API Docs

This Document documents the types introduced by the VictoriaMetrics to be consumed by users.

Note this document is generated from code comments. When contributing a change to this document please do so by changing the code comments.

Table of Contents#

VMAlertmanager#

VMAlertmanager represents Victoria-Metrics deployment for Alertmanager.

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec Specification of the desired behavior of the VMAlertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status VMAlertmanagerSpec true
status Most recent observed status of the VMAlertmanager cluster. Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status VMAlertmanagerStatus false

Back to TOC

VMAlertmanagerList#

VMAlertmanagerList is a list of Alertmanagers.

Field Description Scheme Required
metadata Standard list metadata More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta false
items List of Alertmanagers []VMAlertmanager true

Back to TOC

VMAlertmanagerSpec#

VMAlertmanagerSpec is a specification of the desired behavior of the VMAlertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Field Description Scheme Required
podMetadata PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. *EmbeddedObjectMetadata false
image Image - docker image settings for VMAlertmanager if no specified operator uses default config version Image false
imagePullSecrets ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod []v1.LocalObjectReference false
secrets Secrets is a list of Secrets in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name> []string false
configMaps ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. []string false
templates Templates is a list of ConfigMap key references for ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Templates are mounted into /etc/vm/templates/<configmap-name>/<configmap-key>. []ConfigMapKeyReference false
configRawYaml ConfigRawYaml - raw configuration for alertmanager, it helps it to start without secret. priority -> hardcoded ConfigRaw -> ConfigRaw, provided by user -> ConfigSecret. string false
configSecret ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAlertmanager object, which contains configuration for this VMAlertmanager, configuration must be inside secret key: alertmanager.yaml. It must be created by user. instance. Defaults to 'vmalertmanager-<alertmanager-name>' The secret is mounted into /etc/alertmanager/config. string false
logLevel Log level for VMAlertmanager to be configured with. string false
logFormat LogFormat for VMAlertmanager to be configured with. string false
minReadySeconds MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state int32 false
replicaCount ReplicaCount Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected *int32 false
revisionHistoryLimitCount The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. *int32 false
retention Retention Time duration VMAlertmanager shall retain data for. Default is '120h', and must match the regular expression [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours). string false
storage Storage is the definition of how storage will be used by the VMAlertmanager instances. *StorageSpec false
volumes Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. []v1.Volume false
volumeMounts VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. []v1.VolumeMount false
externalURL ExternalURL the VMAlertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if VMAlertmanager is not served from root of a DNS name. string false
routePrefix RoutePrefix VMAlertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with kubectl proxy. string false
paused Paused If set to true all actions on the underlaying managed objects are not goint to be performed, except for delete actions. bool false
nodeSelector NodeSelector Define which Nodes the Pods are scheduled on. map[string]string false
resources Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ v1.ResourceRequirements false
affinity Affinity If specified, the pod's scheduling constraints. *v1.Affinity false
tolerations Tolerations If specified, the pod's tolerations. []v1.Toleration false
securityContext SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. *v1.PodSecurityContext false
serviceAccountName ServiceAccountName is the name of the ServiceAccount to use string false
schedulerName SchedulerName - defines kubernetes scheduler name string false
runtimeClassName RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ *string false
podSecurityPolicyName PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. string false
listenLocal ListenLocal makes the VMAlertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the VMAlertmanager UI, not the gossip communication. bool false
containers Containers allows injecting additional containers or patching existing containers. This is meant to allow adding an authentication proxy to an VMAlertmanager pod. []v1.Container false
initContainers InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. []v1.Container false
priorityClassName PriorityClassName class assigned to the Pods string false
hostNetwork HostNetwork controls whether the pod may use the node network namespace bool false
dnsPolicy DNSPolicy sets DNS policy for the pod v1.DNSPolicy false
dnsConfig Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. *v1.PodDNSConfig false
topologySpreadConstraints TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ []v1.TopologySpreadConstraint false
additionalPeers AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. []string false
clusterAdvertiseAddress ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 string false
portName PortName used for the pods and governing service. This defaults to web string false
serviceSpec ServiceSpec that will be added to vmalertmanager service spec *AdditionalServiceSpec false
serviceScrapeSpec ServiceScrapeSpec that will be added to vmalertmanager VMServiceScrape spec *VMServiceScrapeSpec false
podDisruptionBudget PodDisruptionBudget created by operator *EmbeddedPodDisruptionBudgetSpec false
livenessProbe LivenessProbe that will be added CRD pod *v1.Probe false
readinessProbe ReadinessProbe that will be added CRD pod *v1.Probe false
startupProbe StartupProbe that will be added to CRD pod *v1.Probe false
selectAllByDefault SelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector. with selectAllByDefault: true and undefined ConfigSelector and ConfigNamespaceSelector Operator selects all exist alertManagerConfigs with selectAllByDefault: false - selects nothing bool false
configSelector ConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
configNamespaceSelector \n ConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig.\nWorks in combination with Selector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
extraArgs ExtraArgs that will be passed to VMAlertmanager pod for example log.level: debug map[string]string false
extraEnvs ExtraEnvs that will be added to VMAlertmanager pod []v1.EnvVar false
disableNamespaceMatcher DisableNamespaceMatcher disables namespace label matcher for VMAlertmanagerConfig It may be useful if alert doesn't have namespace label for some reason bool false
disableRouteContinueEnforce DisableRouteContinueEnforce cancel the behavior for VMAlertmanagerConfig that always enforce first-level route continue to true bool false
rollingUpdateStrategy RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate appsv1.StatefulSetUpdateStrategyType false
terminationGracePeriodSeconds TerminationGracePeriodSeconds period for container graceful termination *int64 false
readinessGates ReadinessGates defines pod readiness gates []v1.PodReadinessGate false
claimTemplates ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet []v1.PersistentVolumeClaim false
useStrictSecurity UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions *bool false

Back to TOC

VMAlertmanagerStatus#

VMAlertmanagerStatus is the most recent observed status of the VMAlertmanager cluster Operator API itself. More info:

Field Description Scheme Required
updateStatus Status defines a status of object update UpdateStatus false
reason Reason has non empty reason for update failure string false

Back to TOC

DiscordConfig#

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
webhook_url The discord webhook URL one of urlSecret and url must be defined. *string false
webhook_url_secret URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of urlSecret and url must be defined. *v1.SecretKeySelector false
title The message title template string false
message The message body template string false
http_config HTTP client configuration. *HTTPConfig false

Back to TOC

EmailConfig#

EmailConfig configures notifications via Email.

