Packages #

operator.victoriametrics.com/v1beta1 #

Package v1beta1 contains API Schema definitions for the victoriametrics v1beta1 API group

Resource Types #

APIServerConfig #

APIServerConfig defines a host and auth methods to access apiserver.

Appears in:

FieldDescriptionSchemeRequired
authorizationAuthorizationfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authenticationBasicAuthfalse
bearerTokenBearer token for accessing apiserver.stringfalse
bearerTokenFileFile to read bearer token for accessing apiserver.stringfalse
hostHost of apiserver.
A valid string consisting of a hostname or IP followed by an optional port number
stringtrue
tlsConfigTLSConfig Config to use for accessing apiserver.TLSConfigfalse

AdditionalServiceSpec #

ServiceSpec defines additional service for CRD with user-defined params. by default, some of fields can be inherited from default service definition for the CRD: labels,selector, ports. if metadata.name is not defined, service will have format {{CRD_TYPE}}-{{CRD_NAME}}-additional-service. if UseAsDefault is set to true, changes applied to the main service without additional service creation

Appears in:

FieldDescriptionSchemeRequired
metadataRefer to Kubernetes API documentation for fields of metadata.EmbeddedObjectMetadatafalse
specServiceSpec describes the attributes that a user creates on a service.
More info: https://kubernetes.io/docs/concepts/services-networking/service/
ServiceSpectrue
useAsDefaultUseAsDefault applies changes from given service definition to the main object Service
Changing from headless service to clusterIP or loadbalancer may break cross-component communication
booleanfalse

AlertmanagerGossipConfig #

AlertmanagerGossipConfig defines Gossip TLS configuration for alertmanager

Appears in:

FieldDescriptionSchemeRequired
tls_client_configTLSClientConfig defines client TLS configuration for alertmanagerTLSClientConfigtrue
tls_server_configTLSServerConfig defines server TLS configuration for alertmanagerTLSServerConfigtrue

AlertmanagerHTTPConfig #

AlertmanagerHTTPConfig defines http server configuration for alertmanager

Appears in:

FieldDescriptionSchemeRequired
headersHeaders defines list of headers that can be added to HTTP responses.object (keys:string, values:string)false
http2HTTP2 enables HTTP/2 support. Note that HTTP/2 is only supported with TLS.
This can not be changed on the fly.
booleanfalse

AlertmanagerWebConfig #

AlertmanagerWebConfig defines web server configuration for alertmanager

Appears in:

FieldDescriptionSchemeRequired
basic_auth_usersBasicAuthUsers Usernames and hashed passwords that have full access to the web server
Passwords must be hashed with bcrypt
object (keys:string, values:string)false
http_server_configHTTPServerConfig defines http server configuration for alertmanager web serverAlertmanagerHTTPConfigfalse
tls_server_configTLSServerConfig defines server TLS configuration for alertmanagerTLSServerConfigfalse

ArbitraryFSAccessThroughSMsConfig #

ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service scrape selected by the vmagent instance is allowed to use arbitrary files on the file system of the vmagent container. This is the case when e.g. a service scrape specifies a BearerTokenFile in an endpoint. A malicious user could create a service scrape selecting arbitrary secret files in the vmagent container. Those secrets would then be sent with a scrape request by vmagent to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.

Appears in:

FieldDescriptionSchemeRequired
denybooleantrue

AttachMetadata #

AttachMetadata configures metadata attachment

Appears in:

FieldDescriptionSchemeRequired
nodeNode instructs vmagent to add node specific metadata from service discovery
Valid for roles: pod, endpoints, endpointslice.
booleanfalse

Authorization #

Authorization configures generic authorization params

Appears in:

FieldDescriptionSchemeRequired
credentialsReference to the secret with value for authorizationSecretKeySelectortrue
credentialsFileFile with value for authorizationstringfalse
typeType of authorization, default to bearerstringfalse

AzureSDConfig #

AzureSDConfig allow retrieving scrape targets from Azure VMs. See here

Appears in:

FieldDescriptionSchemeRequired
authenticationMethod# The authentication method, either OAuth or ManagedIdentity.
See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
stringfalse
clientIDOptional client ID. Only required with the OAuth authentication method.stringfalse
clientSecretOptional client secret. Only required with the OAuth authentication method.SecretKeySelectorfalse
environmentThe Azure environment.stringfalse
portThe port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
integerfalse
resourceGroupOptional resource group name. Limits discovery to this resource group.stringfalse
subscriptionIDThe subscription ID. Always required.stringtrue
tenantIDOptional tenant ID. Only required with the OAuth authentication method.stringfalse

BasicAuth #

BasicAuth allow an endpoint to authenticate over basic authentication

Appears in:

FieldDescriptionSchemeRequired
passwordPassword defines reference for secret with password value
The secret needs to be in the same namespace as scrape object
SecretKeySelectorfalse
password_filePasswordFile defines path to password file at disk
must be pre-mounted
stringfalse
usernameUsername defines reference for secret with username value
The secret needs to be in the same namespace as scrape object
SecretKeySelectorfalse

BearerAuth #

BearerAuth defines auth with bearer token

Appears in:

FieldDescriptionSchemeRequired
bearerTokenFilePath to bearer token filestringfalse
bearerTokenSecretOptional bearer auth token to use for -remoteWrite.urlSecretKeySelectorfalse

CRDRef #

CRDRef describe CRD target reference.

Appears in:

FieldDescriptionSchemeRequired
kindKind one of:
VMAgent,VMAlert, VMSingle, VMCluster/vmselect, VMCluster/vmstorage,VMCluster/vminsert or VMAlertManager
stringtrue
nameName target CRD object namestringtrue
namespaceNamespace target CRD object namespace.stringtrue

Certs #

Certs defines TLS certs configuration

Appears in:

FieldDescriptionSchemeRequired
cert_fileCertFile defines path to the pre-mounted file with certificate
mutually exclusive with CertSecretRef
stringfalse
cert_secret_refCertSecretRef defines reference for secret with certificate content under given key
mutually exclusive with CertFile
SecretKeySelectorfalse
key_fileKeyFile defines path to the pre-mounted file with certificate key
mutually exclusive with KeySecretRef
stringfalse
key_secret_refKey defines reference for secret with certificate key content under given key
mutually exclusive with KeyFile
SecretKeySelectorfalse

CommonApplicationDeploymentParams #

CommonApplicationDeploymentParams defines common params for deployment and statefulset specifications

Appears in:

FieldDescriptionSchemeRequired
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
replicaCountReplicaCount is the expected size of the Application.integerfalse
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

CommonConfigReloaderParams #

Appears in:

FieldDescriptionSchemeRequired
configReloaderExtraArgsConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
object (keys:string, values:string)false
configReloaderImageTagConfigReloaderImageTag defines image:tag for config-reloader containerstringfalse
configReloaderResourcesConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
useVMConfigReloaderUseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates
booleanfalse

CommonDefaultableParams #

CommonDefaultableParams contains Application settings with known values populated from operator configuration

Appears in:

FieldDescriptionSchemeRequired
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
portPort listen addressstringfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse

Condition #

Condition defines status condition of the resource

Appears in:

FieldDescriptionSchemeRequired
lastTransitionTimelastTransitionTime is the last time the condition transitioned from one status to another.Timetrue
lastUpdateTimeLastUpdateTime is the last time of given type update.
This value is used for status TTL update and removal
Timetrue
messagemessage is a human readable message indicating details about the transition.
This may be an empty string.
stringfalse
observedGenerationobservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
integerfalse
reasonreason contains a programmatic identifier indicating the reason for the condition’s last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
stringtrue
typeType of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase.stringtrue

ConfigMapKeyReference #

ConfigMapKeyReference refers to a key in a ConfigMap.

Appears in:

FieldDescriptionSchemeRequired
keyThe ConfigMap key to refer to.stringtrue

ConsulSDConfig #

ConsulSDConfig defines a Consul service discovery configuration. See here

Appears in:

FieldDescriptionSchemeRequired
allowStaleAllow stale Consul results (see https://developer.hashicorp.com/consul/api-docs/features/consistency). Will reduce load on Consul.
If unset, use its default value.
booleanfalse
authorizationAuthorization header to use on every scrape request.Authorizationfalse
basicAuthBasicAuth information to use on every scrape request.BasicAuthfalse
datacenterConsul Datacenter name, if not provided it will use the local Consul Agent Datacenter.stringfalse
followRedirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
If unset, use its default value.
booleanfalse
namespaceNamespaces are only supported in Consul Enterprise.stringfalse
nodeMetaNode metadata key/value pairs to filter nodes for a given service.object (keys:string, values:string)false
oauth2OAuth2 defines auth configurationOAuth2false
partitionAdmin Partitions are only supported in Consul Enterprise.stringfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping
See feature description
ProxyAuthfalse
schemeHTTP Scheme default “http”stringfalse
serverA valid string consisting of a hostname or IP followed by an optional port number.stringtrue
servicesA list of services for which targets are retrieved. If omitted, all services are scraped.string arrayfalse
tagSeparatorThe string by which Consul tags are joined into the tag label.
If unset, use its default value.
stringfalse
tagsAn optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.string arrayfalse
tlsConfigTLS configuration to use on every scrape requestTLSConfigfalse
tokenRefConsul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent.SecretKeySelectorfalse

ContainerSecurityContext #

ContainerSecurityContext defines security context for each application container

Appears in:

FieldDescriptionSchemeRequired
allowPrivilegeEscalationAllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.
booleanfalse
capabilitiesThe capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.
Capabilitiesfalse
privilegedRun containers in privileged mode.
Processes in privileged containers are essentially equivalent to root on the host.
Note that this field cannot be set when spec.os.name is windows.
booleanfalse
procMountprocMount denotes the type of proc mount to use for the containers.
The default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
ProcMountTypefalse
readOnlyRootFilesystemWhether this containers has a read-only root filesystem.
Default is false.
Note that this field cannot be set when spec.os.name is windows.
booleanfalse

DNSSDConfig #

DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. The DNS servers to be contacted are read from /etc/resolv.conf. See here

Appears in:

FieldDescriptionSchemeRequired
namesA list of DNS domain names to be queried.string arraytrue
portThe port number used if the query type is not SRV
Ignored for SRV records
integerfalse
typestringfalse

DigitalOceanSDConfig #

DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean’s Droplets API. This service discovery uses the public IPv4 address by default, by that can be changed with relabeling. See here

Appears in:

FieldDescriptionSchemeRequired
authorizationAuthorization header to use on every scrape request.Authorizationfalse
followRedirectsConfigure whether HTTP requests follow HTTP 3xx redirects.booleanfalse
oauth2OAuth2 defines auth configurationOAuth2false
portThe port to scrape metrics from.integerfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping
See feature description
ProxyAuthfalse
tlsConfigTLS configuration to use on every scrape requestTLSConfigfalse

DiscordConfig #

Appears in:

FieldDescriptionSchemeRequired
http_configHTTP client configuration.HTTPConfigfalse
messageThe message body templatestringfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
titleThe message title templatestringfalse
webhook_urlThe discord webhook URL
one of urlSecret and url must be defined.
stringfalse
webhook_url_secretURLSecret defines secret name and key at the CRD namespace.
It must contain the webhook URL.
one of urlSecret and url must be defined.
SecretKeySelectorfalse

DiscoverySelector #

DiscoverySelector can be used at CRD components discovery

Appears in:

FieldDescriptionSchemeRequired
labelSelectorLabelSelectortrue
namespaceSelectorNamespaceSelectortrue

EC2Filter #

EC2Filter is the configuration for filtering EC2 instances.

Appears in:

FieldDescriptionSchemeRequired
namestringtrue
valuesstring arraytrue

EC2SDConfig #

EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets. See here

Appears in:

FieldDescriptionSchemeRequired
accessKeyAccessKey is the AWS API key.SecretKeySelectorfalse
filtersFilters can be used optionally to filter the instance list by other criteria.
Available filter criteria can be found here:
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html
EC2Filter arrayfalse
portThe port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
integerfalse
regionThe AWS regionstringfalse
roleARNAWS Role ARN, an alternative to using AWS API keys.stringfalse
secretKeySecretKey is the AWS API secret.SecretKeySelectorfalse

EmailConfig #

EmailConfig configures notifications via Email.

Appears in:

FieldDescriptionSchemeRequired
auth_identityThe identity to use for authentication.stringfalse
auth_passwordAuthPassword defines secret name and key at CRD namespace.SecretKeySelectorfalse
auth_secretAuthSecret defines secrent name and key at CRD namespace.
It must contain the CRAM-MD5 secret.
SecretKeySelectorfalse
auth_usernameThe username to use for authentication.stringfalse
fromThe sender address.
fallback to global setting if empty
stringfalse
headersFurther headers email header key/value pairs. Overrides any headers
previously set by the notification implementation.
object (keys:string, values:string)true
helloThe hostname to identify to the SMTP server.stringfalse
htmlThe HTML body of the email notification.stringfalse
require_tlsThe SMTP TLS requirement.
Note that Go does not support unencrypted connections to remote SMTP endpoints.
booleanfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
smarthostThe SMTP host through which emails are sent.
fallback to global setting if empty
stringfalse
textThe text body of the email notification.stringfalse
tls_configTLS configurationTLSConfigfalse
toThe email address to send notifications to.stringfalse

EmbeddedHPA #

EmbeddedHPA embeds HorizontalPodAutoScaler spec v2. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2/

Appears in:

FieldDescriptionSchemeRequired
behaviourHorizontalPodAutoscalerBehaviortrue
maxReplicasintegertrue
metricsMetricSpec arraytrue
minReplicasintegertrue

EmbeddedIngress #

EmbeddedIngress describes ingress configuration options.

Appears in:

FieldDescriptionSchemeRequired
annotationsAnnotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
object (keys:string, values:string)false
class_nameClassName defines ingress class name for VMAuthstringfalse
extraRulesExtraRules - additional rules for ingress,
must be checked for correctness by user.
IngressRule arrayfalse
extraTlsExtraTLS - additional TLS configuration for ingress
must be checked for correctness by user.
IngressTLS arrayfalse
hostHost defines ingress host parameter for default rule
It will be used, only if TlsHosts is empty
stringfalse
labelsLabels Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
object (keys:string, values:string)false
nameName must be unique within a namespace. Is required when creating resources, although
some resources may allow a client to request the generation of an appropriate name
automatically. Name is primarily intended for creation idempotence and configuration
definition.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
stringfalse
tlsHostsTlsHosts configures TLS access for ingress, tlsSecretName must be defined for it.string arraytrue
tlsSecretNameTlsSecretName defines secretname at the VMAuth namespace with cert and key
https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
stringfalse

EmbeddedObjectMetadata #

EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included.

Appears in:

FieldDescriptionSchemeRequired
annotationsAnnotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
object (keys:string, values:string)false
labelsLabels Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
object (keys:string, values:string)false
nameName must be unique within a namespace. Is required when creating resources, although
some resources may allow a client to request the generation of an appropriate name
automatically. Name is primarily intended for creation idempotence and configuration
definition.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
stringfalse

EmbeddedPersistentVolumeClaim #

EmbeddedPersistentVolumeClaim is an embedded version of k8s.io/api/core/v1.PersistentVolumeClaim. It contains TypeMeta and a reduced ObjectMeta.

