector
LabelSelector		(Optional)
Selector to select kubernetes Nodes.
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
targetLabels
string array		(Optional)
TargetLabels transfers labels on the Kubernetes Node onto the target.
tlsConfig
TLSConfig		(Optional)
TLSConfig configuration to use when scraping the endpoint
vm_scrape_params
VMScrapeParams		(Optional)
VMScrapeParams defines VictoriaMetrics specific scrape parameters

VMPodScrape #

VMPodScrape is scrape configuration for pods, it generates vmagent’s config for scraping pod targets based on selectors.

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMPodScrape
metadata
ObjectMeta		(Optional)
Refer to Kubernetes API documentation for fields of metadata.
spec
VMPodScrapeSpec

VMPodScrapeSpec #

VMPodScrapeSpec defines the desired state of VMPodScrape

Appears in:

FieldDescription
attach_metadata
AttachMetadata		(Optional)
AttachMetadata configures metadata attaching from service discovery
jobLabel
string		(Optional)
The label to use to retrieve the job name from.
namespaceSelector
NamespaceSelector		(Optional)
Selector to select which namespaces the Endpoints objects are discovered from.
podMetricsEndpoints
PodMetricsEndpoint array		A list of endpoints allowed as part of this PodMonitor.
podTargetLabels
string array		(Optional)
PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
selector
LabelSelector		(Optional)
Selector to select Pod objects.
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.

VMProbe #

VMProbe defines a probe for targets, that will be executed with prober, like blackbox exporter. It helps to monitor reachability of target with various checks.

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMProbe
metadata
ObjectMeta		(Optional)
Refer to Kubernetes API documentation for fields of metadata.
spec
VMProbeSpec

VMProbeSpec #

VMProbeSpec contains specification parameters for a Probe.

Appears in:

FieldDescription
authorization
Authorization		(Optional)
Authorization with http header Authorization
basicAuth
BasicAuth		(Optional)
BasicAuth allow an endpoint to authenticate over basic authentication
bearerTokenFile
string		(Optional)
File to read bearer token for scraping targets.
bearerTokenSecret
SecretKeySelector		(Optional)
Secret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
follow_redirects
boolean		(Optional)
FollowRedirects controls redirects for scraping.
honorLabels
boolean		(Optional)
HonorLabels chooses the metric’s labels on collisions with target labels.
honorTimestamps
boolean		(Optional)
HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
interval
string		(Optional)
Interval at which metrics should be scraped
jobName
string		The job name assigned to scraped metrics by default.
max_scrape_size
string		(Optional)
MaxScrapeSize defines a maximum size of scraped data for a job
metricRelabelConfigs
RelabelConfig array		(Optional)
MetricRelabelConfigs to apply to samples after scrapping.
module
string		The module to use for probing specifying how to probe the target.
Example module configuring in the blackbox exporter:
https://github.com/prometheus/blackbox_exporter/blob/master/example.yml
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
params
object (keys:string, values:string array)		(Optional)
Optional HTTP URL parameters
path
string		(Optional)
HTTP path to scrape for metrics.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
scheme
string		(Optional)
HTTP scheme to use for scraping.
scrapeTimeout
string		(Optional)
Timeout after which the scrape is ended
scrape_interval
string		(Optional)
ScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
targets
VMProbeTargets		Targets defines a set of static and/or dynamically discovered targets to be probed using the prober.
tlsConfig
TLSConfig		(Optional)
TLSConfig configuration to use when scraping the endpoint
vmProberSpec
VMProberSpec		Specification for the prober to use for probing targets.
The prober.URL parameter is required. Targets cannot be probed if left empty.
vm_scrape_params
VMScrapeParams		(Optional)
VMScrapeParams defines VictoriaMetrics specific scrape parameters

VMProbeTargetStaticConfig #

VMProbeTargetStaticConfig defines the set of static targets considered for probing.

Appears in:

FieldDescription
labels
object (keys:string, values:string)		Labels assigned to all metrics scraped from the targets.
relabelingConfigs
RelabelConfig array		RelabelConfigs to apply to samples during service discovery.
targets
string array		Targets is a list of URLs to probe using the configured prober.

VMProbeTargets #

VMProbeTargets defines a set of static and dynamically discovered targets for the prober.

Appears in:

FieldDescription
ingress
ProbeTargetIngress		Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing.
staticConfig
VMProbeTargetStaticConfig		StaticConfig defines static targets which are considers for probing.