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
to The email address to send notifications to. string false
from The sender address. string false
hello The hostname to identify to the SMTP server. string false
smarthost The SMTP host through which emails are sent. string false
auth_username The username to use for authentication. string false
auth_password AuthPassword defines secret name and key at CRD namespace. *v1.SecretKeySelector false
auth_secret AuthSecret defines secrent name and key at CRD namespace. It must contain the CRAM-MD5 secret. *v1.SecretKeySelector false
auth_identity The identity to use for authentication. string false
headers Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. EmailConfigHeaders false
html The HTML body of the email notification. string false
text The text body of the email notification. string false
require_tls The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. *bool false
tls_config TLS configuration *TLSConfig false

Back to TOC

HTTPConfig#

HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config

Field Description Scheme Required
basic_auth BasicAuth for the client. *BasicAuth false
bearer_token_secret The secret's key that contains the bearer token It must be at them same namespace as CRD *v1.SecretKeySelector false
bearer_token_file BearerTokenFile defines filename for bearer token, it must be mounted to pod. string false
tls_config TLS configuration for the client. *TLSConfig false
proxyURL Optional proxy URL. string false

Back to TOC

ImageConfig#

ImageConfig is used to attach images to the incident. See https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event#the-images-property for more information.

Field Description Scheme Required
href string false
source string true
alt string false

Back to TOC

InhibitRule#

InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. Note, it doesn’t support deprecated alertmanager config options. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule

Field Description Scheme Required
target_matchers TargetMatchers defines a list of matchers that have to be fulfilled by the target alerts to be muted. []string false
source_matchers SourceMatchers defines a list of matchers for which one or more alerts have to exist for the inhibition to take effect. []string false
equal Labels that must have an equal value in the source and target alert for the inhibition to take effect. []string false

Back to TOC

LinkConfig#

LinkConfig is used to attach text links to the incident. See https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event#the-links-property for more information.

Field Description Scheme Required
href string true
text string false

Back to TOC

MSTeamsConfig#

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
webhook_url The incoming webhook URL one of urlSecret and url must be defined. *string false
webhook_url_secret URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of urlSecret and url must be defined. *v1.SecretKeySelector false
title The title of the teams notification. string false
text The text body of the teams notification. string false
http_config HTTP client configuration. *HTTPConfig false

Back to TOC

MuteTimeInterval#

MuteTimeInterval for alerts

Field Description Scheme Required
name Name of interval string false
time_intervals TimeIntervals interval configuration []TimeInterval true

Back to TOC

OpsGenieConfig#

OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
api_key The secret's key that contains the OpsGenie API key. It must be at them same namespace as CRD *v1.SecretKeySelector false
apiURL The URL to send OpsGenie API requests to. string false
message Alert text limited to 130 characters. string false
description Description of the incident. string false
source Backlink to the sender of the notification. string false
tags Comma separated list of tags attached to the notifications. string false
note Additional alert note. string false
priority Priority level of alert. Possible values are P1, P2, P3, P4, and P5. string false
details A set of arbitrary key/value pairs that provide further detail about the incident. map[string]string false
responders List of responders responsible for notifications. []OpsGenieConfigResponder false
entity Optional field that can be used to specify which domain alert is related to. string false
actions Comma separated list of actions that will be available for the alert. string false
update_alerts Whether to update message and description of the alert in OpsGenie if it already exists By default, the alert is never updated in OpsGenie, the new message only appears in activity log. bool false
http_config HTTP client configuration. *HTTPConfig false

Back to TOC

OpsGenieConfigResponder#

OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined.

Field Description Scheme Required
id ID of the responder. string false
name Name of the responder. string false
username Username of the responder. string false
type Type of responder. string true

Back to TOC

PagerDutyConfig#

PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
routing_key The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or serviceKey needs to be defined. It must be at them same namespace as CRD *v1.SecretKeySelector false
service_key The secret's key that contains the PagerDuty service key (when using integration type &#34;Prometheus&#34;). Either this field or routingKey needs to be defined. It must be at them same namespace as CRD *v1.SecretKeySelector false
url The URL to send requests to. string false
client Client identification. string false
client_url Backlink to the sender of notification. string false
images Images to attach to the incident. []ImageConfig false
links Links to attach to the incident. []LinkConfig false
description Description of the incident. string false
severity Severity of the incident. string false
class The class/type of the event. string false
group A cluster or grouping of sources. string false
component The part or component of the affected system that is broken. string false
details Arbitrary key/value pairs that provide further detail about the incident. PagerDutyDetails false
http_config HTTP client configuration. *HTTPConfig false

Back to TOC

PushoverConfig#

PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
user_key The secret's key that contains the recipient user’s user key. It must be at them same namespace as CRD *v1.SecretKeySelector false
token The secret's key that contains the registered application’s API token, see https://pushover.net/apps. It must be at them same namespace as CRD *v1.SecretKeySelector false
title Notification title. string false
message Notification message. string false
url A supplementary URL shown alongside the message. string false
url_title A title for supplementary URL, otherwise just the URL is shown string false
sound The name of one of the sounds supported by device clients to override the user's default sound choice string false
priority Priority, see https://pushover.net/api#priority string false
retry How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. string false
expire How long your notification will continue to be retried for, unless the user acknowledges the notification. string false
html Whether notification message is HTML or plain text. bool false
http_config HTTP client configuration. *HTTPConfig false

Back to TOC

Receiver#

Receiver defines one or more notification integrations.