Appears in:

FieldDescriptionSchemeRequired
metadataRefer to Kubernetes API documentation for fields of metadata.EmbeddedObjectMetadatafalse
specSpec defines the desired characteristics of a volume requested by a pod author.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
PersistentVolumeClaimSpecfalse

EmbeddedPodDisruptionBudgetSpec #

Appears in:

FieldDescriptionSchemeRequired
maxUnavailableAn eviction is allowed if at most “maxUnavailable” pods selected by
“selector” are unavailable after the eviction, i.e. even in absence of
the evicted pod. For example, one can prevent all voluntary evictions
by specifying 0. This is a mutually exclusive setting with “minAvailable”.
IntOrStringfalse
minAvailableAn eviction is allowed if at least “minAvailable” pods selected by
“selector” will still be available after the eviction, i.e. even in the
absence of the evicted pod. So for example you can prevent all voluntary
evictions by specifying “100%”.
IntOrStringfalse
selectorLabelsreplaces default labels selector generated by operator
it’s useful when you need to create custom budget
object (keys:string, values:string)false

EmbeddedProbes #

EmbeddedProbes - it allows to override some probe params. its not necessary to specify all options, operator will replace missing spec with default values.

Appears in:

FieldDescriptionSchemeRequired
livenessProbeLivenessProbe that will be added CRD podProbefalse
readinessProbeReadinessProbe that will be added CRD podProbefalse
startupProbeStartupProbe that will be added to CRD podProbefalse

Endpoint #

Endpoint defines a scrapeable endpoint serving metrics.

Appears in:

FieldDescriptionSchemeRequired
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse
authorizationAuthorization with http header AuthorizationAuthorizationfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authenticationBasicAuthfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
SecretKeySelectorfalse
follow_redirectsFollowRedirects controls redirects for scraping.booleanfalse
honorLabelsHonorLabels chooses the metric’s labels on collisions with target labels.booleanfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.booleanfalse
intervalInterval at which metrics should be scrapedstringfalse
max_scrape_sizeMaxScrapeSize defines a maximum size of scraped data for a jobstringfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples after scrapping.RelabelConfig arrayfalse
oauth2OAuth2 defines auth configurationOAuth2false
paramsOptional HTTP URL parametersobject (keys:string, values:string array)false
pathHTTP path to scrape for metrics.stringfalse
portName of the port exposed at Service.stringfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
relabelConfigsRelabelConfigs to apply to samples during service discovery.RelabelConfig arrayfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
schemeHTTP scheme to use for scraping.stringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
stringfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse
targetPortTargetPort
Name or number of the pod port this endpoint refers to. Mutually exclusive with port.
IntOrStringfalse
tlsConfigTLSConfig configuration to use when scraping the endpointTLSConfigfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parametersVMScrapeParamsfalse

EndpointAuth #

EndpointAuth defines target endpoint authorization options for scrapping

Appears in:

FieldDescriptionSchemeRequired
authorizationAuthorization with http header AuthorizationAuthorizationfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authenticationBasicAuthfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
SecretKeySelectorfalse
oauth2OAuth2 defines auth configurationOAuth2false
tlsConfigTLSConfig configuration to use when scraping the endpointTLSConfigfalse

EndpointRelabelings #

EndpointRelabelings defines service discovery and metrics relabeling configuration for endpoints

Appears in:

FieldDescriptionSchemeRequired
metricRelabelConfigsMetricRelabelConfigs to apply to samples after scrapping.RelabelConfig arrayfalse
relabelConfigsRelabelConfigs to apply to samples during service discovery.RelabelConfig arrayfalse

EndpointScrapeParams #

ScrapeTargetParams defines common configuration params for all scrape endpoint targets

Appears in:

FieldDescriptionSchemeRequired
follow_redirectsFollowRedirects controls redirects for scraping.booleanfalse
honorLabelsHonorLabels chooses the metric’s labels on collisions with target labels.booleanfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.booleanfalse
intervalInterval at which metrics should be scrapedstringfalse
max_scrape_sizeMaxScrapeSize defines a maximum size of scraped data for a jobstringfalse
paramsOptional HTTP URL parametersobject (keys:string, values:string array)false
pathHTTP path to scrape for metrics.stringfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
schemeHTTP scheme to use for scraping.stringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
stringfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parametersVMScrapeParamsfalse

ExternalConfig #

ExternalConfig defines external source of configuration

Appears in:

FieldDescriptionSchemeRequired
localPathLocalPath contains static path to a config, which is managed externally for cases
when using secrets is not applicable, e.g.: Vault sidecar.
stringfalse
secretRefSecretRef defines selector for externally managed secret which contains configurationSecretKeySelectorfalse

FileSDConfig #

FileSDConfig defines a file service discovery configuration. See here

Appears in:

FieldDescriptionSchemeRequired
filesList of files to be used for file discovery.string arraytrue

GCESDConfig #

GCESDConfig configures scrape targets from GCP GCE instances. The private IP address is used by default, but may be changed to the public IP address with relabeling. See here

The GCE service discovery will load the Google Cloud credentials from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform

Appears in:

FieldDescriptionSchemeRequired
filterFilter can be used optionally to filter the instance list by other criteria
Syntax of this filter is described in the filter query parameter section:
https://cloud.google.com/compute/docs/reference/latest/instances/list
stringfalse
portThe port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
integerfalse
projectThe Google Cloud Project IDstringtrue
tagSeparatorThe tag separator is used to separate the tags on concatenationstringfalse
zoneThe zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs.stringtrue

HTTPAuth #

HTTPAuth generic auth used with http protocols

Appears in:

FieldDescriptionSchemeRequired
basicAuthBasicAuthfalse
headersHeaders allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
string arrayfalse
oauth2OAuth2false
tlsConfigTLSConfigfalse

HTTPConfig #

HTTPConfig defines a client HTTP configuration for VMAlertmanagerConfig objects See https://prometheus.io/docs/alerting/latest/configuration/#http_config

Appears in:

FieldDescriptionSchemeRequired
authorizationAuthorization header configuration for the client.
This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
Authorizationfalse
basic_authBasicAuth for the client.BasicAuthfalse
bearer_token_fileBearerTokenFile defines filename for bearer token, it must be mounted to pod.stringfalse
bearer_token_secretThe secret’s key that contains the bearer token
It must be at them same namespace as CRD
SecretKeySelectorfalse
oauth2OAuth2 client credentials used to fetch a token for the targets.OAuth2false
proxyURLOptional proxy URL.stringfalse
tls_configTLS configuration for the client.TLSConfigfalse

HTTPSDConfig #

HTTPSDConfig defines a HTTP service discovery configuration. See here

Appears in:

FieldDescriptionSchemeRequired
authorizationAuthorization header to use on every scrape request.Authorizationfalse
basicAuthBasicAuth information to use on every scrape request.BasicAuthfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping
See feature description
ProxyAuthfalse
tlsConfigTLS configuration to use on every scrape requestTLSConfigfalse
urlURL from which the targets are fetched.stringtrue

Image #

Image defines docker image settings

Appears in:

FieldDescriptionSchemeRequired
pullPolicyPullPolicy describes how to pull docker imagePullPolicytrue
repositoryRepository contains name of docker image + it’s repository if neededstringtrue
tagTag contains desired docker image versionstringtrue

ImageConfig #

ImageConfig is used to attach images to the incident. See https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event#the-images-property for more information.

Appears in:

FieldDescriptionSchemeRequired
altstringfalse
hrefstringfalse
sourcestringtrue

InhibitRule #

InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. Note, it doesn’t support deprecated alertmanager config options. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule

Appears in:

FieldDescriptionSchemeRequired
equalLabels that must have an equal value in the source and target alert for
the inhibition to take effect.
string arrayfalse
source_matchersSourceMatchers defines a list of matchers for which one or more alerts have
to exist for the inhibition to take effect.
string arrayfalse
target_matchersTargetMatchers defines a list of matchers that have to be fulfilled by the target
alerts to be muted.
string arrayfalse

InsertPorts #

Appears in:

FieldDescriptionSchemeRequired
graphitePortGraphitePort listen portstringfalse
influxPortInfluxPort listen portstringfalse
openTSDBHTTPPortOpenTSDBHTTPPort for http connections.stringfalse
openTSDBPortOpenTSDBPort for tcp and udp listenstringfalse

K8SSelectorConfig #

K8SSelectorConfig is Kubernetes Selector Config

Appears in:

FieldDescriptionSchemeRequired
fieldstringtrue
labelstringtrue
rolestringtrue

KubernetesSDConfig #

KubernetesSDConfig allows retrieving scrape targets from Kubernetes’ REST API. See here

Appears in:

FieldDescriptionSchemeRequired
apiServerThe API server address consisting of a hostname or IP address followed
by an optional port number.
If left empty, assuming process is running inside
of the cluster. It will discover API servers automatically and use the pod’s
CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
stringfalse
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse
authorizationAuthorization header to use on every scrape request.Authorizationfalse
basicAuthBasicAuth information to use on every scrape request.BasicAuthfalse
followRedirectsConfigure whether HTTP requests follow HTTP 3xx redirects.booleanfalse
namespacesOptional namespace discovery. If omitted, discover targets across all namespaces.NamespaceDiscoveryfalse
oauth2OAuth2 defines auth configurationOAuth2false
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping
See feature description
ProxyAuthfalse
roleRole of the Kubernetes entities that should be discovered.stringtrue
selectorsSelector to select objects.K8SSelectorConfig arrayfalse
tlsConfigTLS configuration to use on every scrape requestTLSConfigfalse

License #

License holds license key for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See here

Appears in:

FieldDescriptionSchemeRequired
forceOfflineEnforce offline verification of the license key.booleantrue
keyEnterprise license key. This flag is available only in VictoriaMetrics enterprise.
To request a trial license, go to
stringtrue
keyRefKeyRef is reference to secret with license key for enterprise features.SecretKeySelectortrue
reloadIntervalInterval to be used for checking for license key changes. Note that this is only applicable when using KeyRef.stringtrue

LinkConfig #

LinkConfig is used to attach text links to the incident. See https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event#the-links-property for more information.

Appears in:

FieldDescriptionSchemeRequired
hrefstringtrue
textstringtrue

MSTeamsConfig #

Appears in:

FieldDescriptionSchemeRequired
http_configHTTP client configuration.HTTPConfigfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
textThe text body of the teams notification.stringfalse
titleThe title of the teams notification.stringfalse
webhook_urlThe incoming webhook URL
one of urlSecret and url must be defined.
stringfalse
webhook_url_secretURLSecret defines secret name and key at the CRD namespace.
It must contain the webhook URL.
one of urlSecret and url must be defined.
SecretKeySelectorfalse

ManagedObjectsMetadata #

ManagedObjectsMetadata contains Labels and Annotations

Appears in:

FieldDescriptionSchemeRequired
annotationsAnnotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
object (keys:string, values:string)true
labelsLabels Map of string keys and values that can be used to organize and categorize
(scope and select) objects.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
object (keys:string, values:string)true

NamespaceDiscovery #

NamespaceDiscovery is the configuration for discovering Kubernetes namespaces.

Appears in:

FieldDescriptionSchemeRequired
namesList of namespaces where to watch for resources.
If empty and ownNamespace isn’t true, watch for resources in all namespaces.
string arrayfalse
ownNamespaceIncludes the namespace in which the pod exists to the list of watched namespaces.booleanfalse

NamespaceSelector #

NamespaceSelector is a selector for selecting either all namespaces or a list of namespaces.

Appears in:

FieldDescriptionSchemeRequired
anyBoolean describing whether all namespaces are selected in contrast to a
list restricting them.
booleanfalse
matchNamesList of namespace names.string arrayfalse

OAuth2 #

OAuth2 defines OAuth2 configuration

Appears in:

FieldDescriptionSchemeRequired
client_idThe secret or configmap containing the OAuth2 client idSecretOrConfigMaptrue
client_secretThe secret containing the OAuth2 client secretSecretKeySelectorfalse
client_secret_fileClientSecretFile defines path for client secret file.stringfalse
endpoint_paramsParameters to append to the token URLobject (keys:string, values:string)false
scopesOAuth2 scopes used for the token requeststring arrayfalse
token_urlThe URL to fetch the token fromstringtrue

OpenStackSDConfig #

OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. See here

Appears in:

FieldDescriptionSchemeRequired
allTenantsWhether the service discovery should list all instances for all projects.
It is only relevant for the ‘instance’ role and usually requires admin permissions.
booleanfalse
applicationCredentialIdApplicationCredentialIDstringfalse
applicationCredentialNameThe ApplicationCredentialID or ApplicationCredentialName fields are
required if using an application credential to authenticate. Some providers
allow you to create an application credential to authenticate rather than a
password.
stringfalse
applicationCredentialSecretThe applicationCredentialSecret field is required if using an application
credential to authenticate.
SecretKeySelectorfalse
availabilityAvailability of the endpoint to connect to.stringfalse
domainIDDomainIDstringfalse
domainNameAt most one of domainId and domainName must be provided if using username
with Identity V3. Otherwise, either are optional.
stringfalse
identityEndpointIdentityEndpoint specifies the HTTP endpoint that is required to work with
the Identity API of the appropriate version.
stringfalse
passwordPassword for the Identity V2 and V3 APIs. Consult with your provider’s
control panel to discover your account’s preferred method of authentication.
SecretKeySelectorfalse
portThe port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
integerfalse
projectIDProjectIDstringfalse
projectNameThe ProjectId and ProjectName fields are optional for the Identity V2 API.
Some providers allow you to specify a ProjectName instead of the ProjectId.
Some require both. Your provider’s authentication policies will determine
how these fields influence authentication.
stringfalse
regionThe OpenStack Region.stringtrue
roleThe OpenStack role of entities that should be discovered.stringtrue
tlsConfigTLS configuration to use on every scrape requestTLSConfigfalse
useridUserIDstringfalse
usernameUsername is required if using Identity V2 API. Consult with your provider’s
control panel to discover your account’s username.
In Identity V3, either userid or a combination of username
and domainId or domainName are needed
stringfalse

OpsGenieConfig #

OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config

Appears in:

FieldDescriptionSchemeRequired
actionsComma separated list of actions that will be available for the alert.stringtrue
apiURLThe URL to send OpsGenie API requests to.stringfalse
api_keyThe secret’s key that contains the OpsGenie API key.
It must be at them same namespace as CRD
fallback to global setting if empty
SecretKeySelectorfalse
descriptionDescription of the incident.stringfalse
detailsA set of arbitrary key/value pairs that provide further detail about the incident.object (keys:string, values:string)false
entityOptional field that can be used to specify which domain alert is related to.stringtrue
http_configHTTP client configuration.HTTPConfigfalse
messageAlert text limited to 130 characters.stringfalse
noteAdditional alert note.stringfalse
priorityPriority level of alert. Possible values are P1, P2, P3, P4, and P5.stringfalse
respondersList of responders responsible for notifications.OpsGenieConfigResponder arrayfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
sourceBacklink to the sender of the notification.stringfalse
tagsComma separated list of tags attached to the notifications.stringfalse
update_alertsWhether to update message and description of the alert in OpsGenie if it already exists
By default, the alert is never updated in OpsGenie, the new message only appears in activity log.
booleantrue

OpsGenieConfigResponder #

OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined.