VMProberSpec #

VMProberSpec contains specification parameters for the Prober used for probing.

Appears in:

FieldDescription
path
string		Path to collect metrics from.
Defaults to /probe.
scheme
string		(Optional)
HTTP scheme to use for scraping.
Defaults to http.
url
string		Mandatory URL of the prober.

VMRestore #

VMRestore defines config options for vmrestore start-up

Appears in:

FieldDescription
onStart
VMRestoreOnStartConfig		(Optional)
OnStart defines configuration for restore on pod start

VMRestoreOnStartConfig #

VMRestoreOnStartConfig controls vmrestore setting

Appears in:

FieldDescription
enabled
boolean		(Optional)
Enabled defines if restore on start enabled

VMRule #

VMRule defines rule records for vmalert application

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMRule
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMRuleSpec

VMRuleSpec #

VMRuleSpec defines the desired state of VMRule

Appears in:

FieldDescription
groups
RuleGroup array		Groups list of group rules

VMScrapeConfig #

VMScrapeConfig specifies a set of targets and parameters describing how to scrape them.

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMScrapeConfig
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMScrapeConfigSpec

VMScrapeConfigSpec #

VMScrapeConfigSpec defines the desired state of VMScrapeConfig

Appears in:

FieldDescription
authorization
Authorization		(Optional)
Authorization with http header Authorization
azureSDConfigs
AzureSDConfig array		(Optional)
AzureSDConfigs defines a list of Azure service discovery configurations.
basicAuth
BasicAuth		(Optional)
BasicAuth allow an endpoint to authenticate over basic authentication
bearerTokenFile
string		(Optional)
File to read bearer token for scraping targets.
bearerTokenSecret
SecretKeySelector		(Optional)
Secret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
consulSDConfigs
ConsulSDConfig array		(Optional)
ConsulSDConfigs defines a list of Consul service discovery configurations.
digitalOceanSDConfigs
DigitalOceanSDConfig array		(Optional)
DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations.
dnsSDConfigs
DNSSDConfig array		(Optional)
DNSSDConfigs defines a list of DNS service discovery configurations.
ec2SDConfigs
EC2SDConfig array		(Optional)
EC2SDConfigs defines a list of EC2 service discovery configurations.
fileSDConfigs
FileSDConfig array		(Optional)
FileSDConfigs defines a list of file service discovery configurations.
follow_redirects
boolean		(Optional)
FollowRedirects controls redirects for scraping.
gceSDConfigs
GCESDConfig array		(Optional)
GCESDConfigs defines a list of GCE service discovery configurations.
honorLabels
boolean		(Optional)
HonorLabels chooses the metric’s labels on collisions with target labels.
honorTimestamps
boolean		(Optional)
HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
httpSDConfigs
HTTPSDConfig array		(Optional)
HTTPSDConfigs defines a list of HTTP service discovery configurations.
interval
string		(Optional)
Interval at which metrics should be scraped
kubernetesSDConfigs
KubernetesSDConfig array		(Optional)
KubernetesSDConfigs defines a list of Kubernetes service discovery configurations.
max_scrape_size
string		(Optional)
MaxScrapeSize defines a maximum size of scraped data for a job
metricRelabelConfigs
RelabelConfig array		(Optional)
MetricRelabelConfigs to apply to samples after scrapping.
oauth2
OAuth2		(Optional)
OAuth2 defines auth configuration
openstackSDConfigs
OpenStackSDConfig array		(Optional)
OpenStackSDConfigs defines a list of OpenStack service discovery configurations.
params
object (keys:string, values:string array)		(Optional)
Optional HTTP URL parameters
path
string		(Optional)
HTTP path to scrape for metrics.
proxyURL
string		(Optional)
ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
relabelConfigs
RelabelConfig array		(Optional)
RelabelConfigs to apply to samples during service discovery.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
scheme
string		(Optional)
HTTP scheme to use for scraping.
scrapeTimeout
string		(Optional)
Timeout after which the scrape is ended
scrape_interval
string		(Optional)
ScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
staticConfigs
StaticConfig array		(Optional)
StaticConfigs defines a list of static targets with a common label set.
tlsConfig
TLSConfig		(Optional)
TLSConfig configuration to use when scraping the endpoint
vm_scrape_params
VMScrapeParams		(Optional)
VMScrapeParams defines VictoriaMetrics specific scrape parameters