Field Description Scheme Required
name Name of the receiver. Must be unique across all items from the list. string true
email_configs EmailConfigs defines email notification configurations. []EmailConfig false
pagerduty_configs PagerDutyConfigs defines pager duty notification configurations. []PagerDutyConfig false
pushover_configs PushoverConfigs defines push over notification configurations. []PushoverConfig false
slack_configs SlackConfigs defines slack notification configurations. []SlackConfig false
opsgenie_configs OpsGenieConfigs defines ops genie notification configurations. []OpsGenieConfig false
webhook_configs WebhookConfigs defines webhook notification configurations. []WebhookConfig false
victorops_configs VictorOpsConfigs defines victor ops notification configurations. []VictorOpsConfig false
wechat_configs WeChatConfigs defines wechat notification configurations. []WeChatConfig false
telegram_configs []TelegramConfig false
msteams_configs []MSTeamsConfig false
discord_configs []DiscordConfig false
sns_configs []SnsConfig false
webex_configs []WebexConfig false

Back to TOC

Route#

Route defines a node in the routing tree.

Field Description Scheme Required
receiver Name of the receiver for this route. string true
group_by List of labels to group by. []string false
group_wait How long to wait before sending the initial notification. string false
group_interval How long to wait before sending an updated notification. string false
repeat_interval How long to wait before repeating the last notification. string false
matchers List of matchers that the alert’s labels should match. For the first level route, the operator adds a namespace: &#34;CRD_NS&#34; matcher. https://prometheus.io/docs/alerting/latest/configuration/#matcher []string false
continue Continue indicating whether an alert should continue matching subsequent sibling nodes. It will always be true for the first-level route if disableRouteContinueEnforce for vmalertmanager not set. bool false
routes Child routes. https://prometheus.io/docs/alerting/latest/configuration/#route []apiextensionsv1.JSON false
mute_time_intervals MuteTimeIntervals for alerts []string false
active_time_intervals ActiveTimeIntervals Times when the route should be active These must match the name at time_intervals []string false

Back to TOC

Sigv4Config#

Field Description Scheme Required
region AWS region, if blank the region from the default credentials chain is used string false
access_key The AWS API keys. Both access_key and secret_key must be supplied or both must be blank. If blank the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are used. string true
access_key_selector secret key selector to get the keys from a Kubernetes Secret *v1.SecretKeySelector true
secret_key_selector secret key selector to get the keys from a Kubernetes Secret *v1.SecretKeySelector false
profile Named AWS profile used to authenticate string false
role_arn AWS Role ARN, an alternative to using AWS API keys string false

Back to TOC

SlackAction#

SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.

Field Description Scheme Required
type string true
text string true
url string false
style string false
name string false
value string false
confirm *SlackConfirmationField false

Back to TOC

SlackConfig#

SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
api_url The secret's key that contains the Slack webhook URL. It must be at them same namespace as CRD *v1.SecretKeySelector false
channel The channel or user to send notifications to. string false
username string false
color string false
title string false
title_link string false
pretext string false
text string false
fields A list of Slack fields that are sent with each notification. []SlackField false
short_fields bool false
footer string false
fallback string false
callback_id string false
icon_emoji string false
icon_url string false
image_url string false
thumb_url string false
link_names bool false
mrkdwn_in []string false
actions A list of Slack actions that are sent with each notification. []SlackAction false
http_config HTTP client configuration. *HTTPConfig false

Back to TOC

SlackConfirmationField#

SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.

Field Description Scheme Required
text string true
title string false
ok_text string false
dismiss_text string false

Back to TOC

SlackField#

SlackField configures a single Slack field that is sent with each notification. See https://api.slack.com/docs/message-attachments#fields for more information.

Field Description Scheme Required
title string true
value string true
short *bool false

Back to TOC

SnsConfig#

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
api_url The api URL string false
sigv4 Configure the AWS Signature Verification 4 signing process *Sigv4Config false
topic_arn SNS topic ARN, either specify this, phone_number or target_arn string false
subject The subject line if message is delivered to an email endpoint. string false
phone_number Phone number if message is delivered via SMS Specify this, topic_arn or target_arn string false
target_arn Mobile platform endpoint ARN if message is delivered via mobile notifications Specify this, topic_arn or phone_number string false
message The message content of the SNS notification. string false
attributes SNS message attributes map[string]string false
http_config HTTP client configuration. *HTTPConfig false

Back to TOC

TelegramConfig#

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
api_url APIUrl the Telegram API URL i.e. https://api.telegram.org. string false
bot_token BotToken token for the bot https://core.telegram.org/bots/api *v1.SecretKeySelector true
chat_id ChatID is ID of the chat where to send the messages. int true
message Message is templated message string false
disable_notifications DisableNotifications *bool false
parse_mode ParseMode for telegram message, supported values are MarkdownV2, Markdown, Markdown and empty string for plain text. string false
http_config HTTP client configuration. *HTTPConfig false

Back to TOC

TimeInterval#

TimeInterval defines intervals of time

Field Description Scheme Required
times Times defines time range for mute []TimeRange false
weekdays Weekdays defines list of days of the week, where the week begins on Sunday and ends on Saturday. []string false
days_of_month DayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted. for example, ['1:5', '-3:-1'] []string false
months Months defines list of calendar months identified by a case-insentive name (e.g. ‘January’) or numeric 1. For example, ['1:3', 'may:august', 'december'] []string false
years Years defines numerical list of years, ranges are accepted. For example, ['2020:2022', '2030'] []string false
location Location in golang time location form, e.g. UTC string false

Back to TOC

TimeRange#

TimeRange ranges inclusive of the starting time and exclusive of the end time

Field Description Scheme Required
start_time StartTime for example HH:MM string true
end_time EndTime for example HH:MM string true

Back to TOC

VMAlertmanagerConfig#

VMAlertmanagerConfig is the Schema for the vmalertmanagerconfigs API

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMAlertmanagerConfigSpec false
status VMAlertmanagerConfigStatus false