Appears in:

FieldDescriptionSchemeRequired
idID of the responder.stringfalse
nameName of the responder.stringfalse
typeType of responder.stringtrue
usernameUsername of the responder.stringfalse

PagerDutyConfig #

PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config

Appears in:

FieldDescriptionSchemeRequired
classThe class/type of the event.stringfalse
clientClient identification.stringfalse
client_urlBacklink to the sender of notification.stringfalse
componentThe part or component of the affected system that is broken.stringfalse
descriptionDescription of the incident.stringfalse
detailsArbitrary key/value pairs that provide further detail about the incident.object (keys:string, values:string)false
groupA cluster or grouping of sources.stringfalse
http_configHTTP client configuration.HTTPConfigfalse
imagesImages to attach to the incident.ImageConfig arrayfalse
linksLinks to attach to the incident.LinkConfig arrayfalse
routing_keyThe secret’s key that contains the PagerDuty integration key (when using
Events API v2). Either this field or serviceKey needs to be defined.
It must be at them same namespace as CRD
SecretKeySelectorfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
service_keyThe secret’s key that contains the PagerDuty service key (when using
integration type “Prometheus”). Either this field or routingKey needs to
be defined.
It must be at them same namespace as CRD
SecretKeySelectorfalse
severitySeverity of the incident.stringfalse
urlThe URL to send requests to.stringfalse

PodMetricsEndpoint #

PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving metrics.

Appears in:

FieldDescriptionSchemeRequired
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse
authorizationAuthorization with http header AuthorizationAuthorizationfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authenticationBasicAuthfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
SecretKeySelectorfalse
filterRunningFilterRunning applies filter with pod status == running
it prevents from scrapping metrics at failed or succeed state pods.
enabled by default
booleanfalse
follow_redirectsFollowRedirects controls redirects for scraping.booleanfalse
honorLabelsHonorLabels chooses the metric’s labels on collisions with target labels.booleanfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.booleanfalse
intervalInterval at which metrics should be scrapedstringfalse
max_scrape_sizeMaxScrapeSize defines a maximum size of scraped data for a jobstringfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples after scrapping.RelabelConfig arrayfalse
oauth2OAuth2 defines auth configurationOAuth2false
paramsOptional HTTP URL parametersobject (keys:string, values:string array)false
pathHTTP path to scrape for metrics.stringfalse
portName of the port exposed at Pod.stringfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
relabelConfigsRelabelConfigs to apply to samples during service discovery.RelabelConfig arrayfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
schemeHTTP scheme to use for scraping.stringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
stringfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse
targetPortTargetPort
Name or number of the pod port this endpoint refers to. Mutually exclusive with port.
IntOrStringfalse
tlsConfigTLSConfig configuration to use when scraping the endpointTLSConfigfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parametersVMScrapeParamsfalse

ProbeTargetIngress #

ProbeTargetIngress defines the set of Ingress objects considered for probing.

Appears in:

FieldDescriptionSchemeRequired
namespaceSelectorSelect Ingress objects by namespace.NamespaceSelectortrue
relabelingConfigsRelabelConfigs to apply to samples during service discovery.RelabelConfig arraytrue
selectorSelect Ingress objects by labels.LabelSelectortrue

ProxyAuth #

ProxyAuth represent proxy auth config Only VictoriaMetrics scrapers supports it. See https://github.com/VictoriaMetrics/VictoriaMetrics/commit/a6a71ef861444eb11fe8ec6d2387f0fc0c4aea87

Appears in:

FieldDescriptionSchemeRequired
basic_authBasicAuthtrue
bearer_tokenSecretKeySelectortrue
bearer_token_filestringtrue
tls_configTLSConfigtrue

PushoverConfig #

PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config

Appears in:

FieldDescriptionSchemeRequired
expireHow long your notification will continue to be retried for, unless the user
acknowledges the notification.
stringfalse
htmlWhether notification message is HTML or plain text.booleanfalse
http_configHTTP client configuration.HTTPConfigfalse
messageNotification message.stringfalse
priorityPriority, see https://pushover.net/api#prioritystringfalse
retryHow often the Pushover servers will send the same notification to the user.
Must be at least 30 seconds.
stringfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
soundThe name of one of the sounds supported by device clients to override the user’s default sound choicestringfalse
titleNotification title.stringfalse
tokenThe secret’s key that contains the registered application’s API token, see https://pushover.net/apps.
It must be at them same namespace as CRD
SecretKeySelectortrue
urlA supplementary URL shown alongside the message.stringfalse
url_titleA title for supplementary URL, otherwise just the URL is shownstringfalse
user_keyThe secret’s key that contains the recipient user’s user key.
It must be at them same namespace as CRD
SecretKeySelectortrue

Receiver #

Receiver defines one or more notification integrations.

Appears in:

FieldDescriptionSchemeRequired
discord_configsDiscordConfig arrayfalse
email_configsEmailConfigs defines email notification configurations.EmailConfig arrayfalse
msteams_configsMSTeamsConfig arrayfalse
nameName of the receiver. Must be unique across all items from the list.stringtrue
opsgenie_configsOpsGenieConfigs defines ops genie notification configurations.OpsGenieConfig arrayfalse
pagerduty_configsPagerDutyConfigs defines pager duty notification configurations.PagerDutyConfig arrayfalse
pushover_configsPushoverConfigs defines push over notification configurations.PushoverConfig arrayfalse
slack_configsSlackConfigs defines slack notification configurations.SlackConfig arrayfalse
sns_configsSnsConfig arrayfalse
telegram_configsTelegramConfig arrayfalse
victorops_configsVictorOpsConfigs defines victor ops notification configurations.VictorOpsConfig arrayfalse
webex_configsWebexConfig arrayfalse
webhook_configsWebhookConfigs defines webhook notification configurations.WebhookConfig arrayfalse
wechat_configsWeChatConfigs defines wechat notification configurations.WeChatConfig arrayfalse

RelabelConfig #

RelabelConfig allows dynamic rewriting of the label set More info: https://docs.victoriametrics.com/#relabeling

Appears in:

FieldDescriptionSchemeRequired
actionAction to perform based on regex matching. Default is ‘replace’stringfalse
ifIf represents metricsQL match expression (or list of expressions): ‘{name=~“foo_.*”}’StringOrArrayfalse
labelsLabels is used together with Match for action: graphiteobject (keys:string, values:string)false
matchMatch is used together with Labels for action: graphitestringfalse
modulusModulus to take of the hash of the source label values.integerfalse
regexRegular expression against which the extracted value is matched. Default is ‘(.*)’
victoriaMetrics supports multiline regex joined with |
https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
StringOrArrayfalse
replacementReplacement value against which a regex replace is performed if the
regular expression matches. Regex capture groups are available. Default is ‘$1’
stringfalse
separatorSeparator placed between concatenated source label values. default is ‘;’.stringfalse
sourceLabelsThe source labels select values from existing labels. Their content is concatenated
using the configured separator and matched against the configured regular expression
for the replace, keep, and drop actions.
string arrayfalse
source_labelsUnderScoreSourceLabels - additional form of source labels source_labels
for compatibility with original relabel config.
if set both sourceLabels and source_labels, sourceLabels has priority.
for details https://github.com/VictoriaMetrics/operator/issues/131
string arrayfalse
targetLabelLabel to which the resulting value is written in a replace action.
It is mandatory for replace actions. Regex capture groups are available.
stringfalse
target_labelUnderScoreTargetLabel - additional form of target label - target_label
for compatibility with original relabel config.
if set both targetLabel and target_label, targetLabel has priority.
for details https://github.com/VictoriaMetrics/operator/issues/131
stringfalse

Route #

Route defines a node in the routing tree.

Appears in:

FieldDescriptionSchemeRequired
active_time_intervalsActiveTimeIntervals Times when the route should be active
These must match the name at time_intervals
string arrayfalse
continueContinue indicating whether an alert should continue matching subsequent
sibling nodes. It will always be true for the first-level route if disableRouteContinueEnforce for vmalertmanager not set.
booleanfalse
group_byList of labels to group by.string arrayfalse
group_intervalHow long to wait before sending an updated notification.stringfalse
group_waitHow long to wait before sending the initial notification.stringfalse
matchersList of matchers that the alert’s labels should match. For the first
level route, the operator adds a namespace: “CRD_NS” matcher.
https://prometheus.io/docs/alerting/latest/configuration/#matcher
string arrayfalse
mute_time_intervalsMuteTimeIntervals is a list of interval names that will mute matched alertstring arrayfalse
receiverName of the receiver for this route.stringtrue
repeat_intervalHow long to wait before repeating the last notification.stringfalse
routesChild routes.
https://prometheus.io/docs/alerting/latest/configuration/#route
JSON arraytrue

Rule #

Rule describes an alerting or recording rule.

Appears in:

FieldDescriptionSchemeRequired
alertAlert is a name for alertstringfalse
annotationsAnnotations will be added to rule configurationobject (keys:string, values:string)false
debugDebug enables logging for rule
it useful for tracking
booleanfalse
exprExpr is query, that will be evaluated at dataSourcestringfalse
forFor evaluation interval in time.Duration format
30s, 1m, 1h or nanoseconds
stringfalse
keep_firing_forKeepFiringFor will make alert continue firing for this long
even when the alerting expression no longer has results.
Use time.Duration format, 30s, 1m, 1h or nanoseconds
stringfalse
labelsLabels will be added to rule configurationobject (keys:string, values:string)false
recordRecord represents a query, that will be recorded to dataSourcestringfalse
update_entries_limitUpdateEntriesLimit defines max number of rule’s state updates stored in memory.
Overrides -rule.updateEntriesLimit in vmalert.
integerfalse

RuleGroup #

RuleGroup is a list of sequentially evaluated recording and alerting rules.

Appears in:

FieldDescriptionSchemeRequired
concurrencyConcurrency defines how many rules execute at once.integerfalse
eval_alignmentOptional
The evaluation timestamp will be aligned with group’s interval,
instead of using the actual timestamp that evaluation happens at.
It is enabled by default to get more predictable results
and to visually align with graphs plotted via Grafana or vmui.
booleantrue
eval_delayOptional
Adjust the time parameter of group evaluation requests to compensate intentional query delay from the datasource.
stringtrue
eval_offsetOptional
Group will be evaluated at the exact offset in the range of [0…interval].
stringtrue
extra_filter_labelsExtraFilterLabels optional list of label filters applied to every rule’s
request within a group. Is compatible only with VM datasource.
See more details here
Deprecated, use params instead
object (keys:string, values:string)false
headersHeaders contains optional HTTP headers added to each rule request
Must be in form header-name: value
For example:
headers:
- “CustomHeader: foo”
- “CustomHeader2: bar”
string arrayfalse
intervalevaluation interval for groupstringfalse
labelsLabels optional list of labels added to every rule within a group.
It has priority over the external labels.
Labels are commonly used for adding environment
or tenant-specific tag.
object (keys:string, values:string)false
limitLimit the number of alerts an alerting rule and series a recording
rule can produce
integerfalse
nameName of groupstringtrue
notifier_headersNotifierHeaders contains optional HTTP headers added to each alert request which will send to notifier
Must be in form header-name: value
For example:
headers:
- “CustomHeader: foo”
- “CustomHeader2: bar”
string arrayfalse
paramsParams optional HTTP URL parameters added to each rule requestValuesfalse
rulesRules list of alert rulesRule arraytrue
tenantTenant id for group, can be used only with enterprise version of vmalert.
See more details here.
stringfalse
typeType defines datasource type for enterprise version of vmalert
possible values - prometheus,graphite,vlogs
stringfalse

SecretOrConfigMap #

SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.

Appears in:

FieldDescriptionSchemeRequired
configMapConfigMap containing data to use for the targets.ConfigMapKeySelectorfalse
secretSecret containing data to use for the targets.SecretKeySelectorfalse

SecurityContext #

SecurityContext extends PodSecurityContext with ContainerSecurityContext It allows to globally configure security params for pod and all containers

Appears in:

Sigv4Config #

Appears in:

FieldDescriptionSchemeRequired
access_keyThe AWS API keys. Both access_key and secret_key must be supplied or both must be blank.
If blank the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are used.
stringfalse
access_key_selectorsecret key selector to get the keys from a Kubernetes SecretSecretKeySelectorfalse
profileNamed AWS profile used to authenticatestringfalse
regionAWS region, if blank the region from the default credentials chain is usedstringfalse
role_arnAWS Role ARN, an alternative to using AWS API keysstringfalse
secret_key_selectorsecret key selector to get the keys from a Kubernetes SecretSecretKeySelectorfalse

SlackAction #

SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.

Appears in:

FieldDescriptionSchemeRequired
confirmSlackConfirmationFieldfalse
namestringfalse
stylestringfalse
textstringtrue
typestringtrue
urlstringfalse
valuestringfalse

SlackConfig #

SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config

Appears in:

FieldDescriptionSchemeRequired
actionsA list of Slack actions that are sent with each notification.SlackAction arrayfalse
api_urlThe secret’s key that contains the Slack webhook URL.
It must be at them same namespace as CRD
fallback to global setting if empty
SecretKeySelectorfalse
callback_idstringfalse
channelThe channel or user to send notifications to.stringfalse
colorstringfalse
fallbackstringfalse
fieldsA list of Slack fields that are sent with each notification.SlackField arrayfalse
footerstringfalse
http_configHTTP client configuration.HTTPConfigfalse
icon_emojistringfalse
icon_urlstringfalse
image_urlstringfalse
link_namesbooleanfalse
mrkdwn_instring arrayfalse
pretextstringfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
short_fieldsbooleanfalse
textstringfalse
thumb_urlstringfalse
titlestringfalse
title_linkstringfalse
usernamestringfalse

SlackConfirmationField #

SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.

Appears in:

FieldDescriptionSchemeRequired
dismiss_textstringfalse
ok_textstringfalse
textstringtrue
titlestringfalse

SlackField #

SlackField configures a single Slack field that is sent with each notification. See https://api.slack.com/docs/message-attachments#fields for more information.

Appears in:

FieldDescriptionSchemeRequired
shortbooleanfalse
titlestringtrue
valuestringtrue

SnsConfig #

Appears in:

FieldDescriptionSchemeRequired
api_urlThe api URLstringfalse
attributesSNS message attributesobject (keys:string, values:string)false
http_configHTTP client configuration.HTTPConfigfalse
messageThe message content of the SNS notification.stringfalse
phone_numberPhone number if message is delivered via SMS
Specify this, topic_arn or target_arn
stringtrue
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
sigv4Configure the AWS Signature Verification 4 signing processSigv4Configtrue
subjectThe subject line if message is delivered to an email endpoint.stringfalse
target_arnMobile platform endpoint ARN if message is delivered via mobile notifications
Specify this, topic_arn or phone_number
stringfalse
topic_arnSNS topic ARN, either specify this, phone_number or target_arnstringfalse

StaticConfig #

StaticConfig defines a static configuration. See here

Appears in:

FieldDescriptionSchemeRequired
labelsLabels assigned to all metrics scraped from the targets.object (keys:string, values:string)false
targetsList of targets for this static configuration.string arrayfalse

StaticRef #

StaticRef - user-defined routing host address.