VMScrapeParams #

VMScrapeParams defines scrape target configuration that compatible only with VictoriaMetrics scrapers VMAgent and VMSingle

Appears in:

FieldDescription
disable_compression
boolean		(Optional)
DisableCompression
disable_keep_alive
boolean		(Optional)
disable_keepalive allows disabling HTTP keep-alive when scraping targets.
By default, HTTP keep-alive is enabled, so TCP connections to scrape targets
could be reused.
See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements
headers
string array		(Optional)
Headers allows sending custom headers to scrape targets
must be in of semicolon separated header with it’s value
eg:
headerName: headerValue
vmagent supports since 1.79.0 version
no_stale_markers
boolean		(Optional)
proxy_client_config
ProxyAuth		(Optional)
ProxyClientConfig configures proxy auth settings for scraping
See feature description https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy
scrape_align_interval
string		(Optional)
scrape_offset
string		(Optional)
stream_parse
boolean		(Optional)

VMSelect #

VMSelect defines configuration section for vmselect components of the victoria-metrics cluster

Appears in:

FieldDescription
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
cacheMountPath
string		(Optional)
CacheMountPath allows to add cache persistent for VMSelect,
will use “/cache” as default if not specified.
claimTemplates
PersistentVolumeClaim array		ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet
clusterNativeListenPort
string		(Optional)
ClusterNativePort for multi-level cluster setup.
More details
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
hpa
EmbeddedHPA		(Optional)
Configures horizontal pod autoscaling.
Note, enabling this option disables vmselect to vmselect communication. In most cases it’s not an issue.
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
logFormat
string		(Optional)
LogFormat for VMSelect to be configured with.
default or json
logLevel
string		(Optional)
LogLevel for VMSelect to be configured with.
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
persistentVolume
StorageSpec		(Optional)
Storage - add persistent volume for cacheMountPath
its useful for persistent cache
use storage instead of persistentVolume.
podDisruptionBudget
EmbeddedPodDisruptionBudgetSpec		(Optional)
PodDisruptionBudget created by operator
podMetadata
EmbeddedObjectMetadata		PodMetadata configures Labels and Annotations which are propagated to the VMSelect pods.
port
string		(Optional)
Port listen address
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
rollingUpdateStrategy
StatefulSetUpdateStrategyType		(Optional)
RollingUpdateStrategy defines strategy for application updates
Default is OnDelete, in this case operator handles update process
Can be changed for RollingUpdate
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vmselect VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		(Optional)
ServiceSpec that will be added to vmselect service spec
storage
StorageSpec		(Optional)
StorageSpec - add persistent volume claim for cacheMountPath
its needed for persistent cache
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

VMServiceScrape #

VMServiceScrape is scrape configuration for endpoints associated with kubernetes service, it generates scrape configuration for vmagent based on selectors. result config will scrape service endpoints

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMServiceScrape
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMServiceScrapeSpec

VMServiceScrapeSpec #

VMServiceScrapeSpec defines the desired state of VMServiceScrape

Appears in:

FieldDescription
attach_metadata
AttachMetadata		(Optional)
AttachMetadata configures metadata attaching from service discovery
discoveryRole
string		(Optional)
DiscoveryRole - defines kubernetes_sd role for objects discovery.
by default, its endpoints.
can be changed to service or endpointslices.
note, that with service setting, you have to use port: “name”
and cannot use targetPort for endpoints.
endpoints
Endpoint array		A list of endpoints allowed as part of this ServiceScrape.
jobLabel
string		(Optional)
The label to use to retrieve the job name from.
namespaceSelector
NamespaceSelector		(Optional)
Selector to select which namespaces the Endpoints objects are discovered from.
podTargetLabels
string array		(Optional)
PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
selector
LabelSelector		(Optional)
Selector to select Endpoints objects by corresponding Service labels.
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
targetLabels
string array		(Optional)
TargetLabels transfers labels on the Kubernetes Service onto the target.

VMSingle #

VMSingle is fast, cost-effective and scalable time-series database.