Back to TOC

VMAlertmanagerConfigList#

VMAlertmanagerConfigList contains a list of VMAlertmanagerConfig

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMAlertmanagerConfig true

Back to TOC

VMAlertmanagerConfigSpec#

VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig

Field Description Scheme Required
route Route definition for alertmanager, may include nested routes. *Route true
receivers Receivers defines alert receivers. without defined Route, receivers will be skipped. []Receiver true
inhibit_rules InhibitRules will only apply for alerts matching the resource's namespace. []InhibitRule false
mute_time_intervals MuteTimeInterval - global mute time See https://prometheus.io/docs/alerting/latest/configuration/#mute_time_interval []MuteTimeInterval false
time_intervals ParsingError contents error with context if operator was failed to parse json object from kubernetes api server TimeIntervals modern config option, use it instead of mute_time_intervals []MuteTimeInterval false

Back to TOC

VMAlertmanagerConfigStatus#

VMAlertmanagerConfigStatus defines the observed state of VMAlertmanagerConfig

Field Description Scheme Required
reason ErrorReason describes validation or any other errors. string false

Back to TOC

VictorOpsConfig#

VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
api_key The secret's key that contains the API key to use when talking to the VictorOps API. It must be at them same namespace as CRD *v1.SecretKeySelector false
api_url The VictorOps API URL. string false
routing_key A key used to map the alert to a team. string true
message_type Describes the behavior of the alert (CRITICAL, WARNING, INFO). string false
entity_display_name Contains summary of the alerted problem. string false
state_message Contains long explanation of the alerted problem. string false
monitoring_tool The monitoring tool the state message is from. string false
http_config The HTTP client's configuration. *HTTPConfig false
custom_fields Adds optional custom fields https://github.com/prometheus/alertmanager/blob/v0.24.0/config/notifiers.go#L537 map[string]string false

Back to TOC

WeChatConfig#

WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
api_secret The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. *v1.SecretKeySelector false
api_url The WeChat API URL. string false
corp_id The corp id for authentication. string false
agent_id string false
to_user string false
to_party string false
to_tag string false
message API request data as defined by the WeChat API. string false
message_type string false
http_config HTTP client configuration. *HTTPConfig false

Back to TOC

WebexConfig#

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
api_url The Webex Teams API URL, i.e. https://webexapis.com/v1/messages *string false
room_id The ID of the Webex Teams room where to send the messages string false
message The message body template string false
http_config HTTP client configuration. You must use this configuration to supply the bot token as part of the HTTP Authorization header. *HTTPConfig false

Back to TOC

WebhookConfig#

WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config

Field Description Scheme Required
send_resolved SendResolved controls notify about resolved alerts. *bool false
url URL to send requests to, one of urlSecret and url must be defined. *string false
url_secret URLSecret defines secret name and key at the CRD namespace. It must contain the webhook URL. one of urlSecret and url must be defined. *v1.SecretKeySelector false
http_config HTTP client configuration. *HTTPConfig false
max_alerts Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. int32 false

Back to TOC

VMAgent#

VMAgent - is a tiny but brave agent, which helps you collect metrics from various sources and stores them in VictoriaMetrics or any other Prometheus-compatible storage system that supports the remote_write protocol.

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMAgentSpec false
status VMAgentStatus false

Back to TOC

VMAgentList#

VMAgentList contains a list of VMAgent

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMAgent true

Back to TOC

VMAgentRemoteWriteSettings#

VMAgentRemoteWriteSettings - defines global settings for all remoteWrite urls.

Field Description Scheme Required
maxBlockSize The maximum size in bytes of unpacked request to send to remote storage *int32 false
maxDiskUsagePerURL The maximum file-based buffer size in bytes at -remoteWrite.tmpDataPath *int64 false
queues The number of concurrent queues *int32 false
showURL Whether to show -remoteWrite.url in the exported metrics. It is hidden by default, since it can contain sensitive auth info *bool false
tmpDataPath Path to directory where temporary data for remote write component is stored (default vmagent-remotewrite-data) *string false
flushInterval Interval for flushing the data to remote storage. (default 1s) *string false
label Labels in the form 'name=value' to add to all the metrics before sending them. This overrides the label if it already exists. map[string]string false
useMultiTenantMode Configures vmagent in multi-tenant mode with direct cluster support docs https://docs.victoriametrics.com/vmagent.html#multitenancy it's global setting and affects all remote storage configurations bool false

Back to TOC

VMAgentRemoteWriteSpec#

VMAgentRemoteWriteSpec defines the remote storage configuration for VmAgent

Field Description Scheme Required
url URL of the endpoint to send samples to. string true
basicAuth BasicAuth allow an endpoint to authenticate over basic authentication *BasicAuth false
bearerTokenSecret Optional bearer auth token to use for -remoteWrite.url *v1.SecretKeySelector false
urlRelabelConfig ConfigMap with relabeling config which is applied to metrics before sending them to the corresponding -remoteWrite.url *v1.ConfigMapKeySelector false
inlineUrlRelabelConfig InlineUrlRelabelConfig defines relabeling config for remoteWriteURL, it can be defined at crd spec. []RelabelConfig false
oauth2 OAuth2 defines auth configuration *OAuth2 false
tlsConfig TLSConfig describes tls configuration for remote write target *TLSConfig false
sendTimeout Timeout for sending a single block of data to -remoteWrite.url (default 1m0s) *string false
headers Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName: headerValue vmagent supports since 1.79.0 version []string false
streamAggrConfig StreamAggrConfig defines stream aggregation configuration for VMAgent for -remoteWrite.url *StreamAggrConfig false