Appears in:

FieldDescriptionSchemeRequired
urlURL http url for given staticRef.stringtrue
urlsURLs allows setting multiple urls for load-balancing at vmauth-side.string arrayfalse

StatusMetadata #

StatusMetadata holds metadata of application update status

Appears in:

FieldDescriptionSchemeRequired
conditionsKnown .status.conditions.type are: “Available”, “Progressing”, and “Degraded”Condition arraytrue
observedGenerationObservedGeneration defines current generation picked by operator for the
reconcile
integertrue
reasonReason defines human readadble error reasonstringtrue
updateStatusUpdateStatus defines a status for update rolloutUpdateStatustrue

StorageSpec #

StorageSpec defines the configured storage for a group Prometheus servers. If neither emptyDir nor volumeClaimTemplate is specified, then by default an EmptyDir will be used.

Appears in:

FieldDescriptionSchemeRequired
disableMountSubPathDeprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary.
DisableMountSubPath allows to remove any subPath usage in volume mounts.
booleanfalse
emptyDirEmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More
info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
EmptyDirVolumeSourcefalse
volumeClaimTemplateA PVC spec to be used by the VMAlertManager StatefulSets.EmbeddedPersistentVolumeClaimfalse

StreamAggrConfig #

StreamAggrConfig defines the stream aggregation config

Appears in:

FieldDescriptionSchemeRequired
configmapConfigMap with stream aggregation rulesConfigMapKeySelectorfalse
dedupIntervalAllows setting different de-duplication intervals per each configured remote storagestringfalse
dropInputAllow drop all the input samples after the aggregationbooleanfalse
dropInputLabelslabels to drop from samples for aggregator before stream de-duplication and aggregationstring arrayfalse
ignoreFirstIntervalsIgnoreFirstIntervals instructs to ignore first intervalintegerfalse
ignoreOldSamplesIgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.booleanfalse
keepInputAllows writing both raw and aggregate databooleanfalse
rulesStream aggregation rulesStreamAggrRule arrayfalse

StreamAggrRule #

StreamAggrRule defines the rule in stream aggregation config

Appears in:

FieldDescriptionSchemeRequired
byBy is an optional list of labels for grouping input series.

See also Without.

If neither By nor Without are set, then the Outputs are calculated
individually per each input time series.
string arrayfalse
dedup_intervalDedupInterval is an optional interval for deduplication.stringfalse
drop_input_labelsDropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.

Labels are dropped before de-duplication and aggregation.
stringfalse
flush_on_shutdownFlushOnShutdown defines whether to flush the aggregation state on process termination
or config reload. Is false by default.
It is not recommended changing this setting, unless unfinished aggregations states
are preferred to missing data points.
booleanfalse
ignore_first_intervalsintegertrue
ignore_old_samplesIgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.booleanfalse
input_relabel_configsInputRelabelConfigs is an optional relabeling rules, which are applied on the input
before aggregation.
RelabelConfig arrayfalse
intervalInterval is the interval between aggregations.stringtrue
keep_metric_namesKeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.booleanfalse
matchMatch is a label selector (or list of label selectors) for filtering time series for the given selector.

If the match isn’t set, then all the input time series are processed.
StringOrArrayfalse
no_align_flush_to_intervalNoAlignFlushToInterval disables aligning of flushes to multiples of Interval.
By default flushes are aligned to Interval.
booleanfalse
output_relabel_configsOutputRelabelConfigs is an optional relabeling rules, which are applied
on the aggregated output before being sent to remote storage.
RelabelConfig arrayfalse
outputsOutputs is a list of output aggregate functions to produce.

The following names are allowed:

- total - aggregates input counters
- increase - counts the increase over input counters
- count_series - counts the input series
- count_samples - counts the input samples
- sum_samples - sums the input samples
- last - the last biggest sample value
- min - the minimum sample value
- max - the maximum sample value
- avg - the average value across all the samples
- stddev - standard deviation across all the samples
- stdvar - standard variance across all the samples
- histogram_bucket - creates VictoriaMetrics histogram for input samples
- quantiles(phi1, …, phiN) - quantiles’ estimation for phi in the range [0..1]

The output time series will have the following names:

input_name:aggr__
string arraytrue
staleness_intervalStaleness interval is interval after which the series state will be reset if no samples have been sent during it.
The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.
stringfalse
withoutWithout is an optional list of labels, which must be excluded when grouping input series.

See also By.

If neither By nor Without are set, then the Outputs are calculated
individually per each input time series.
string arrayfalse

StringOrArray #

Underlying type: string array

StringOrArray is a helper type for storing string or array of string.

Appears in:

TLSClientConfig #

TLSClientConfig defines TLS configuration for the application’s client

Appears in:

FieldDescriptionSchemeRequired
ca_fileCAFile defines path to the pre-mounted file with CA
mutually exclusive with CASecretRef
stringfalse
ca_secret_refCA defines reference for secret with CA content under given key
mutually exclusive with CAFile
SecretKeySelectorfalse
cert_fileCertFile defines path to the pre-mounted file with certificate
mutually exclusive with CertSecretRef
stringfalse
cert_secret_refCertSecretRef defines reference for secret with certificate content under given key
mutually exclusive with CertFile
SecretKeySelectorfalse
insecure_skip_verifyCert defines reference for secret with CA content under given key
mutually exclusive with CertFile
booleanfalse
key_fileKeyFile defines path to the pre-mounted file with certificate key
mutually exclusive with KeySecretRef
stringfalse
key_secret_refKey defines reference for secret with certificate key content under given key
mutually exclusive with KeyFile
SecretKeySelectorfalse
server_nameServerName indicates a name of a serverstringfalse

TLSConfig #

TLSConfig specifies TLSConfig configuration parameters.

Appears in:

FieldDescriptionSchemeRequired
caStuct containing the CA cert to use for the targets.SecretOrConfigMapfalse
caFilePath to the CA cert in the container to use for the targets.stringfalse
certStruct containing the client cert file for the targets.SecretOrConfigMapfalse
certFilePath to the client cert file in the container for the targets.stringfalse
insecureSkipVerifyDisable target certificate validation.booleanfalse
keyFilePath to the client key file in the container for the targets.stringfalse
keySecretSecret containing the client key file for the targets.SecretKeySelectorfalse
serverNameUsed to verify the hostname for the targets.stringfalse

TLSServerConfig #

TLSServerConfig defines TLS configuration for the application’s server

Appears in:

FieldDescriptionSchemeRequired
cert_fileCertFile defines path to the pre-mounted file with certificate
mutually exclusive with CertSecretRef
stringfalse
cert_secret_refCertSecretRef defines reference for secret with certificate content under given key
mutually exclusive with CertFile
SecretKeySelectorfalse
cipher_suitesCipherSuites defines list of supported cipher suites for TLS versions up to TLS 1.2
https://golang.org/pkg/crypto/tls/#pkg-constants
string arrayfalse
client_auth_typeCert defines reference for secret with CA content under given key
mutually exclusive with CertFile
ClientAuthType defines server policy for client authentication
If you want to enable client authentication (aka mTLS), you need to use RequireAndVerifyClientCert
Note, mTLS is supported only at enterprise version of VictoriaMetrics components
stringfalse
client_ca_fileClientCAFile defines path to the pre-mounted file with CA
mutually exclusive with ClientCASecretRef
stringfalse
client_ca_secret_refClientCASecretRef defines reference for secret with CA content under given key
mutually exclusive with ClientCAFile
SecretKeySelectorfalse
curve_preferencesCurvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference order.
https://golang.org/pkg/crypto/tls/#CurveID
string arrayfalse
key_fileKeyFile defines path to the pre-mounted file with certificate key
mutually exclusive with KeySecretRef
stringfalse
key_secret_refKey defines reference for secret with certificate key content under given key
mutually exclusive with KeyFile
SecretKeySelectorfalse
max_versionMaxVersion maximum TLS version that is acceptable.stringfalse
min_versionMinVersion minimum TLS version that is acceptable.stringfalse
prefer_server_cipher_suitesPreferServerCipherSuites controls whether the server selects the
client’s most preferred ciphersuite
booleanfalse

TargetEndpoint #

TargetEndpoint defines single static target endpoint.

Appears in:

FieldDescriptionSchemeRequired
authorizationAuthorization with http header AuthorizationAuthorizationfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authenticationBasicAuthfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
SecretKeySelectorfalse
follow_redirectsFollowRedirects controls redirects for scraping.booleanfalse
honorLabelsHonorLabels chooses the metric’s labels on collisions with target labels.booleanfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.booleanfalse
intervalInterval at which metrics should be scrapedstringfalse
labelsLabels static labels for targets.object (keys:string, values:string)false
max_scrape_sizeMaxScrapeSize defines a maximum size of scraped data for a jobstringfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples after scrapping.RelabelConfig arrayfalse
oauth2OAuth2 defines auth configurationOAuth2false
paramsOptional HTTP URL parametersobject (keys:string, values:string array)false
pathHTTP path to scrape for metrics.stringfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
relabelConfigsRelabelConfigs to apply to samples during service discovery.RelabelConfig arrayfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
schemeHTTP scheme to use for scraping.stringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
stringfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse
targetsTargets static targets addresses in form of [“192.122.55.55:9100”,“some-name:9100”].string arraytrue
tlsConfigTLSConfig configuration to use when scraping the endpointTLSConfigfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parametersVMScrapeParamsfalse

TargetRef #

TargetRef describes target for user traffic forwarding. one of target types can be chosen: crd or static per targetRef. user can define multiple targetRefs with different ref Types.

Appears in:

FieldDescriptionSchemeRequired
URLMapCommonURLMapCommontrue
crdCRD describes exist operator’s CRD object,
operator generates access url based on CRD params.
CRDReffalse
hostsstring arraytrue
pathsPaths - matched path to route.string arrayfalse
staticStatic - user defined url for traffic forward,
for instance http://vmsingle:8429
StaticReffalse
targetRefBasicAuthTargetRefBasicAuth allow an target endpoint to authenticate over basic authenticationTargetRefBasicAuthfalse
target_path_suffixTargetPathSuffix allows to add some suffix to the target path
It allows to hide tenant configuration from user with crd as ref.
it also may contain any url encoded params.
stringfalse

TargetRefBasicAuth #

TargetRefBasicAuth target basic authentication

Appears in:

FieldDescriptionSchemeRequired
passwordThe secret in the service scrape namespace that contains the password
for authentication.
It must be at them same namespace as CRD
SecretKeySelectortrue
usernameThe secret in the service scrape namespace that contains the username
for authentication.
It must be at them same namespace as CRD
SecretKeySelectortrue

TelegramConfig #

TelegramConfig configures notification via telegram https://prometheus.io/docs/alerting/latest/configuration/#telegram_config

Appears in:

FieldDescriptionSchemeRequired
api_urlAPIUrl the Telegram API URL i.e. https://api.telegram.org.stringfalse
bot_tokenBotToken token for the bot
https://core.telegram.org/bots/api
SecretKeySelectortrue
chat_idChatID is ID of the chat where to send the messages.integertrue
disable_notificationsDisableNotificationsbooleanfalse
http_configHTTP client configuration.HTTPConfigfalse
messageMessage is templated messagestringfalse
parse_modeParseMode for telegram message,
supported values are MarkdownV2, Markdown, Markdown and empty string for plain text.
stringfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse

TimeInterval #

TimeInterval defines intervals of time

Appears in:

FieldDescriptionSchemeRequired
days_of_monthDayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted.
for example, [‘1:5’, ‘-3:-1’]
string arrayfalse
locationLocation in golang time location form, e.g. UTCstringfalse
monthsMonths defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1.
For example, [‘1:3’, ‘may:august’, ‘december’]
string arrayfalse
timesTimes defines time range for muteTimeRange arrayfalse
weekdaysWeekdays defines list of days of the week, where the week begins on Sunday and ends on Saturday.string arrayfalse
yearsYears defines numerical list of years, ranges are accepted.
For example, [‘2020:2022’, ‘2030’]
string arrayfalse

TimeIntervals #

TimeIntervals for alerts

Appears in:

FieldDescriptionSchemeRequired
nameName of intervalstringtrue
time_intervalsTimeIntervals interval configurationTimeInterval arraytrue

TimeRange #

TimeRange ranges inclusive of the starting time and exclusive of the end time

Appears in:

FieldDescriptionSchemeRequired
end_timeEndTime for example HH:MMstringtrue
start_timeStartTime for example HH:MMstringtrue

URLMapCommon #

URLMapCommon contains common fields for unauthorized user and user in vmuser

Appears in:

FieldDescriptionSchemeRequired
discover_backend_ipsDiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.booleantrue
drop_src_path_prefix_partsDropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
integerfalse
headersRequestHeaders represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
string arrayfalse
load_balancing_policyLoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
stringfalse
response_headersResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
string arrayfalse
retry_status_codesRetryStatusCodes defines http status codes in numeric format for request retries
Can be defined per target or at VMUser.spec level
e.g. [429,503]
integer arrayfalse
src_headersSrcHeaders is an optional list of headers, which must match request headers.string arraytrue
src_query_argsSrcQueryArgs is an optional list of query args, which must match request URL query args.string arraytrue

UnauthorizedAccessConfigURLMap #

UnauthorizedAccessConfigURLMap defines element of url_map routing configuration For UnauthorizedAccessConfig and VMAuthUnauthorizedUserAccessSpec.URLMap

Appears in:

FieldDescriptionSchemeRequired
URLMapCommonURLMapCommontrue
src_hostsSrcHosts is an optional list of regular expressions, which must match the request hostname.string arraytrue
src_pathsSrcPaths is an optional list of regular expressions, which must match the request path.string arraytrue
url_prefixUrlPrefix contains backend url prefixes for the proxied request url.
URLPrefix defines prefix prefix for destination
StringOrArraytrue

UpdateStatus #

Underlying type: string

UpdateStatus defines status for application

Appears in:

VLogs #

VLogs is fast, cost-effective and scalable logs database. VLogs is the Schema for the vlogs API

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVLogs
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVLogsSpectrue

VLogsSpec #

VLogsSpec defines the desired state of VLogs

Appears in:

FieldDescriptionSchemeRequired
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
futureRetentionFutureRetention for the stored logs
Log entries with timestamps bigger than now+futureRetention are rejected during data ingestion; see https://docs.victoriametrics.com/victorialogs/#retention
stringtrue
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
logFormatLogFormat for VLogs to be configured with.stringfalse
logIngestedRowsWhether to log all the ingested log entries; this can be useful for debugging of data ingestion; see https://docs.victoriametrics.com/victorialogs/data-ingestion/booleantrue
logLevelLogLevel for VictoriaLogs to be configured with.stringfalse
logNewStreamsLogNewStreams Whether to log creation of new streams; this can be useful for debugging of high cardinality issues with log streams; see https://docs.victoriametrics.com/victorialogs/keyconcepts/#stream-fieldsbooleantrue
managedMetadataManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
ManagedObjectsMetadatatrue
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VLogs pods.EmbeddedObjectMetadatafalse
portPort listen addressstringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
removePvcAfterDeleteRemovePvcAfterDelete - if true, controller adds ownership to pvc
and after VLogs object deletion - pvc will be garbage collected
by controller manager
booleanfalse
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
retentionPeriodRetentionPeriod for the stored logsstringtrue
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the podsstringfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vlogs VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecServiceSpec that will be added to vlogs service specAdditionalServiceSpecfalse
storageStorage is the definition of how storage will be used by the VLogs
by default it`s empty dir
PersistentVolumeClaimSpecfalse
storageDataPathStorageDataPath disables spec.storage option and overrides arg for victoria-logs binary –storageDataPath,
its users responsibility to mount proper device into given path.
stringfalse
storageMetadataStorageMeta defines annotations and labels attached to PVC for given vlogs CREmbeddedObjectMetadatafalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

VMAgent #

VMAgent - is a tiny but brave agent, which helps you collect metrics from various sources and stores them in VictoriaMetrics or any other Prometheus-compatible storage system that supports the remote_write protocol.