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMSingle
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMSingleSpec

VMSingleSpec #

VMSingleSpec defines the desired state of VMSingle

Appears in:

FieldDescription
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
insertPorts
InsertPorts		InsertPorts - additional listen ports for data ingestion.
license
License		(Optional)
License allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
logFormat
string		(Optional)
LogFormat for VMSingle to be configured with.
logLevel
string		(Optional)
LogLevel for victoria metrics single to be configured with.
managedMetadata
ManagedObjectsMetadata		ManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
podMetadata
EmbeddedObjectMetadata		(Optional)
PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods.
port
string		(Optional)
Port listen address
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
removePvcAfterDelete
boolean		(Optional)
RemovePvcAfterDelete - if true, controller adds ownership to pvc
and after VMSingle object deletion - pvc will be garbage collected
by controller manager
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
retentionPeriod
string		RetentionPeriod for the stored metrics
Note VictoriaMetrics has data/ and indexdb/ folders
metrics from data/ removed eventually as soon as partition leaves retention period
reverse index data at indexdb rotates once at the half of configured retention period
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
serviceAccountName
string		(Optional)
ServiceAccountName is the name of the ServiceAccount to use to run the pods
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vmsingle VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		(Optional)
ServiceSpec that will be added to vmsingle service spec
storage
PersistentVolumeClaimSpec		(Optional)
Storage is the definition of how storage will be used by the VMSingle
by default it`s empty dir
this option is ignored if storageDataPath is set
storageDataPath
string		(Optional)
StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary –storageDataPath,
its users responsibility to mount proper device into given path.
It requires to provide spec.volumes and spec.volumeMounts with at least 1 value
storageMetadata
EmbeddedObjectMetadata		(Optional)
StorageMeta defines annotations and labels attached to PVC for given vmsingle CR
streamAggrConfig
StreamAggrConfig		StreamAggrConfig defines stream aggregation configuration for VMSingle
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
vmBackup
VMBackup		(Optional)
VMBackup configuration for backup
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

VMStaticScrape #

VMStaticScrape defines static targets configuration for scraping.

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMStaticScrape
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMStaticScrapeSpec

VMStaticScrapeSpec #

VMStaticScrapeSpec defines the desired state of VMStaticScrape.

Appears in:

FieldDescription
jobName
string		JobName name of job.
sampleLimit
integer		(Optional)
SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
seriesLimit
integer		(Optional)
SeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
targetEndpoints
TargetEndpoint array		A list of target endpoints to scrape metrics from.

VMStorage #

Appears in:

FieldDescription
affinity
Affinity		(Optional)
Affinity If specified, the pod’s scheduling constraints.
claimTemplates
PersistentVolumeClaim array		ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet
configMaps
string array		(Optional)
ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
containers
Container array		(Optional)
Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
disableAutomountServiceAccountToken
boolean		(Optional)
DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0).
Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access.
For example, vmagent and vm-config-reloader requires k8s API access.
Operator creates volumes with name: “kube-api-access”, which can be used as volumeMount for extraContainers if needed.
And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount.
disableSelfServiceScrape
boolean		(Optional)
DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
dnsConfig
PodDNSConfig		(Optional)
Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
dnsPolicy
DNSPolicy		(Optional)
DNSPolicy sets DNS policy for the pod
extraArgs
object (keys:string, values:string)		(Optional)
ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
extraEnvs
EnvVar array		(Optional)
ExtraEnvs that will be passed to the application container
hostAliases
HostAlias array		(Optional)
HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
hostNetwork
boolean		(Optional)
HostNetwork controls whether the pod may use the node network namespace
host_aliases
HostAlias array		(Optional)
HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
image
Image		(Optional)
Image - docker image settings
if no specified operator uses default version from operator config
imagePullSecrets
LocalObjectReference array		(Optional)
ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
initContainers
Container array		(Optional)
InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
logFormat
string		(Optional)
LogFormat for VMStorage to be configured with.
default or json
logLevel
string		(Optional)
LogLevel for VMStorage to be configured with.
maintenanceInsertNodeIDs
integer array		(Optional)
MaintenanceInsertNodeIDs - excludes given node ids from insert requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc.
lets say, you have pod-0, pod-1, pod-2, pod-3. to exclude pod-0 and pod-3 from insert routing, define nodeIDs: [0,3].
Useful at storage expanding, when you want to rebalance some data at cluster.
maintenanceSelectNodeIDs
integer array		MaintenanceInsertNodeIDs - excludes given node ids from select requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc.
minReadySeconds
integer		(Optional)
MinReadySeconds defines a minimum number of seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
nodeSelector
object (keys:string, values:string)		(Optional)
NodeSelector Define which Nodes the Pods are scheduled on.
paused
boolean		(Optional)
Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
podDisruptionBudget
EmbeddedPodDisruptionBudgetSpec		(Optional)
PodDisruptionBudget created by operator
podMetadata
EmbeddedObjectMetadata		PodMetadata configures Labels and Annotations which are propagated to the VMStorage pods.
port
string		(Optional)
Port listen address
priorityClassName
string		(Optional)
PriorityClassName class assigned to the Pods
readinessGates
PodReadinessGate array		ReadinessGates defines pod readiness gates
replicaCount
integer		(Optional)
ReplicaCount is the expected size of the Application.
resources
ResourceRequirements		(Optional)
Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
revisionHistoryLimitCount
integer		(Optional)
The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
rollingUpdateStrategy
StatefulSetUpdateStrategyType		(Optional)
RollingUpdateStrategy defines strategy for application updates
Default is OnDelete, in this case operator handles update process
Can be changed for RollingUpdate
runtimeClassName
string		(Optional)
RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
schedulerName
string		(Optional)
SchedulerName - defines kubernetes scheduler name
secrets
string array		(Optional)
Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
securityContext
SecurityContext		(Optional)
SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
serviceScrapeSpec
VMServiceScrapeSpec		(Optional)
ServiceScrapeSpec that will be added to vmstorage VMServiceScrape spec
serviceSpec
AdditionalServiceSpec		(Optional)
ServiceSpec that will be create additional service for vmstorage
storage
StorageSpec		(Optional)
Storage - add persistent volume for StorageDataPath
its useful for persistent cache
storageDataPath
string		(Optional)
StorageDataPath - path to storage data
terminationGracePeriodSeconds
integer		(Optional)
TerminationGracePeriodSeconds period for container graceful termination
tolerations
Toleration array		(Optional)
Tolerations If specified, the pod’s tolerations.
topologySpreadConstraints
TopologySpreadConstraint array		(Optional)
TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
useDefaultResources
boolean		(Optional)
UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
useStrictSecurity
boolean		(Optional)
UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
vmBackup
VMBackup		(Optional)
VMBackup configuration for backup
vmInsertPort
string		(Optional)
VMInsertPort for VMInsert connections
vmSelectPort
string		(Optional)
VMSelectPort for VMSelect connections
volumeMounts
VolumeMount array		(Optional)
VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
volumes
Volume array		Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional

VMUser #

VMUser is the Schema for the vmusers API

FieldDescription
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMUser
metadata
ObjectMeta		Refer to Kubernetes API documentation for fields of metadata.
spec
VMUserSpec

VMUserConfigOptions #

VMUserConfigOptions defines configuration options for VMUser object

Appears in:

FieldDescription
default_url
string array		DefaultURLs backend url for non-matching paths filter
usually used for default backend with error message
discover_backend_ips
boolean		DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
drop_src_path_prefix_parts
integer		(Optional)
DropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
dump_request_on_errors
boolean		(Optional)
DumpRequestOnErrors instructs vmauth to return detailed request params to the client
if routing rules don’t allow to forward request to the backends.
Useful for debugging src_hosts and src_headers based routing rules

available since v1.107.0 vmauth version
headers
string array		(Optional)
Headers represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
ip_filters
VMUserIPFilters		(Optional)
IPFilters defines per target src ip filters
supported only with enterprise version of vmauth
load_balancing_policy
string		(Optional)
LoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
max_concurrent_requests
integer		(Optional)
MaxConcurrentRequests defines max concurrent requests per user
300 is default value for vmauth
response_headers
string array		(Optional)
ResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
retry_status_codes
integer array		(Optional)
RetryStatusCodes defines http status codes in numeric format for request retries
e.g. [429,503]
tlsConfig
TLSConfig		(Optional)
TLSConfig defines tls configuration for the backend connection

VMUserIPFilters #

VMUserIPFilters defines filters for IP addresses supported only with enterprise version of vmauth

Appears in:

FieldDescription
allow_list
string array
deny_list
string array

VMUserSpec #

VMUserSpec defines the desired state of VMUser

Appears in:

FieldDescription
bearerToken
string		(Optional)
BearerToken Authorization header value for accessing protected endpoint.
default_url
string array		DefaultURLs backend url for non-matching paths filter
usually used for default backend with error message
disable_secret_creation
boolean		DisableSecretCreation skips related secret creation for vmuser
discover_backend_ips
boolean		DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
drop_src_path_prefix_parts
integer		(Optional)
DropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
dump_request_on_errors
boolean		(Optional)
DumpRequestOnErrors instructs vmauth to return detailed request params to the client
if routing rules don’t allow to forward request to the backends.
Useful for debugging src_hosts and src_headers based routing rules

available since v1.107.0 vmauth version
generatePassword
boolean		(Optional)
GeneratePassword instructs operator to generate password for user
if spec.password if empty.
headers
string array		(Optional)
Headers represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
ip_filters
VMUserIPFilters		(Optional)
IPFilters defines per target src ip filters
supported only with enterprise version of vmauth
load_balancing_policy
string		(Optional)
LoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
max_concurrent_requests
integer		(Optional)
MaxConcurrentRequests defines max concurrent requests per user
300 is default value for vmauth
metric_labels
object (keys:string, values:string)		(Optional)
MetricLabels - additional labels for metrics exported by vmauth for given user.
name
string		(Optional)
Name of the VMUser object.
password
string		(Optional)
Password basic auth password for accessing protected endpoint.
passwordRef
SecretKeySelector		(Optional)
PasswordRef allows fetching password from user-create secret by its name and key.
response_headers
string array		(Optional)
ResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
retry_status_codes
integer array		(Optional)
RetryStatusCodes defines http status codes in numeric format for request retries
e.g. [429,503]
targetRefs
TargetRef array		TargetRefs - reference to endpoints, which user may access.
tlsConfig
TLSConfig		(Optional)
TLSConfig defines tls configuration for the backend connection
tokenRef
SecretKeySelector		(Optional)
TokenRef allows fetching token from user-created secrets by its name and key.
username
string		(Optional)
UserName basic auth user name for accessing protected endpoint,
will be replaced with metadata.name of VMUser if omitted.

VictorOpsConfig #

VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config

Appears in:

FieldDescription
api_key
SecretKeySelector		(Optional)
The secret’s key that contains the API key to use when talking to the VictorOps API.
It must be at them same namespace as CRD
fallback to global setting if empty
api_url
string		(Optional)
The VictorOps API URL.
custom_fields
object (keys:string, values:string)		(Optional)
Adds optional custom fields
https://github.com/prometheus/alertmanager/blob/v0.24.0/config/notifiers.go#L537
entity_display_name
string		(Optional)
Contains summary of the alerted problem.
http_config
HTTPConfig		(Optional)
The HTTP client’s configuration.
message_type
string		(Optional)
Describes the behavior of the alert (CRITICAL, WARNING, INFO).
monitoring_tool
string		(Optional)
The monitoring tool the state message is from.
routing_key
string		A key used to map the alert to a team.
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
state_message
string		(Optional)
Contains long explanation of the alerted problem.

WeChatConfig #

WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config

Appears in:

FieldDescription
agent_id
string		(Optional)
api_secret
SecretKeySelector		(Optional)
The secret’s key that contains the WeChat API key.
The secret needs to be in the same namespace as the AlertmanagerConfig
fallback to global alertmanager setting if empty
api_url
string		(Optional)
The WeChat API URL.
fallback to global alertmanager setting if empty
corp_id
string		(Optional)
The corp id for authentication.
fallback to global alertmanager setting if empty
http_config
HTTPConfig		(Optional)
HTTP client configuration.
message
string		API request data as defined by the WeChat API.
message_type
string		(Optional)
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
to_party
string		(Optional)
to_tag
string		(Optional)
to_user
string		(Optional)

WebexConfig #

Appears in:

FieldDescription
api_url
string		(Optional)
The Webex Teams API URL, i.e. https://webexapis.com/v1/messages
http_config
HTTPConfig		(Optional)
HTTP client configuration. You must use this configuration to supply the bot token as part of the HTTP Authorization header.
message
string		(Optional)
The message body template
room_id
string		The ID of the Webex Teams room where to send the messages
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.

WebhookConfig #

WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config

Appears in:

FieldDescription
http_config
HTTPConfig		(Optional)
HTTP client configuration.
max_alerts
integer		(Optional)
Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.
send_resolved
boolean		(Optional)
SendResolved controls notify about resolved alerts.
url
string		(Optional)
URL to send requests to,
one of urlSecret and url must be defined.
url_secret
SecretKeySelector		(Optional)
URLSecret defines secret name and key at the CRD namespace.
It must contain the webhook URL.
one of urlSecret and url must be defined.

Content

Back to Page