Back to TOC

VMAgentSpec#

VMAgentSpec defines the desired state of VMAgent

Field Description Scheme Required
podMetadata PodMetadata configures Labels and Annotations which are propagated to the vmagent pods. *EmbeddedObjectMetadata false
image Image - docker image settings for VMAgent if no specified operator uses default config version Image false
imagePullSecrets ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod []v1.LocalObjectReference false
secrets Secrets is a list of Secrets in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/secrets []string false
configMaps ConfigMaps is a list of ConfigMaps in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/configs []string false
logLevel LogLevel for VMAgent to be configured with. INFO, WARN, ERROR, FATAL, PANIC string false
logFormat LogFormat for VMAgent to be configured with. string false
minReadySeconds MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state int32 false
replicaCount ReplicaCount is the expected size of the VMAgent cluster. The controller will eventually make the size of the running cluster equal to the expected size. NOTE enable VMSingle deduplication for replica usage *int32 false
revisionHistoryLimitCount The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. *int32 false
volumes Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. []v1.Volume false
volumeMounts VolumeMounts allows configuration of additional VolumeMounts on the output deploy definition. VolumeMounts specified will be appended to other VolumeMounts in the vmagent container, that are generated as a result of StorageSpec objects. []v1.VolumeMount false
resources Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not specified - default setting will be used v1.ResourceRequirements false
affinity Affinity If specified, the pod's scheduling constraints. *v1.Affinity false
tolerations Tolerations If specified, the pod's tolerations. []v1.Toleration false
securityContext SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. *v1.PodSecurityContext false
serviceAccountName ServiceAccountName is the name of the ServiceAccount to use to run the VMAgent Pods. string false
schedulerName SchedulerName - defines kubernetes scheduler name string false
runtimeClassName RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ *string false
host_aliases HostAliases provides mapping between ip and hostnames, that would be propagated to pod, cannot be used with HostNetwork. []v1.HostAlias false
podSecurityPolicyName PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. string false
containers Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. []v1.Container false
initContainers InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmagent configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. []v1.Container false
priorityClassName PriorityClassName assigned to the Pods string false
hostNetwork HostNetwork controls whether the pod may use the node network namespace bool false
dnsPolicy DNSPolicy set DNS policy for the pod v1.DNSPolicy false
topologySpreadConstraints TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ []v1.TopologySpreadConstraint false
scrapeInterval ScrapeInterval defines how often scrape targets by default string false
scrapeTimeout ScrapeTimeout defines global timeout for targets scrape string false
aPIServerConfig APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, VMAgent is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. *APIServerConfig false
overrideHonorLabels OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceScrape or PodScrape to true, this overrides honor_labels to false. bool false
overrideHonorTimestamps OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. bool false
ignoreNamespaceSelectors IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podscrape and vmservicescrape configs, and they will only discover endpoints within their current namespace. Defaults to false. bool false
enforcedNamespaceLabel EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. string false
vmAgentExternalLabelName VMAgentExternalLabelName Name of vmAgent external label used to denote vmAgent instance name. Defaults to the value of prometheus. External label will not be added when value is set to empty string (\&#34;\&#34;). *string false
externalLabels ExternalLabels The labels to add to any time series scraped by vmagent. it doesn't affect metrics ingested directly by push API's map[string]string false
remoteWrite RemoteWrite list of victoria metrics /some other remote write system for vm it must looks like: http://victoria-metrics-single:8429/api/v1/write or for cluster different url https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent#splitting-data-streams-among-multiple-systems []VMAgentRemoteWriteSpec true
remoteWriteSettings RemoteWriteSettings defines global settings for all remoteWrite urls. *VMAgentRemoteWriteSettings false
relabelConfig RelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig This relabeling is applied to all the collected metrics before sending them to remote storage. *v1.ConfigMapKeySelector false
inlineRelabelConfig InlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD. []RelabelConfig false
selectAllByDefault SelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector. with selectAllByDefault: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing bool false
serviceScrapeSelector ServiceScrapeSelector defines ServiceScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
serviceScrapeNamespaceSelector ServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
podScrapeSelector PodScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
podScrapeNamespaceSelector PodScrapeNamespaceSelector defines Namespaces to be selected for VMPodScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
probeSelector ProbeSelector defines VMProbe to be selected for target probing. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
probeNamespaceSelector ProbeNamespaceSelector defines Namespaces to be selected for VMProbe discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
nodeScrapeSelector NodeScrapeSelector defines VMNodeScrape to be selected for scraping. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
nodeScrapeNamespaceSelector NodeScrapeNamespaceSelector defines Namespaces to be selected for VMNodeScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
staticScrapeSelector StaticScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. If both nil - match everything. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. *metav1.LabelSelector false
staticScrapeNamespaceSelector StaticScrapeNamespaceSelector defines Namespaces to be selected for VMStaticScrape discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
inlineScrapeConfig InlineScrapeConfig As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. it should be defined as single yaml file. inlineScrapeConfig: |\n - job_name: &#34;prometheus&#34;\n static_configs:\n - targets: [&#34;localhost:9090&#34;] string false
additionalScrapeConfigs AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. *v1.SecretKeySelector false
arbitraryFSAccessThroughSMs ArbitraryFSAccessThroughSMs configures whether configuration based on a service scrape can access arbitrary files on the file system of the VMAgent container e.g. bearer token files. ArbitraryFSAccessThroughSMsConfig false
insertPorts InsertPorts - additional listen ports for data ingestion. *InsertPorts false
port Port listen address string false
extraArgs ExtraArgs that will be passed to VMAgent pod for example remoteWrite.tmpDataPath: /tmp it would be converted to flag –remoteWrite.tmpDataPath=/tmp map[string]string false
extraEnvs ExtraEnvs that will be added to VMAgent pod []v1.EnvVar false
serviceSpec ServiceSpec that will be added to vmagent service spec *AdditionalServiceSpec false
serviceScrapeSpec ServiceScrapeSpec that will be added to vmagent VMServiceScrape spec *VMServiceScrapeSpec false
shardCount ShardCount - numbers of shards of VMAgent in this case operator will use 1 deployment/sts per shard with replicas count according to spec.replicas, see https://docs.victoriametrics.com/vmagent.html#scraping-big-number-of-targets *int false
updateStrategy UpdateStrategy - overrides default update strategy. works only for deployments, statefulset always use OnDelete. *appsv1.DeploymentStrategyType false
rollingUpdate RollingUpdate - overrides deployment update params. *appsv1.RollingUpdateDeployment false
podDisruptionBudget PodDisruptionBudget created by operator *EmbeddedPodDisruptionBudgetSpec false
livenessProbe LivenessProbe that will be added CRD pod *v1.Probe false
readinessProbe ReadinessProbe that will be added CRD pod *v1.Probe false
startupProbe StartupProbe that will be added to CRD pod *v1.Probe false
nodeSelector NodeSelector Define which Nodes the Pods are scheduled on. map[string]string false
serviceScrapeRelabelTemplate ServiceScrapeRelabelTemplate defines relabel config, that will be added to each VMServiceScrape. it's useful for adding specific labels to all targets []*RelabelConfig false
podScrapeRelabelTemplate PodScrapeRelabelTemplate defines relabel config, that will be added to each VMPodScrape. it's useful for adding specific labels to all targets []*RelabelConfig false
nodeScrapeRelabelTemplate NodeScrapeRelabelTemplate defines relabel config, that will be added to each VMNodeScrape. it's useful for adding specific labels to all targets []*RelabelConfig false
staticScrapeRelabelTemplate StaticScrapeRelabelTemplate defines relabel config, that will be added to each VMStaticScrape. it's useful for adding specific labels to all targets []*RelabelConfig false
probeScrapeRelabelTemplate ProbeScrapeRelabelTemplate defines relabel config, that will be added to each VMProbeScrape. it's useful for adding specific labels to all targets []*RelabelConfig false
minScrapeInterval MinScrapeInterval allows limiting minimal scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is lower than defined limit, minScrapeInterval will be used. *string false
maxScrapeInterval MaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is higher than defined limit, maxScrapeInterval will be used. *string false
terminationGracePeriodSeconds TerminationGracePeriodSeconds period for container graceful termination *int64 false
dnsConfig Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. *v1.PodDNSConfig false
statefulMode StatefulMode enables StatefulSet for VMAgent instead of Deployment it allows using persistent storage for vmagent's persistentQueue bool false
statefulStorage StatefulStorage configures storage for StatefulSet *StorageSpec false
statefulRollingUpdateStrategy StatefulRollingUpdateStrategy allows configuration for strategyType set it to RollingUpdate for disabling operator statefulSet rollingUpdate appsv1.StatefulSetUpdateStrategyType false
readinessGates ReadinessGates defines pod readiness gates []v1.PodReadinessGate false
claimTemplates ClaimTemplates allows adding additional VolumeClaimTemplates for VMAgent in StatefulMode []v1.PersistentVolumeClaim false
useStrictSecurity UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions *bool false
license License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html *License false