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAgent
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMAgentSpectrue

VMAgentRemoteWriteSettings #

VMAgentRemoteWriteSettings - defines global settings for all remoteWrite urls.

Appears in:

FieldDescriptionSchemeRequired
flushIntervalInterval for flushing the data to remote storage. (default 1s)stringfalse
labelLabels in the form ’name=value’ to add to all the metrics before sending them. This overrides the label if it already exists.object (keys:string, values:string)false
maxBlockSizeThe maximum size in bytes of unpacked request to send to remote storageintegerfalse
maxDiskUsagePerURLThe maximum file-based buffer size in bytes at -remoteWrite.tmpDataPathintegerfalse
queuesThe number of concurrent queuesintegerfalse
showURLWhether to show -remoteWrite.url in the exported metrics. It is hidden by default, since it can contain sensitive auth infobooleanfalse
tmpDataPathPath to directory where temporary data for remote write component is stored (default vmagent-remotewrite-data)stringfalse
useMultiTenantModeConfigures vmagent accepting data via the same multitenant endpoints as vminsert at VictoriaMetrics cluster does,
see here.
it’s global setting and affects all remote storage configurations
booleanfalse

VMAgentRemoteWriteSpec #

VMAgentRemoteWriteSpec defines the remote storage configuration for VmAgent

Appears in:

FieldDescriptionSchemeRequired
basicAuthBasicAuth allow an endpoint to authenticate over basic authenticationBasicAuthfalse
bearerTokenSecretOptional bearer auth token to use for -remoteWrite.urlSecretKeySelectorfalse
forceVMProtoForceVMProto forces using VictoriaMetrics protocol for sending data to -remoteWrite.urlbooleanfalse
headersHeaders allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName: headerValue
vmagent supports since 1.79.0 version
string arrayfalse
inlineUrlRelabelConfigInlineUrlRelabelConfig defines relabeling config for remoteWriteURL, it can be defined at crd spec.RelabelConfig arrayfalse
maxDiskUsageMaxDiskUsage defines the maximum file-based buffer size in bytes for -remoteWrite.urlstringfalse
oauth2OAuth2 defines auth configurationOAuth2false
sendTimeoutTimeout for sending a single block of data to -remoteWrite.url (default 1m0s)stringfalse
streamAggrConfigStreamAggrConfig defines stream aggregation configuration for VMAgent for -remoteWrite.urlStreamAggrConfigfalse
tlsConfigTLSConfig describes tls configuration for remote write targetTLSConfigfalse
urlURL of the endpoint to send samples to.stringtrue
urlRelabelConfigConfigMap with relabeling config which is applied to metrics before sending them to the corresponding -remoteWrite.urlConfigMapKeySelectorfalse

VMAgentSecurityEnforcements #

VMAgentSecurityEnforcements defines security configuration for endpoint scrapping

Appears in:

FieldDescriptionSchemeRequired
arbitraryFSAccessThroughSMsArbitraryFSAccessThroughSMs configures whether configuration
based on EndpointAuth can access arbitrary files on the file system
of the VMAgent container e.g. bearer token files, basic auth, tls certs
ArbitraryFSAccessThroughSMsConfigfalse
enforcedNamespaceLabelEnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
and metric that is user created. The label value will always be the namespace of the object that is
being created.
stringfalse
ignoreNamespaceSelectorsIgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from
scrape objects, and they will only discover endpoints
within their current namespace. Defaults to false.
booleanfalse
overrideHonorLabelsOverrideHonorLabels if set to true overrides all user configured honor_labels.
If HonorLabels is set in scrape objects to true, this overrides honor_labels to false.
booleanfalse
overrideHonorTimestampsOverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.booleanfalse

VMAgentSpec #

VMAgentSpec defines the desired state of VMAgent

Appears in:

FieldDescriptionSchemeRequired
aPIServerConfigAPIServerConfig allows specifying a host and auth methods to access apiserver.
If left empty, VMAgent is assumed to run inside of the cluster
and will discover API servers automatically and use the pod’s CA certificate
and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
APIServerConfigfalse
additionalScrapeConfigsAdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it
is valid. Note that using this feature may expose the possibility to
break upgrades of VMAgent. It is advised to review VMAgent release
notes to ensure that no incompatible scrape configs are going to break
VMAgent after the upgrade.
SecretKeySelectorfalse
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
arbitraryFSAccessThroughSMsArbitraryFSAccessThroughSMs configures whether configuration
based on EndpointAuth can access arbitrary files on the file system
of the VMAgent container e.g. bearer token files, basic auth, tls certs
ArbitraryFSAccessThroughSMsConfigfalse
claimTemplatesClaimTemplates allows adding additional VolumeClaimTemplates for VMAgent in StatefulModePersistentVolumeClaim arraytrue
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
configReloaderExtraArgsConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
object (keys:string, values:string)false
configReloaderImageTagConfigReloaderImageTag defines image:tag for config-reloader containerstringfalse
configReloaderResourcesConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
enforcedNamespaceLabelEnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
and metric that is user created. The label value will always be the namespace of the object that is
being created.
stringfalse
externalLabelsExternalLabels The labels to add to any time series scraped by vmagent.
it doesn’t affect metrics ingested directly by push API’s
object (keys:string, values:string)false
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
ignoreNamespaceSelectorsIgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from
scrape objects, and they will only discover endpoints
within their current namespace. Defaults to false.
booleanfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
ingestOnlyModeIngestOnlyMode switches vmagent into unmanaged mode
it disables any config generation for scraping
Currently it prevents vmagent from managing tls and auth options for remote write
booleanfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
inlineRelabelConfigInlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD.RelabelConfig arrayfalse
inlineScrapeConfigInlineScrapeConfig As scrape configs are appended, the user is responsible to make sure it
is valid. Note that using this feature may expose the possibility to
break upgrades of VMAgent. It is advised to review VMAgent release
notes to ensure that no incompatible scrape configs are going to break
VMAgent after the upgrade.
it should be defined as single yaml file.
inlineScrapeConfig: |
- job_name: “prometheus”
static_configs:
- targets: [“localhost:9090”]
stringfalse
insertPortsInsertPorts - additional listen ports for data ingestion.InsertPortstrue
licenseLicense allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
Licensefalse
logFormatLogFormat for VMAgent to be configured with.stringfalse
logLevelLogLevel for VMAgent to be configured with.
INFO, WARN, ERROR, FATAL, PANIC
stringfalse
managedMetadataManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
ManagedObjectsMetadatatrue
maxScrapeIntervalMaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes
If interval is higher than defined limit, maxScrapeInterval will be used.
stringtrue
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
minScrapeIntervalMinScrapeInterval allows limiting minimal scrape interval for VMServiceScrape, VMPodScrape and other scrapes
If interval is lower than defined limit, minScrapeInterval will be used.
stringtrue
nodeScrapeNamespaceSelectorNodeScrapeNamespaceSelector defines Namespaces to be selected for VMNodeScrape discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
nodeScrapeRelabelTemplateNodeScrapeRelabelTemplate defines relabel config, that will be added to each VMNodeScrape.
it’s useful for adding specific labels to all targets
RelabelConfig arrayfalse
nodeScrapeSelectorNodeScrapeSelector defines VMNodeScrape to be selected for scraping.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
overrideHonorLabelsOverrideHonorLabels if set to true overrides all user configured honor_labels.
If HonorLabels is set in scrape objects to true, this overrides honor_labels to false.
booleanfalse
overrideHonorTimestampsOverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.booleanfalse
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
podDisruptionBudgetPodDisruptionBudget created by operatorEmbeddedPodDisruptionBudgetSpecfalse
podMetadataPodMetadata configures Labels and Annotations which are propagated to the vmagent pods.EmbeddedObjectMetadatafalse
podScrapeNamespaceSelectorPodScrapeNamespaceSelector defines Namespaces to be selected for VMPodScrape discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
podScrapeRelabelTemplatePodScrapeRelabelTemplate defines relabel config, that will be added to each VMPodScrape.
it’s useful for adding specific labels to all targets
RelabelConfig arrayfalse
podScrapeSelectorPodScrapeSelector defines PodScrapes to be selected for target discovery.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
portPort listen addressstringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
probeNamespaceSelectorProbeNamespaceSelector defines Namespaces to be selected for VMProbe discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
probeScrapeRelabelTemplateProbeScrapeRelabelTemplate defines relabel config, that will be added to each VMProbeScrape.
it’s useful for adding specific labels to all targets
RelabelConfig arrayfalse
probeSelectorProbeSelector defines VMProbe to be selected for target probing.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
relabelConfigRelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig
This relabeling is applied to all the collected metrics before sending them to remote storage.
ConfigMapKeySelectorfalse
remoteWriteRemoteWrite list of victoria metrics /some other remote write system
for vm it must looks like: http://victoria-metrics-single:8429/api/v1/write
or for cluster different url
https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent#splitting-data-streams-among-multiple-systems
VMAgentRemoteWriteSpec arraytrue
remoteWriteSettingsRemoteWriteSettings defines global settings for all remoteWrite urls.VMAgentRemoteWriteSettingsfalse
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
rollingUpdateRollingUpdate - overrides deployment update params.RollingUpdateDeploymentfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
scrapeConfigNamespaceSelectorScrapeConfigNamespaceSelector defines Namespaces to be selected for VMScrapeConfig discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
scrapeConfigRelabelTemplateScrapeConfigRelabelTemplate defines relabel config, that will be added to each VMScrapeConfig.
it’s useful for adding specific labels to all targets
RelabelConfig arrayfalse
scrapeConfigSelectorScrapeConfigSelector defines VMScrapeConfig to be selected for target discovery.
Works in combination with NamespaceSelector.
LabelSelectorfalse
scrapeIntervalScrapeInterval defines how often scrape targets by defaultstringfalse
scrapeTimeoutScrapeTimeout defines global timeout for targets scrapestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
selectAllByDefaultSelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector.
with selectAllByDefault: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector
Operator selects all exist serviceScrapes
with selectAllByDefault: false - selects nothing
booleanfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the podsstringfalse
serviceScrapeNamespaceSelectorServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
serviceScrapeRelabelTemplateServiceScrapeRelabelTemplate defines relabel config, that will be added to each VMServiceScrape.
it’s useful for adding specific labels to all targets
RelabelConfig arrayfalse
serviceScrapeSelectorServiceScrapeSelector defines ServiceScrapes to be selected for target discovery.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmagent VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecServiceSpec that will be added to vmagent service specAdditionalServiceSpecfalse
shardCountShardCount - numbers of shards of VMAgent
in this case operator will use 1 deployment/sts per shard with
replicas count according to spec.replicas,
see here
integerfalse
statefulModeStatefulMode enables StatefulSet for VMAgent instead of Deployment
it allows using persistent storage for vmagent’s persistentQueue
booleanfalse
statefulRollingUpdateStrategyStatefulRollingUpdateStrategy allows configuration for strategyType
set it to RollingUpdate for disabling operator statefulSet rollingUpdate
StatefulSetUpdateStrategyTypefalse
statefulStorageStatefulStorage configures storage for StatefulSetStorageSpecfalse
staticScrapeNamespaceSelectorStaticScrapeNamespaceSelector defines Namespaces to be selected for VMStaticScrape discovery.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
staticScrapeRelabelTemplateStaticScrapeRelabelTemplate defines relabel config, that will be added to each VMStaticScrape.
it’s useful for adding specific labels to all targets
RelabelConfig arrayfalse
staticScrapeSelectorStaticScrapeSelector defines VMStaticScrape to be selected for target discovery.
Works in combination with NamespaceSelector.
If both nil - match everything.
NamespaceSelector nil - only objects at VMAgent namespace.
Selector nil - only objects at NamespaceSelector namespaces.
LabelSelectorfalse
streamAggrConfigStreamAggrConfig defines global stream aggregation configuration for VMAgentStreamAggrConfigfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
updateStrategyUpdateStrategy - overrides default update strategy.
works only for deployments, statefulset always use OnDelete.
DeploymentStrategyTypefalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
useVMConfigReloaderUseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates
booleanfalse
vmAgentExternalLabelNameVMAgentExternalLabelName Name of vmAgent external label used to denote vmAgent instance
name. Defaults to the value of prometheus. External label will
not be added when value is set to empty string ("").
stringfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

VMAlert #

VMAlert executes a list of given alerting or recording rules against configured address.

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAlert
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMAlertSpectrue

VMAlertDatasourceSpec #

VMAlertDatasourceSpec defines the remote storage configuration for VmAlert to read alerts from

Appears in:

FieldDescriptionSchemeRequired
basicAuthBasicAuthfalse
headersHeaders allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
string arrayfalse
oauth2OAuth2false
tlsConfigTLSConfigfalse
urlVictoria Metrics or VMSelect url. Required parameter. E.g. http://127.0.0.1:8428stringtrue

VMAlertNotifierSpec #

VMAlertNotifierSpec defines the notifier url for sending information about alerts

Appears in:

FieldDescriptionSchemeRequired
basicAuthBasicAuthfalse
headersHeaders allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
string arrayfalse
oauth2OAuth2false
selectorSelector allows service discovery for alertmanager
in this case all matched vmalertmanager replicas will be added into vmalert notifier.url
as statefulset pod.fqdn
DiscoverySelectorfalse
tlsConfigTLSConfigfalse
urlAlertManager url. E.g. http://127.0.0.1:9093stringfalse

VMAlertRemoteReadSpec #

VMAlertRemoteReadSpec defines the remote storage configuration for VmAlert to read alerts from

Appears in:

FieldDescriptionSchemeRequired
basicAuthBasicAuthfalse
headersHeaders allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
string arrayfalse
lookbackLookback defines how far to look into past for alerts timeseries. For example, if lookback=1h then range from now() to now()-1h will be scanned. (default 1h0m0s)
Applied only to RemoteReadSpec
stringfalse
oauth2OAuth2false
tlsConfigTLSConfigfalse
urlURL of the endpoint to send samples to.stringtrue

VMAlertRemoteWriteSpec #

VMAlertRemoteWriteSpec defines the remote storage configuration for VmAlert

Appears in:

FieldDescriptionSchemeRequired
basicAuthBasicAuthfalse
concurrencyDefines number of readers that concurrently write into remote storage (default 1)integerfalse
flushIntervalDefines interval of flushes to remote write endpoint (default 5s)stringfalse
headersHeaders allow configuring custom http headers
Must be in form of semicolon separated header with value
e.g.
headerName:headerValue
vmalert supports it since 1.79.0 version
string arrayfalse
maxBatchSizeDefines defines max number of timeseries to be flushed at once (default 1000)integerfalse
maxQueueSizeDefines the max number of pending datapoints to remote write endpoint (default 100000)integerfalse
oauth2OAuth2false
tlsConfigTLSConfigfalse
urlURL of the endpoint to send samples to.stringtrue

VMAlertSpec #

VMAlertSpec defines the desired state of VMAlert

Appears in:

FieldDescriptionSchemeRequired
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
configReloaderExtraArgsConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
object (keys:string, values:string)false
configReloaderImageTagConfigReloaderImageTag defines image:tag for config-reloader containerstringfalse
configReloaderResourcesConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
datasourceDatasource Victoria Metrics or VMSelect url. Required parameter. e.g. http://127.0.0.1:8428VMAlertDatasourceSpectrue
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
enforcedNamespaceLabelEnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
and metric that is user created. The label value will always be the namespace of the object that is
being created.
stringfalse
evaluationIntervalEvaluationInterval defines how often to evaluate rules by defaultstringfalse
externalLabelsExternalLabels in the form ’name: value’ to add to all generated recording rules and alerts.object (keys:string, values:string)false
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
licenseLicense allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
Licensefalse
logFormatLogFormat for VMAlert to be configured with.
default or json
stringfalse
logLevelLogLevel for VMAlert to be configured with.stringfalse
managedMetadataManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
ManagedObjectsMetadatatrue
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
notifierNotifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093
If specified both notifier and notifiers, notifier will be added as last element to notifiers.
only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier
VMAlertNotifierSpecfalse
notifierConfigRefNotifierConfigRef reference for secret with notifier configuration for vmalert
only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier
SecretKeySelectorfalse
notifiersNotifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093
If specified both notifier and notifiers, notifier will be added as last element to notifiers.
only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier
VMAlertNotifierSpec arrayfalse
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
podDisruptionBudgetPodDisruptionBudget created by operatorEmbeddedPodDisruptionBudgetSpecfalse
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMAlert pods.EmbeddedObjectMetadatatrue
portPort listen addressstringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
remoteReadRemoteRead Optional URL to read vmalert state (persisted via RemoteWrite)
This configuration only makes sense if alerts state has been successfully
persisted (via RemoteWrite) before.
see -remoteRead.url docs in vmalerts for details.
E.g. http://127.0.0.1:8428
VMAlertRemoteReadSpecfalse
remoteWriteRemoteWrite Optional URL to remote-write compatible storage to persist
vmalert state and rule results to.
Rule results will be persisted according to each rule.
Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE
see -remoteWrite.url docs in vmalerts for details.
E.g. http://127.0.0.1:8428
VMAlertRemoteWriteSpecfalse
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
rollingUpdateRollingUpdate - overrides deployment update params.RollingUpdateDeploymentfalse
ruleNamespaceSelectorRuleNamespaceSelector to be selected for VMRules discovery.
Works in combination with Selector.
If both nil - behaviour controlled by selectAllByDefault
NamespaceSelector nil - only objects at VMAlert namespace.
LabelSelectorfalse
rulePathRulePath to the file with alert rules.
Supports patterns. Flag can be specified multiple times.
Examples:
-rule /path/to/file. Path to a single file with alerting rules
-rule dir/.yaml -rule /.yaml. Relative path to all .yaml files in folder,
absolute path to all .yaml files in root.
by default operator adds /etc/vmalert/configs/base/vmalert.yaml
string arrayfalse
ruleSelectorRuleSelector selector to select which VMRules to mount for loading alerting
rules from.
Works in combination with NamespaceSelector.
If both nil - behaviour controlled by selectAllByDefault
NamespaceSelector nil - only objects at VMAlert namespace.
LabelSelectorfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
selectAllByDefaultSelectAllByDefault changes default behavior for empty CRD selectors, such RuleSelector.
with selectAllByDefault: true and empty serviceScrapeSelector and RuleNamespaceSelector
Operator selects all exist serviceScrapes
with selectAllByDefault: false - selects nothing
booleanfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the podsstringfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmalert VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecServiceSpec that will be added to vmalert service specAdditionalServiceSpecfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
updateStrategyUpdateStrategy - overrides default update strategy.DeploymentStrategyTypefalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
useVMConfigReloaderUseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates
booleanfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

VMAlertmanager #

VMAlertmanager represents Victoria-Metrics deployment for Alertmanager.

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAlertmanager
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specSpecification of the desired behavior of the VMAlertmanager cluster. More info:
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
VMAlertmanagerSpectrue

VMAlertmanagerConfig #

VMAlertmanagerConfig is the Schema for the vmalertmanagerconfigs API

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAlertmanagerConfig
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMAlertmanagerConfigSpectrue

VMAlertmanagerConfigSpec #

VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig it must reference only locally defined objects

Appears in:

FieldDescriptionSchemeRequired
inhibit_rulesInhibitRules will only apply for alerts matching
the resource’s namespace.
InhibitRule arrayfalse
receiversReceivers defines alert receiversReceiver arraytrue
routeRoute definition for alertmanager, may include nested routes.Routetrue
time_intervalsTimeIntervals defines named interval for active/mute notifications interval
See https://prometheus.io/docs/alerting/latest/configuration/#time_interval
TimeIntervals arrayfalse

VMAlertmanagerSpec #

VMAlertmanagerSpec is a specification of the desired behavior of the VMAlertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Appears in:

FieldDescriptionSchemeRequired
additionalPeersAdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.string arraytrue
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
claimTemplatesClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSetPersistentVolumeClaim arraytrue
clusterAdvertiseAddressClusterAdvertiseAddress is the explicit address to advertise in cluster.
Needs to be provided for non RFC1918 [1] (public) addresses.
[1] RFC1918: https://tools.ietf.org/html/rfc1918
stringfalse
clusterDomainNameClusterDomainName defines domain name suffix for in-cluster dns addresses
aka .cluster.local
used to build pod peer addresses for in-cluster communication
stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
configNamespaceSelectorConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAlertmanager namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
configRawYamlConfigRawYaml - raw configuration for alertmanager,
it helps it to start without secret.
priority -> hardcoded ConfigRaw -> ConfigRaw, provided by user -> ConfigSecret.
stringfalse
configReloaderExtraArgsConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
object (keys:string, values:string)false
configReloaderImageTagConfigReloaderImageTag defines image:tag for config-reloader containerstringfalse
configReloaderResourcesConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
configSecretConfigSecret is the name of a Kubernetes Secret in the same namespace as the
VMAlertmanager object, which contains configuration for this VMAlertmanager,
configuration must be inside secret key: alertmanager.yaml.
It must be created by user.
instance. Defaults to ‘vmalertmanager-
The secret is mounted into /etc/alertmanager/config.
stringfalse
configSelectorConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAlertmanager namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
disableNamespaceMatcherDisableNamespaceMatcher disables top route namespace label matcher for VMAlertmanagerConfig
It may be useful if alert doesn’t have namespace label for some reason
booleanfalse
disableRouteContinueEnforceDisableRouteContinueEnforce cancel the behavior for VMAlertmanagerConfig that always enforce first-level route continue to truebooleanfalse
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
enforcedTopRouteMatchersEnforcedTopRouteMatchers defines label matchers to be added for the top route
of VMAlertmanagerConfig
It allows to make some set of labels required for alerts.
https://prometheus.io/docs/alerting/latest/configuration/#matcher
string arraytrue
externalURLExternalURL the VMAlertmanager instances will be available under. This is
necessary to generate correct URLs. This is necessary if VMAlertmanager is not
served from root of a DNS name.
stringfalse
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
gossipConfigGossipConfig defines gossip TLS configuration for Alertmanager clusterAlertmanagerGossipConfigfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
listenLocalListenLocal makes the VMAlertmanager server listen on loopback, so that it
does not bind against the Pod IP. Note this is only for the VMAlertmanager
UI, not the gossip communication.
booleanfalse
logFormatLogFormat for VMAlertmanager to be configured with.stringfalse
logLevelLog level for VMAlertmanager to be configured with.stringfalse
managedMetadataManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
ManagedObjectsMetadatatrue
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
podDisruptionBudgetPodDisruptionBudget created by operatorEmbeddedPodDisruptionBudgetSpecfalse
podMetadataPodMetadata configures Labels and Annotations which are propagated to the alertmanager pods.EmbeddedObjectMetadatafalse
portPort listen addressstringfalse
portNamePortName used for the pods and governing service.
This defaults to web
stringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
retentionRetention Time duration VMAlertmanager shall retain data for. Default is ‘120h’,
and must match the regular expression [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
stringfalse
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
rollingUpdateStrategyRollingUpdateStrategy defines strategy for application updates
Default is OnDelete, in this case operator handles update process
Can be changed for RollingUpdate
StatefulSetUpdateStrategyTypefalse
routePrefixRoutePrefix VMAlertmanager registers HTTP handlers for. This is useful,
if using ExternalURL and a proxy is rewriting HTTP routes of a request,
and the actual ExternalURL is still true, but the server serves requests
under a different route prefix. For example for use with kubectl proxy.
stringfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
selectAllByDefaultSelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector.
with selectAllByDefault: true and undefined ConfigSelector and ConfigNamespaceSelector
Operator selects all exist alertManagerConfigs
with selectAllByDefault: false - selects nothing
booleanfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the podsstringfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmalertmanager VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecServiceSpec that will be added to vmalertmanager service specAdditionalServiceSpecfalse
storageStorage is the definition of how storage will be used by the VMAlertmanager
instances.
StorageSpecfalse
templatesTemplates is a list of ConfigMap key references for ConfigMaps in the same namespace as the VMAlertmanager
object, which shall be mounted into the VMAlertmanager Pods.
The Templates are mounted into /etc/vm/templates//.
ConfigMapKeyReference arrayfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
useVMConfigReloaderUseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates
booleanfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue
webConfigWebConfig defines configuration for webserver
https://github.com/prometheus/alertmanager/blob/main/docs/https.md
AlertmanagerWebConfigfalse

VMAuth #

VMAuth is the Schema for the vmauths API

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMAuth
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMAuthSpectrue

VMAuthLoadBalancer #

VMAuthLoadBalancer configures vmauth as a load balancer for the requests

Appears in:

FieldDescriptionSchemeRequired
disableInsertBalancingbooleantrue
disableSelectBalancingbooleantrue
enabledbooleantrue
specVMAuthLoadBalancerSpectrue

VMAuthLoadBalancerSpec #

VMAuthLoadBalancerSpec defines configuration spec for VMAuth used as load-balancer for VMCluster component

Appears in:

FieldDescriptionSchemeRequired
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
logFormatLogFormat for vmauth
default or json
stringfalse
logLevelLogLevel for vmauth container.stringfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
podDisruptionBudgetPodDisruptionBudget created by operatorEmbeddedPodDisruptionBudgetSpecfalse
podMetadataCommon params for scheduling
PodMetadata configures Labels and Annotations which are propagated to the vmauth lb pods.
EmbeddedObjectMetadatatrue
portPort listen addressstringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmauthlb VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecAdditionalServiceSpec defines service override configuration for vmauth lb deployment
it’ll be only applied to vmclusterlb- service
AdditionalServiceSpectrue
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

VMAuthSpec #

VMAuthSpec defines the desired state of VMAuth

Appears in:

FieldDescriptionSchemeRequired
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
configReloaderExtraArgsConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: “30s”
object (keys:string, values:string)false
configReloaderImageTagConfigReloaderImageTag defines image:tag for config-reloader containerstringfalse
configReloaderResourcesConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
configSecretConfigSecret is the name of a Kubernetes Secret in the same namespace as the
VMAuth object, which contains auth configuration for vmauth,
configuration must be inside secret key: config.yaml.
It must be created and managed manually.
If it’s defined, configuration for vmauth becomes unmanaged and operator’ll not create any related secrets/config-reloaders
Deprecated, use externalConfig.secretRef instead
stringtrue
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
default_urlDefaultURLs backend url for non-matching paths filter
usually used for default backend with error message
string arraytrue
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
discover_backend_ipsDiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.booleantrue
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
drop_src_path_prefix_partsDropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
integerfalse
externalConfigExternalConfig defines a source of external VMAuth configuration.
If it’s defined, configuration for vmauth becomes unmanaged and operator’ll not create any related secrets/config-reloaders
ExternalConfigfalse
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
headersHeaders represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
string arrayfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
ingressIngress enables ingress configuration for VMAuth.EmbeddedIngresstrue
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
ip_filtersIPFilters defines per target src ip filters
supported only with enterprise version of vmauth
VMUserIPFiltersfalse
licenseLicense allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
Licensefalse
load_balancing_policyLoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
stringfalse
logFormatLogFormat for VMAuth to be configured with.stringfalse
logLevelLogLevel for victoria metrics single to be configured with.stringfalse
managedMetadataManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
ManagedObjectsMetadatatrue
max_concurrent_requestsMaxConcurrentRequests defines max concurrent requests per user
300 is default value for vmauth
integerfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
podDisruptionBudgetPodDisruptionBudget created by operatorEmbeddedPodDisruptionBudgetSpecfalse
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMAuth pods.EmbeddedObjectMetadatafalse
portPort listen addressstringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
response_headersResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
string arrayfalse
retry_status_codesRetryStatusCodes defines http status codes in numeric format for request retries
e.g. [429,503]
integer arrayfalse
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
selectAllByDefaultSelectAllByDefault changes default behavior for empty CRD selectors, such userSelector.
with selectAllByDefault: true and empty userSelector and userNamespaceSelector
Operator selects all exist users
with selectAllByDefault: false - selects nothing
booleanfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the podsstringfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmauth VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecServiceSpec that will be added to vmsingle service specAdditionalServiceSpecfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tlsConfigTLSConfig defines tls configuration for the backend connectionTLSConfigfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
unauthorizedAccessConfigUnauthorizedAccessConfig configures access for un authorized users

Deprecated, use unauthorizedUserAccessSpec instead
will be removed at v1.0 release
UnauthorizedAccessConfigURLMap arraytrue
unauthorizedUserAccessSpecUnauthorizedUserAccessSpec defines unauthorized_user config section of vmauth configVMAuthUnauthorizedUserAccessSpecfalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
useVMConfigReloaderUseVMConfigReloader replaces prometheus-like config-reloader
with vm one. It uses secrets watch instead of file watch
which greatly increases speed of config updates
booleanfalse
userNamespaceSelectorUserNamespaceSelector Namespaces to be selected for VMAuth discovery.
Works in combination with Selector.
NamespaceSelector nil - only objects at VMAuth namespace.
Selector nil - only objects at NamespaceSelector namespaces.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
userSelectorUserSelector defines VMUser to be selected for config file generation.
Works in combination with NamespaceSelector.
NamespaceSelector nil - only objects at VMAuth namespace.
If both nil - behaviour controlled by selectAllByDefault
LabelSelectorfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

VMAuthUnauthorizedUserAccessSpec #

VMAuthUnauthorizedUserAccessSpec defines unauthorized_user section configuration for vmauth

Appears in:

FieldDescriptionSchemeRequired
default_urlDefaultURLs backend url for non-matching paths filter
usually used for default backend with error message
string arraytrue
discover_backend_ipsDiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.booleantrue
drop_src_path_prefix_partsDropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
integerfalse
headersHeaders represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
string arrayfalse
ip_filtersIPFilters defines per target src ip filters
supported only with enterprise version of vmauth
VMUserIPFiltersfalse
load_balancing_policyLoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
stringfalse
max_concurrent_requestsMaxConcurrentRequests defines max concurrent requests per user
300 is default value for vmauth
integerfalse
metric_labelsMetricLabels - additional labels for metrics exported by vmauth for given user.object (keys:string, values:string)false
response_headersResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
string arrayfalse
retry_status_codesRetryStatusCodes defines http status codes in numeric format for request retries
e.g. [429,503]
integer arrayfalse
tlsConfigTLSConfig defines tls configuration for the backend connectionTLSConfigfalse
url_mapUnauthorizedAccessConfigURLMap arraytrue
url_prefixURLPrefix defines prefix prefix for destinationStringOrArraytrue