Back to TOC

VMAgentStatus#

VMAgentStatus defines the observed state of VMAgent

Field Description Scheme Required
shards Shards represents total number of vmagent deployments with uniq scrape targets int32 false
selector Selector string form of label value set for autoscaling string false
replicas ReplicaCount Total number of pods targeted by this VMAgent int32 false
updatedReplicas UpdatedReplicas Total number of non-terminated pods targeted by this VMAgent cluster that have the desired version spec. int32 false
availableReplicas AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMAlert cluster. int32 false
unavailableReplicas UnavailableReplicas Total number of unavailable pods targeted by this VMAgent cluster. int32 false
updateStatus UpdateStatus defines a status for update rollout, effective only for statefuleMode UpdateStatus false
reason Reason defines fail reason for update process, effective only for statefuleMode string false

Back to TOC

AdditionalServiceSpec#

ServiceSpec defines additional service for CRD with user-defined params. by default, some of fields can be inherited from default service definition for the CRD: labels,selector, ports. if metadata.name is not defined, service will have format {{CRD_TYPE}}-{{CRD_NAME}}-additional-service.

Field Description Scheme Required
metadata EmbeddedObjectMetadata defines objectMeta for additional service. EmbeddedObjectMetadata false
spec ServiceSpec describes the attributes that a user creates on a service. More info: https://kubernetes.io/docs/concepts/services-networking/service/ v1.ServiceSpec true

Back to TOC

BasicAuth#

BasicAuth allow an endpoint to authenticate over basic authentication

Field Description Scheme Required
username The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD v1.SecretKeySelector false
password The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD v1.SecretKeySelector false
password_file PasswordFile defines path to password file at disk string false

Back to TOC

BearerAuth#

BearerAuth defines auth with bearer token

Field Description Scheme Required
bearerTokenFile Path to bearer token file string false
bearerTokenSecret Optional bearer auth token to use for -remoteWrite.url *v1.SecretKeySelector false

Back to TOC

ConfigMapKeyReference#

ConfigMapKeyReference refers to a key in a ConfigMap.

Field Description Scheme Required
key The ConfigMap key to refer to. string true

Back to TOC

DiscoverySelector#

DiscoverySelector can be used at CRD components discovery

Field Description Scheme Required
namespaceSelector *NamespaceSelector false
labelSelector *metav1.LabelSelector false

Back to TOC

EmbeddedHPA#

EmbeddedHPA embeds HorizontalPodAutoScaler spec v2. https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2/

Field Description Scheme Required
minReplicas *int32 false
maxReplicas int32 false
metrics []v2beta2.MetricSpec false
behaviour *v2beta2.HorizontalPodAutoscalerBehavior false

Back to TOC

EmbeddedObjectMetadata#

EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included.

Field Description Scheme Required
name Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names string false
labels Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels map[string]string false
annotations Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations map[string]string false

Back to TOC

EmbeddedPersistentVolumeClaim#

EmbeddedPersistentVolumeClaim is an embedded version of k8s.io/api/core/v1.PersistentVolumeClaim. It contains TypeMeta and a reduced ObjectMeta.

Field Description Scheme Required
metadata EmbeddedMetadata contains metadata relevant to an EmbeddedResource. EmbeddedObjectMetadata false
spec Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims v1.PersistentVolumeClaimSpec false
status Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims v1.PersistentVolumeClaimStatus false

Back to TOC

EmbeddedPodDisruptionBudgetSpec#

Field Description Scheme Required
minAvailable An eviction is allowed if at least &#34;minAvailable&#34; pods selected by &#34;selector&#34; will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying &#34;100%&#34;. *intstr.IntOrString false
maxUnavailable An eviction is allowed if at most &#34;maxUnavailable&#34; pods selected by &#34;selector&#34; are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with &#34;minAvailable&#34;. *intstr.IntOrString false
selectorLabels replaces default labels selector generated by operator it's useful when you need to create custom budget map[string]string false

Back to TOC

EmbeddedProbes#

EmbeddedProbes - it allows to override some probe params. its not necessary to specify all options, operator will replace missing spec with default values.