VMBackup #

Appears in:

FieldDescriptionSchemeRequired
acceptEULAAcceptEULA accepts enterprise feature usage, must be set to true.
otherwise backupmanager cannot be added to single/cluster version.
https://victoriametrics.com/legal/esa/
booleanfalse
concurrencyDefines number of concurrent workers. Higher concurrency may reduce backup duration (default 10)integerfalse
credentialsSecretCredentialsSecret is secret in the same namespace for access to remote storage
The secret is mounted into /etc/vm/creds.
SecretKeySelectorfalse
customS3EndpointCustom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not setstringfalse
destinationDefines destination for backupstringtrue
destinationDisableSuffixAddDestinationDisableSuffixAdd - disables suffix adding for cluster version backups
each vmstorage backup must have unique backup folder
so operator adds POD_NAME as suffix for backup destination folder.
booleanfalse
disableDailyDefines if daily backups disabled (default false)booleanfalse
disableHourlyDefines if hourly backups disabled (default false)booleanfalse
disableMonthlyDefines if monthly backups disabled (default false)booleanfalse
disableWeeklyDefines if weekly backups disabled (default false)booleanfalse
extraArgsextra args like maxBytesPerSecond default 0object (keys:string, values:string)false
extraEnvsEnvVar arrayfalse
imageImage - docker image settings for VMBackuperImagefalse
logFormatLogFormat for VMBackup to be configured with.
default or json
stringfalse
logLevelLogLevel for VMBackup to be configured with.stringfalse
portPort for health check connectionsstringtrue
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
restoreRestore Allows to enable restore options for pod
Read more
VMRestorefalse
snapshotCreateURLSnapshotCreateURL overwrites url for snapshot createstringfalse
snapshotDeleteURLSnapShotDeleteURL overwrites url for snapshot deletestringfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition.
VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container,
that are generated as a result of StorageSpec objects.
VolumeMount arrayfalse

VMCluster #

VMCluster is fast, cost-effective and scalable time-series database. Cluster version with

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMCluster
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetafalse
specVMClusterSpectrue

VMClusterSpec #

VMClusterSpec defines the desired state of VMCluster

Appears in:

FieldDescriptionSchemeRequired
clusterDomainNameClusterDomainName defines domain name suffix for in-cluster dns addresses
aka .cluster.local
used by vminsert and vmselect to build vmstorage address
stringfalse
clusterVersionClusterVersion defines default images tag for all components.
it can be overwritten with component specific image.tag value.
stringfalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
licenseLicense allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
Licensefalse
managedMetadataManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
ManagedObjectsMetadatatrue
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
replicationFactorReplicationFactor defines how many copies of data make among
distinct storage nodes
integerfalse
requestsLoadBalancerRequestsLoadBalancer configures load-balancing for vminsert and vmselect requests
it helps to evenly spread load across pods
usually it’s not possible with kubernetes TCP based service
VMAuthLoadBalancertrue
retentionPeriodRetentionPeriod for the stored metrics
Note VictoriaMetrics has data/ and indexdb/ folders
metrics from data/ removed eventually as soon as partition leaves retention period
reverse index data at indexdb rotates once at the half of configured
retention period
stringtrue
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the
VMSelect, VMStorage and VMInsert Pods.
stringfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
vminsertVMInsertfalse
vmselectVMSelectfalse
vmstorageVMStoragefalse

VMInsert #

Appears in:

FieldDescriptionSchemeRequired
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
clusterNativeListenPortClusterNativePort for multi-level cluster setup.
More details
stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
hpaHPA defines kubernetes PodAutoScaling configuration version 2.EmbeddedHPAtrue
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
insertPortsInsertPorts - additional listen ports for data ingestion.InsertPortstrue
logFormatLogFormat for VMInsert to be configured with.
default or json
stringfalse
logLevelLogLevel for VMInsert to be configured with.stringfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
podDisruptionBudgetPodDisruptionBudget created by operatorEmbeddedPodDisruptionBudgetSpecfalse
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMInsert pods.EmbeddedObjectMetadatatrue
portPort listen addressstringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
rollingUpdateRollingUpdate - overrides deployment update params.RollingUpdateDeploymentfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vminsert VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecServiceSpec that will be added to vminsert service specAdditionalServiceSpecfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
updateStrategyUpdateStrategy - overrides default update strategy.DeploymentStrategyTypefalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

VMNodeScrape #

VMNodeScrape defines discovery for targets placed on kubernetes nodes, usually its node-exporters and other host services. InternalIP is used as address for scraping.

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMNodeScrape
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMNodeScrapeSpectrue

VMNodeScrapeSpec #

VMNodeScrapeSpec defines specification for VMNodeScrape.

Appears in:

FieldDescriptionSchemeRequired
authorizationAuthorization with http header AuthorizationAuthorizationfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authenticationBasicAuthfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
SecretKeySelectorfalse
follow_redirectsFollowRedirects controls redirects for scraping.booleanfalse
honorLabelsHonorLabels chooses the metric’s labels on collisions with target labels.booleanfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.booleanfalse
intervalInterval at which metrics should be scrapedstringfalse
jobLabelThe label to use to retrieve the job name from.stringfalse
max_scrape_sizeMaxScrapeSize defines a maximum size of scraped data for a jobstringfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples after scrapping.RelabelConfig arrayfalse
oauth2OAuth2 defines auth configurationOAuth2false
paramsOptional HTTP URL parametersobject (keys:string, values:string array)false
pathHTTP path to scrape for metrics.stringfalse
portName of the port exposed at Node.stringfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
relabelConfigsRelabelConfigs to apply to samples during service discovery.RelabelConfig arrayfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
schemeHTTP scheme to use for scraping.stringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
stringfalse
selectorSelector to select kubernetes Nodes.LabelSelectorfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse
targetLabelsTargetLabels transfers labels on the Kubernetes Node onto the target.string arrayfalse
tlsConfigTLSConfig configuration to use when scraping the endpointTLSConfigfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parametersVMScrapeParamsfalse

VMPodScrape #

VMPodScrape is scrape configuration for pods, it generates vmagent’s config for scraping pod targets based on selectors.

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMPodScrape
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetafalse
specVMPodScrapeSpectrue

VMPodScrapeSpec #

VMPodScrapeSpec defines the desired state of VMPodScrape

Appears in:

FieldDescriptionSchemeRequired
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse
jobLabelThe label to use to retrieve the job name from.stringfalse
namespaceSelectorSelector to select which namespaces the Endpoints objects are discovered from.NamespaceSelectorfalse
podMetricsEndpointsA list of endpoints allowed as part of this PodMonitor.PodMetricsEndpoint arraytrue
podTargetLabelsPodTargetLabels transfers labels on the Kubernetes Pod onto the target.string arrayfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
selectorSelector to select Pod objects.LabelSelectorfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse

VMProbe #

VMProbe defines a probe for targets, that will be executed with prober, like blackbox exporter. It helps to monitor reachability of target with various checks.

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMProbe
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetafalse
specVMProbeSpectrue

VMProbeSpec #

VMProbeSpec contains specification parameters for a Probe.

Appears in:

FieldDescriptionSchemeRequired
authorizationAuthorization with http header AuthorizationAuthorizationfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authenticationBasicAuthfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
SecretKeySelectorfalse
follow_redirectsFollowRedirects controls redirects for scraping.booleanfalse
honorLabelsHonorLabels chooses the metric’s labels on collisions with target labels.booleanfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.booleanfalse
intervalInterval at which metrics should be scrapedstringfalse
jobNameThe job name assigned to scraped metrics by default.stringtrue
max_scrape_sizeMaxScrapeSize defines a maximum size of scraped data for a jobstringfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples after scrapping.RelabelConfig arrayfalse
moduleThe module to use for probing specifying how to probe the target.
Example module configuring in the blackbox exporter:
https://github.com/prometheus/blackbox_exporter/blob/master/example.yml
stringtrue
oauth2OAuth2 defines auth configurationOAuth2false
paramsOptional HTTP URL parametersobject (keys:string, values:string array)false
pathHTTP path to scrape for metrics.stringfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
schemeHTTP scheme to use for scraping.stringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
stringfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse
targetsTargets defines a set of static and/or dynamically discovered targets to be probed using the prober.VMProbeTargetstrue
tlsConfigTLSConfig configuration to use when scraping the endpointTLSConfigfalse
vmProberSpecSpecification for the prober to use for probing targets.
The prober.URL parameter is required. Targets cannot be probed if left empty.
VMProberSpectrue
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parametersVMScrapeParamsfalse

VMProbeTargetStaticConfig #

VMProbeTargetStaticConfig defines the set of static targets considered for probing.

Appears in:

FieldDescriptionSchemeRequired
labelsLabels assigned to all metrics scraped from the targets.object (keys:string, values:string)true
relabelingConfigsRelabelConfigs to apply to samples during service discovery.RelabelConfig arraytrue
targetsTargets is a list of URLs to probe using the configured prober.string arraytrue

VMProbeTargets #

VMProbeTargets defines a set of static and dynamically discovered targets for the prober.

Appears in:

FieldDescriptionSchemeRequired
ingressIngress defines the set of dynamically discovered ingress objects which hosts are considered for probing.ProbeTargetIngresstrue
staticConfigStaticConfig defines static targets which are considers for probing.VMProbeTargetStaticConfigtrue

VMProberSpec #

VMProberSpec contains specification parameters for the Prober used for probing.

Appears in:

FieldDescriptionSchemeRequired
pathPath to collect metrics from.
Defaults to /probe.
stringtrue
schemeHTTP scheme to use for scraping.
Defaults to http.
stringfalse
urlMandatory URL of the prober.stringtrue

VMRestore #

VMRestore defines config options for vmrestore start-up

Appears in:

FieldDescriptionSchemeRequired
onStartOnStart defines configuration for restore on pod startVMRestoreOnStartConfigfalse

VMRestoreOnStartConfig #

VMRestoreOnStartConfig controls vmrestore setting

Appears in:

FieldDescriptionSchemeRequired
enabledEnabled defines if restore on start enabledbooleanfalse

VMRule #

VMRule defines rule records for vmalert application

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMRule
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMRuleSpectrue

VMRuleSpec #

VMRuleSpec defines the desired state of VMRule

Appears in:

FieldDescriptionSchemeRequired
groupsGroups list of group rulesRuleGroup arraytrue

VMScrapeConfig #

VMScrapeConfig specifies a set of targets and parameters describing how to scrape them.

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMScrapeConfig
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMScrapeConfigSpectrue

VMScrapeConfigSpec #

VMScrapeConfigSpec defines the desired state of VMScrapeConfig

Appears in:

FieldDescriptionSchemeRequired
authorizationAuthorization with http header AuthorizationAuthorizationfalse
azureSDConfigsAzureSDConfigs defines a list of Azure service discovery configurations.AzureSDConfig arrayfalse
basicAuthBasicAuth allow an endpoint to authenticate over basic authenticationBasicAuthfalse
bearerTokenFileFile to read bearer token for scraping targets.stringfalse
bearerTokenSecretSecret to mount to read bearer token for scraping targets. The secret
needs to be in the same namespace as the scrape object and accessible by
the victoria-metrics operator.
SecretKeySelectorfalse
consulSDConfigsConsulSDConfigs defines a list of Consul service discovery configurations.ConsulSDConfig arrayfalse
digitalOceanSDConfigsDigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations.DigitalOceanSDConfig arrayfalse
dnsSDConfigsDNSSDConfigs defines a list of DNS service discovery configurations.DNSSDConfig arrayfalse
ec2SDConfigsEC2SDConfigs defines a list of EC2 service discovery configurations.EC2SDConfig arrayfalse
fileSDConfigsFileSDConfigs defines a list of file service discovery configurations.FileSDConfig arrayfalse
follow_redirectsFollowRedirects controls redirects for scraping.booleanfalse
gceSDConfigsGCESDConfigs defines a list of GCE service discovery configurations.GCESDConfig arrayfalse
honorLabelsHonorLabels chooses the metric’s labels on collisions with target labels.booleanfalse
honorTimestampsHonorTimestamps controls whether vmagent respects the timestamps present in scraped data.booleanfalse
httpSDConfigsHTTPSDConfigs defines a list of HTTP service discovery configurations.HTTPSDConfig arrayfalse
intervalInterval at which metrics should be scrapedstringfalse
kubernetesSDConfigsKubernetesSDConfigs defines a list of Kubernetes service discovery configurations.KubernetesSDConfig arrayfalse
max_scrape_sizeMaxScrapeSize defines a maximum size of scraped data for a jobstringfalse
metricRelabelConfigsMetricRelabelConfigs to apply to samples after scrapping.RelabelConfig arrayfalse
oauth2OAuth2 defines auth configurationOAuth2false
openstackSDConfigsOpenStackSDConfigs defines a list of OpenStack service discovery configurations.OpenStackSDConfig arrayfalse
paramsOptional HTTP URL parametersobject (keys:string, values:string array)false
pathHTTP path to scrape for metrics.stringfalse
proxyURLProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.stringfalse
relabelConfigsRelabelConfigs to apply to samples during service discovery.RelabelConfig arrayfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
schemeHTTP scheme to use for scraping.stringfalse
scrapeTimeoutTimeout after which the scrape is endedstringfalse
scrape_intervalScrapeInterval is the same as Interval and has priority over it.
one of scrape_interval or interval can be used
stringfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse
staticConfigsStaticConfigs defines a list of static targets with a common label set.StaticConfig arrayfalse
tlsConfigTLSConfig configuration to use when scraping the endpointTLSConfigfalse
vm_scrape_paramsVMScrapeParams defines VictoriaMetrics specific scrape parametersVMScrapeParamsfalse

VMScrapeParams #

VMScrapeParams defines scrape target configuration that compatible only with VictoriaMetrics scrapers VMAgent and VMSingle

Appears in:

FieldDescriptionSchemeRequired
disable_compressionDisableCompressionbooleanfalse
disable_keep_alivedisable_keepalive allows disabling HTTP keep-alive when scraping targets.
By default, HTTP keep-alive is enabled, so TCP connections to scrape targets
could be re-used.
See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements
booleanfalse
headersHeaders allows sending custom headers to scrape targets
must be in of semicolon separated header with it’s value
eg:
headerName: headerValue
vmagent supports since 1.79.0 version
string arrayfalse
no_stale_markersbooleanfalse
proxy_client_configProxyClientConfig configures proxy auth settings for scraping
See feature description https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy
ProxyAuthfalse
scrape_align_intervalstringfalse
scrape_offsetstringfalse
stream_parsebooleanfalse

VMSelect #

VMSelect defines configuration section for vmselect components of the victoria-metrics cluster

Appears in:

FieldDescriptionSchemeRequired
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
cacheMountPathCacheMountPath allows to add cache persistent for VMSelect,
will use “/cache” as default if not specified.
stringfalse
claimTemplatesClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSetPersistentVolumeClaim arraytrue
clusterNativeListenPortClusterNativePort for multi-level cluster setup.
More details
stringfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
hpaConfigures horizontal pod autoscaling.
Note, enabling this option disables vmselect to vmselect communication. In most cases it’s not an issue.
EmbeddedHPAfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
logFormatLogFormat for VMSelect to be configured with.
default or json
stringfalse
logLevelLogLevel for VMSelect to be configured with.stringfalse
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
persistentVolumeStorage - add persistent volume for cacheMountPath
its useful for persistent cache
use storage instead of persistentVolume.
StorageSpecfalse
podDisruptionBudgetPodDisruptionBudget created by operatorEmbeddedPodDisruptionBudgetSpecfalse
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMSelect pods.EmbeddedObjectMetadatatrue
portPort listen addressstringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
rollingUpdateStrategyRollingUpdateStrategy defines strategy for application updates
Default is OnDelete, in this case operator handles update process
Can be changed for RollingUpdate
StatefulSetUpdateStrategyTypefalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmselect VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecServiceSpec that will be added to vmselect service specAdditionalServiceSpecfalse
storageStorageSpec - add persistent volume claim for cacheMountPath
its needed for persistent cache
StorageSpecfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

VMServiceScrape #

VMServiceScrape is scrape configuration for endpoints associated with kubernetes service, it generates scrape configuration for vmagent based on selectors. result config will scrape service endpoints

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMServiceScrape
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMServiceScrapeSpectrue

VMServiceScrapeSpec #

VMServiceScrapeSpec defines the desired state of VMServiceScrape

Appears in:

FieldDescriptionSchemeRequired
attach_metadataAttachMetadata configures metadata attaching from service discoveryAttachMetadatafalse
discoveryRoleDiscoveryRole - defines kubernetes_sd role for objects discovery.
by default, its endpoints.
can be changed to service or endpointslices.
note, that with service setting, you have to use port: “name”
and cannot use targetPort for endpoints.
stringfalse
endpointsA list of endpoints allowed as part of this ServiceScrape.Endpoint arraytrue
jobLabelThe label to use to retrieve the job name from.stringfalse
namespaceSelectorSelector to select which namespaces the Endpoints objects are discovered from.NamespaceSelectorfalse
podTargetLabelsPodTargetLabels transfers labels on the Kubernetes Pod onto the target.string arrayfalse
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
selectorSelector to select Endpoints objects by corresponding Service labels.LabelSelectorfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse
targetLabelsTargetLabels transfers labels on the Kubernetes Service onto the target.string arrayfalse

VMSingle #

VMSingle is fast, cost-effective and scalable time-series database.

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMSingle
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMSingleSpectrue

VMSingleSpec #

VMSingleSpec defines the desired state of VMSingle

Appears in:

FieldDescriptionSchemeRequired
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
insertPortsInsertPorts - additional listen ports for data ingestion.InsertPortstrue
licenseLicense allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See here
Licensefalse
logFormatLogFormat for VMSingle to be configured with.stringfalse
logLevelLogLevel for victoria metrics single to be configured with.stringfalse
managedMetadataManagedMetadata defines metadata that will be added to the all objects
created by operator for the given CustomResource
ManagedObjectsMetadatatrue
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMSingle pods.EmbeddedObjectMetadatafalse
portPort listen addressstringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
removePvcAfterDeleteRemovePvcAfterDelete - if true, controller adds ownership to pvc
and after VMSingle object deletion - pvc will be garbage collected
by controller manager
booleanfalse
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
retentionPeriodRetentionPeriod for the stored metrics
Note VictoriaMetrics has data/ and indexdb/ folders
metrics from data/ removed eventually as soon as partition leaves retention period
reverse index data at indexdb rotates once at the half of configured retention period
stringtrue
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
serviceAccountNameServiceAccountName is the name of the ServiceAccount to use to run the podsstringfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmsingle VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecServiceSpec that will be added to vmsingle service specAdditionalServiceSpecfalse
storageStorage is the definition of how storage will be used by the VMSingle
by default it`s empty dir
this option is ignored if storageDataPath is set
PersistentVolumeClaimSpecfalse
storageDataPathStorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary –storageDataPath,
its users responsibility to mount proper device into given path.
It requires to provide spec.volumes and spec.volumeMounts with at least 1 value
stringfalse
storageMetadataStorageMeta defines annotations and labels attached to PVC for given vmsingle CREmbeddedObjectMetadatafalse
streamAggrConfigStreamAggrConfig defines stream aggregation configuration for VMSingleStreamAggrConfigtrue
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
vmBackupVMBackup configuration for backupVMBackupfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

VMStaticScrape #

VMStaticScrape defines static targets configuration for scraping.

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMStaticScrape
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMStaticScrapeSpectrue

VMStaticScrapeSpec #

VMStaticScrapeSpec defines the desired state of VMStaticScrape.

Appears in:

FieldDescriptionSchemeRequired
jobNameJobName name of job.stringtrue
sampleLimitSampleLimit defines per-scrape limit on number of scraped samples that will be accepted.integerfalse
seriesLimitSeriesLimit defines per-scrape limit on number of unique time series
a single target can expose during all the scrapes on the time window of 24h.
integerfalse
targetEndpointsA list of target endpoints to scrape metrics from.TargetEndpoint arraytrue

VMStorage #

Appears in:

FieldDescriptionSchemeRequired
affinityAffinity If specified, the pod’s scheduling constraints.Affinityfalse
claimTemplatesClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSetPersistentVolumeClaim arraytrue
configMapsConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder
string arrayfalse
containersContainers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc.
Container arrayfalse
disableSelfServiceScrapeDisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over VM_DISABLESELFSERVICESCRAPECREATION operator env variable
booleanfalse
dnsConfigSpecifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy.
PodDNSConfigfalse
dnsPolicyDNSPolicy sets DNS policy for the podDNSPolicyfalse
extraArgsExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp
object (keys:string, values:string)false
extraEnvsExtraEnvs that will be passed to the application containerEnvVar arrayfalse
hostAliasesHostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
HostAlias arrayfalse
hostNetworkHostNetwork controls whether the pod may use the node network namespacebooleanfalse
host_aliasesHostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field
HostAlias arrayfalse
imageImage - docker image settings
if no specified operator uses default version from operator config
Imagefalse
imagePullSecretsImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
LocalObjectReference arrayfalse
initContainersInitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Container arrayfalse
logFormatLogFormat for VMStorage to be configured with.
default or json
stringfalse
logLevelLogLevel for VMStorage to be configured with.stringfalse
maintenanceInsertNodeIDsMaintenanceInsertNodeIDs - excludes given node ids from insert requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc.
lets say, you have pod-0, pod-1, pod-2, pod-3. to exclude pod-0 and pod-3 from insert routing, define nodeIDs: [0,3].
Useful at storage expanding, when you want to rebalance some data at cluster.
integer arrayfalse
maintenanceSelectNodeIDsMaintenanceInsertNodeIDs - excludes given node ids from select requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc.integer arraytrue
minReadySecondsMinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle
integerfalse
nodeSelectorNodeSelector Define which Nodes the Pods are scheduled on.object (keys:string, values:string)false
pausedPaused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions.
booleanfalse
podDisruptionBudgetPodDisruptionBudget created by operatorEmbeddedPodDisruptionBudgetSpecfalse
podMetadataPodMetadata configures Labels and Annotations which are propagated to the VMStorage pods.EmbeddedObjectMetadatatrue
portPort listen addressstringfalse
priorityClassNamePriorityClassName class assigned to the Podsstringfalse
readinessGatesReadinessGates defines pod readiness gatesPodReadinessGate arraytrue
replicaCountReplicaCount is the expected size of the Application.integerfalse
resourcesResources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used
ResourceRequirementsfalse
revisionHistoryLimitCountThe number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10.
integerfalse
rollingUpdateStrategyRollingUpdateStrategy defines strategy for application updates
Default is OnDelete, in this case operator handles update process
Can be changed for RollingUpdate
StatefulSetUpdateStrategyTypefalse
runtimeClassNameRuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/
stringfalse
schedulerNameSchedulerName - defines kubernetes scheduler namestringfalse
secretsSecrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder
string arrayfalse
securityContextSecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext.
SecurityContextfalse
serviceScrapeSpecServiceScrapeSpec that will be added to vmstorage VMServiceScrape specVMServiceScrapeSpecfalse
serviceSpecServiceSpec that will be create additional service for vmstorageAdditionalServiceSpecfalse
storageStorage - add persistent volume for StorageDataPath
its useful for persistent cache
StorageSpecfalse
storageDataPathStorageDataPath - path to storage datastringfalse
terminationGracePeriodSecondsTerminationGracePeriodSeconds period for container graceful terminationintegerfalse
tolerationsTolerations If specified, the pod’s tolerations.Toleration arrayfalse
topologySpreadConstraintsTopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
TopologySpreadConstraint arrayfalse
useDefaultResourcesUseDefaultResources controls resource settings
By default, operator sets built-in resource requirements
booleanfalse
useStrictSecurityUseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions
booleanfalse
vmBackupVMBackup configuration for backupVMBackupfalse
vmInsertPortVMInsertPort for VMInsert connectionsstringfalse
vmSelectPortVMSelectPort for VMSelect connectionsstringfalse
volumeMountsVolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container
VolumeMount arrayfalse
volumesVolumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional
Volume arraytrue

VMUser #

VMUser is the Schema for the vmusers API

FieldDescriptionSchemeRequired
apiVersion stringoperator.victoriametrics.com/v1beta1
kind stringVMUser
metadataRefer to Kubernetes API documentation for fields of metadata.ObjectMetatrue
specVMUserSpectrue

VMUserConfigOptions #

VMUserConfigOptions defines configuration options for VMUser object

Appears in:

FieldDescriptionSchemeRequired
default_urlDefaultURLs backend url for non-matching paths filter
usually used for default backend with error message
string arraytrue
discover_backend_ipsDiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.booleantrue
drop_src_path_prefix_partsDropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
integerfalse
headersHeaders represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
string arrayfalse
ip_filtersIPFilters defines per target src ip filters
supported only with enterprise version of vmauth
VMUserIPFiltersfalse
load_balancing_policyLoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
stringfalse
max_concurrent_requestsMaxConcurrentRequests defines max concurrent requests per user
300 is default value for vmauth
integerfalse
response_headersResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
string arrayfalse
retry_status_codesRetryStatusCodes defines http status codes in numeric format for request retries
e.g. [429,503]
integer arrayfalse
tlsConfigTLSConfig defines tls configuration for the backend connectionTLSConfigfalse

VMUserIPFilters #

VMUserIPFilters defines filters for IP addresses supported only with enterprise version of vmauth

Appears in:

FieldDescriptionSchemeRequired
allow_liststring arraytrue
deny_liststring arraytrue

VMUserSpec #

VMUserSpec defines the desired state of VMUser

Appears in:

FieldDescriptionSchemeRequired
bearerTokenBearerToken Authorization header value for accessing protected endpoint.stringfalse
default_urlDefaultURLs backend url for non-matching paths filter
usually used for default backend with error message
string arraytrue
disable_secret_creationDisableSecretCreation skips related secret creation for vmuserbooleantrue
discover_backend_ipsDiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.booleantrue
drop_src_path_prefix_partsDropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend.
See here for more details.
integerfalse
generatePasswordGeneratePassword instructs operator to generate password for user
if spec.password if empty.
booleanfalse
headersHeaders represent additional http headers, that vmauth uses
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.68.0 version of vmauth
string arrayfalse
ip_filtersIPFilters defines per target src ip filters
supported only with enterprise version of vmauth
VMUserIPFiltersfalse
load_balancing_policyLoadBalancingPolicy defines load balancing policy to use for backend urls.
Supported policies: least_loaded, first_available.
See here for more details (default “least_loaded”)
stringfalse
max_concurrent_requestsMaxConcurrentRequests defines max concurrent requests per user
300 is default value for vmauth
integerfalse
metric_labelsMetricLabels - additional labels for metrics exported by vmauth for given user.object (keys:string, values:string)false
nameName of the VMUser object.stringfalse
passwordPassword basic auth password for accessing protected endpoint.stringfalse
passwordRefPasswordRef allows fetching password from user-create secret by its name and key.SecretKeySelectorfalse
response_headersResponseHeaders represent additional http headers, that vmauth adds for request response
in form of [“header_key: header_value”]
multiple values for header key:
[“header_key: value1,value2”]
it’s available since 1.93.0 version of vmauth
string arrayfalse
retry_status_codesRetryStatusCodes defines http status codes in numeric format for request retries
e.g. [429,503]
integer arrayfalse
targetRefsTargetRefs - reference to endpoints, which user may access.TargetRef arraytrue
tlsConfigTLSConfig defines tls configuration for the backend connectionTLSConfigfalse
tokenRefTokenRef allows fetching token from user-created secrets by its name and key.SecretKeySelectorfalse
usernameUserName basic auth user name for accessing protected endpoint,
will be replaced with metadata.name of VMUser if omitted.
stringfalse

VictorOpsConfig #

VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config

Appears in:

FieldDescriptionSchemeRequired
api_keyThe secret’s key that contains the API key to use when talking to the VictorOps API.
It must be at them same namespace as CRD
fallback to global setting if empty
SecretKeySelectorfalse
api_urlThe VictorOps API URL.stringfalse
custom_fieldsAdds optional custom fields
https://github.com/prometheus/alertmanager/blob/v0.24.0/config/notifiers.go#L537
object (keys:string, values:string)false
entity_display_nameContains summary of the alerted problem.stringfalse
http_configThe HTTP client’s configuration.HTTPConfigfalse
message_typeDescribes the behavior of the alert (CRITICAL, WARNING, INFO).stringfalse
monitoring_toolThe monitoring tool the state message is from.stringfalse
routing_keyA key used to map the alert to a team.stringtrue
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
state_messageContains long explanation of the alerted problem.stringfalse

WeChatConfig #

WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config

Appears in:

FieldDescriptionSchemeRequired
agent_idstringfalse
api_secretThe secret’s key that contains the WeChat API key.
The secret needs to be in the same namespace as the AlertmanagerConfig
fallback to global alertmanager setting if empty
SecretKeySelectorfalse
api_urlThe WeChat API URL.
fallback to global alertmanager setting if empty
stringfalse
corp_idThe corp id for authentication.
fallback to global alertmanager setting if empty
stringfalse
http_configHTTP client configuration.HTTPConfigfalse
messageAPI request data as defined by the WeChat API.stringtrue
message_typestringfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
to_partystringfalse
to_tagstringfalse
to_userstringfalse

WebexConfig #

Appears in:

FieldDescriptionSchemeRequired
api_urlThe Webex Teams API URL, i.e. https://webexapis.com/v1/messagesstringfalse
http_configHTTP client configuration. You must use this configuration to supply the bot token as part of the HTTP Authorization header.HTTPConfigfalse
messageThe message body templatestringfalse
room_idThe ID of the Webex Teams room where to send the messagesstringtrue
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse

WebhookConfig #

WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config

Appears in:

FieldDescriptionSchemeRequired
http_configHTTP client configuration.HTTPConfigfalse
max_alertsMaximum number of alerts to be sent per webhook message. When 0, all alerts are included.integerfalse
send_resolvedSendResolved controls notify about resolved alerts.booleanfalse
urlURL to send requests to,
one of urlSecret and url must be defined.
stringfalse
url_secretURLSecret defines secret name and key at the CRD namespace.
It must contain the webhook URL.
one of urlSecret and url must be defined.
SecretKeySelectorfalse