Field Description Scheme Required
livenessProbe LivenessProbe that will be added CRD pod *v1.Probe false
readinessProbe ReadinessProbe that will be added CRD pod *v1.Probe false
startupProbe StartupProbe that will be added to CRD pod *v1.Probe false

Back to TOC

HTTPAuth#

HTTPAuth generic auth used with http protocols

Field Description Scheme Required
basicAuth *BasicAuth false
oauth2 *OAuth2 false
tlsConfig *TLSConfig false
bearerTokenFile Path to bearer token file string false
bearerTokenSecret Optional bearer auth token to use for -remoteWrite.url *v1.SecretKeySelector false
headers Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version []string false

Back to TOC

KeyValue#

KeyValue defines a (key, value) tuple.

Field Description Scheme Required
key Key of the tuple. string true
value Value of the tuple. string true

Back to TOC

License#

License holds license key for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0 See: https://docs.victoriametrics.com/enterprise.html

Field Description Scheme Required
key Enterprise license key. This flag is available only in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/ *string false
keyRef KeyRef is reference to secret with license key for enterprise features. *v1.SecretKeySelector false

Back to TOC

StorageSpec#

StorageSpec defines the configured storage for a group Prometheus servers. If neither emptyDir nor volumeClaimTemplate is specified, then by default an EmptyDir will be used.

Field Description Scheme Required
disableMountSubPath Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts. bool false
emptyDir EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir *v1.EmptyDirVolumeSource false
volumeClaimTemplate A PVC spec to be used by the VMAlertManager StatefulSets. EmbeddedPersistentVolumeClaim false

Back to TOC

StreamAggrConfig#

StreamAggrConfig defines the stream aggregation config

Field Description Scheme Required
rules Stream aggregation rules []StreamAggrRule true
keepInput Allows writing both raw and aggregate data bool false
dropInput Allow drop all the input samples after the aggregation bool false
dedupInterval Allows setting different de-duplication intervals per each configured remote storage string false

Back to TOC

StreamAggrRule#

StreamAggrRule defines the rule in stream aggregation config

Field Description Scheme Required
match Match is a label selector (or list of label selectors) for filtering time series for the given selector.\n\nIf the match isn't set, then all the input time series are processed. StringOrArray false
interval Interval is the interval between aggregations. string true
staleness_interval StalenessInterval defines an interval after which the series state will be reset if no samples have been sent during it. string false
outputs Outputs is a list of output aggregate functions to produce.\n\nThe following names are allowed:\n\n- total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series - count_samples - counts the input samples - sum_samples - sums the input samples - last - the last biggest sample value - min - the minimum sample value - max - the maximum sample value - avg - the average value across all the samples - stddev - standard deviation across all the samples - stdvar - standard variance across all the samples - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, …, phiN) - quantiles' estimation for phi in the range [0..1]\n\nThe output time series will have the following names:\n\n input_name:aggr_<interval>_<output> []string true
by By is an optional list of labels for grouping input series.\n\nSee also Without.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series. []string false
without Without is an optional list of labels, which must be excluded when grouping input series.\n\nSee also By.\n\nIf neither By nor Without are set, then the Outputs are calculated individually per each input time series. []string false
input_relabel_configs InputRelabelConfigs is an optional relabeling rules, which are applied on the input before aggregation. []RelabelConfig false
output_relabel_configs OutputRelabelConfigs is an optional relabeling rules, which are applied on the aggregated output before being sent to remote storage. []RelabelConfig false

Back to TOC

VMAlert#

VMAlert executes a list of given alerting or recording rules against configured address.

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMAlertSpec false
status VMAlertStatus false

Back to TOC

VMAlertDatasourceSpec#

VMAlertDatasourceSpec defines the remote storage configuration for VmAlert to read alerts from

Field Description Scheme Required
url Victoria Metrics or VMSelect url. Required parameter. E.g. http://127.0.0.1:8428 string true
basicAuth *BasicAuth false
oauth2 *OAuth2 false
tlsConfig *TLSConfig false
bearerTokenFile Path to bearer token file string false
bearerTokenSecret Optional bearer auth token to use for -remoteWrite.url *v1.SecretKeySelector false
headers Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version []string false

Back to TOC

VMAlertList#

VMAlertList contains a list of VMAlert

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMAlert true

Back to TOC

VMAlertNotifierSpec#

VMAlertNotifierSpec defines the notifier url for sending information about alerts

Field Description Scheme Required
url AlertManager url. E.g. http://127.0.0.1:9093 string false
selector Selector allows service discovery for alertmanager in this case all matched vmalertmanager replicas will be added into vmalert notifier.url as statefulset pod.fqdn *DiscoverySelector false
basicAuth *BasicAuth false
oauth2 *OAuth2 false
tlsConfig *TLSConfig false
bearerTokenFile Path to bearer token file string false
bearerTokenSecret Optional bearer auth token to use for -remoteWrite.url *v1.SecretKeySelector false
headers Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version []string false

Back to TOC

VMAlertRemoteReadSpec#

VMAlertRemoteReadSpec defines the remote storage configuration for VmAlert to read alerts from

Field Description Scheme Required
url URL of the endpoint to send samples to. string true
lookback Lookback defines how far to look into past for alerts timeseries. For example, if lookback=1h then range from now() to now()-1h will be scanned. (default 1h0m0s) Applied only to RemoteReadSpec *string false
basicAuth *BasicAuth false
oauth2 *OAuth2 false
tlsConfig *TLSConfig false
bearerTokenFile Path to bearer token file string false
bearerTokenSecret Optional bearer auth token to use for -remoteWrite.url *v1.SecretKeySelector false
headers Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version []string false

Back to TOC

VMAlertRemoteWriteSpec#

VMAlertRemoteWriteSpec defines the remote storage configuration for VmAlert

Field Description Scheme Required
url URL of the endpoint to send samples to. string true
concurrency Defines number of readers that concurrently write into remote storage (default 1) *int32 false
flushInterval Defines interval of flushes to remote write endpoint (default 5s) *string false
maxBatchSize Defines defines max number of timeseries to be flushed at once (default 1000) *int32 false
maxQueueSize Defines the max number of pending datapoints to remote write endpoint (default 100000) *int32 false
basicAuth *BasicAuth false
oauth2 *OAuth2 false
tlsConfig *TLSConfig false
bearerTokenFile Path to bearer token file string false
bearerTokenSecret Optional bearer auth token to use for -remoteWrite.url *v1.SecretKeySelector false
headers Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version []string false

Back to TOC

VMAlertSpec#

VMAlertSpec defines the desired state of VMAlert

Field Description Scheme Required
podMetadata PodMetadata configures Labels and Annotations which are propagated to the VMAlert pods. *EmbeddedObjectMetadata false
image Image - docker image settings for VMAlert if no specified operator uses default config version Image false
imagePullSecrets ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod []v1.LocalObjectReference false
secrets Secrets is a list of Secrets in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. []string false
configMaps ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. []string false
logFormat LogFormat for VMAlert to be configured with. default or json string false
logLevel LogLevel for VMAlert to be configured with. string false
minReadySeconds MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state int32 false
replicaCount ReplicaCount is the expected size of the VMAlert cluster. The controller will eventually make the size of the running cluster equal to the expected size. *int32 false
revisionHistoryLimitCount The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. *int32 false
volumes Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. []v1.Volume false
volumeMounts VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAlert container, that are generated as a result of StorageSpec objects. []v1.VolumeMount false
resources Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ v1.ResourceRequirements false
affinity Affinity If specified, the pod's scheduling constraints. *v1.Affinity false
tolerations Tolerations If specified, the pod's tolerations. []v1.Toleration false
securityContext SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. *v1.PodSecurityContext false
serviceAccountName ServiceAccountName is the name of the ServiceAccount to use to run the VMAlert Pods. string false
schedulerName SchedulerName - defines kubernetes scheduler name string false
runtimeClassName RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ *string false
podSecurityPolicyName PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. string false
containers Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. []v1.Container false
initContainers InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. []v1.Container false
priorityClassName Priority class assigned to the Pods string false
hostNetwork HostNetwork controls whether the pod may use the node network namespace bool false
dnsPolicy DNSPolicy sets DNS policy for the pod v1.DNSPolicy false
topologySpreadConstraints TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ []v1.TopologySpreadConstraint false
evaluationInterval EvaluationInterval defines how often to evaluate rules by default string false
enforcedNamespaceLabel EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. string false
selectAllByDefault SelectAllByDefault changes default behavior for empty CRD selectors, such RuleSelector. with selectAllByDefault: true and empty serviceScrapeSelector and RuleNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing bool false
ruleSelector RuleSelector selector to select which VMRules to mount for loading alerting rules from. Works in combination with NamespaceSelector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. *metav1.LabelSelector false
ruleNamespaceSelector RuleNamespaceSelector to be selected for VMRules discovery. Works in combination with Selector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. *metav1.LabelSelector false
port Port for listen string false
notifier Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier *VMAlertNotifierSpec false
notifiers Notifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier []VMAlertNotifierSpec false
notifierConfigRef NotifierConfigRef reference for secret with notifier configuration for vmalert only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier *v1.SecretKeySelector false
remoteWrite RemoteWrite Optional URL to remote-write compatible storage to persist vmalert state and rule results to. Rule results will be persisted according to each rule. Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE see -remoteWrite.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 *VMAlertRemoteWriteSpec false
remoteRead RemoteRead Optional URL to read vmalert state (persisted via RemoteWrite) This configuration only makes sense if alerts state has been successfully persisted (via RemoteWrite) before. see -remoteRead.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 *VMAlertRemoteReadSpec false
rulePath RulePath to the file with alert rules. Supports patterns. Flag can be specified multiple times. Examples: -rule /path/to/file. Path to a single file with alerting rules -rule dir/.yaml -rule /.yaml. Relative path to all .yaml files in folder, absolute path to all .yaml files in root. by default operator adds /etc/vmalert/configs/base/vmalert.yaml []string false
datasource Datasource Victoria Metrics or VMSelect url. Required parameter. e.g. http://127.0.0.1:8428 VMAlertDatasourceSpec true
extraArgs ExtraArgs that will be passed to VMAlert pod for example -remoteWrite.tmpDataPath=/tmp map[string]string false
extraEnvs ExtraEnvs that will be added to VMAlert pod []v1.EnvVar false
externalLabels ExternalLabels in the form 'name: value' to add to all generated recording rules and alerts. map[string]string false
serviceSpec ServiceSpec that will be added to vmalert service spec *AdditionalServiceSpec false
serviceScrapeSpec ServiceScrapeSpec that will be added to vmalert VMServiceScrape spec *VMServiceScrapeSpec false
updateStrategy UpdateStrategy - overrides default update strategy. *appsv1.DeploymentStrategyType false
rollingUpdate RollingUpdate - overrides deployment update params. *appsv1.RollingUpdateDeployment false
podDisruptionBudget PodDisruptionBudget created by operator *EmbeddedPodDisruptionBudgetSpec false
livenessProbe LivenessProbe that will be added CRD pod *v1.Probe false
readinessProbe ReadinessProbe that will be added CRD pod *v1.Probe false
startupProbe StartupProbe that will be added to CRD pod *v1.Probe false
nodeSelector NodeSelector Define which Nodes the Pods are scheduled on. map[string]string false
terminationGracePeriodSeconds TerminationGracePeriodSeconds period for container graceful termination *int64 false
dnsConfig Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. *v1.PodDNSConfig false
readinessGates ReadinessGates defines pod readiness gates []v1.PodReadinessGate false
useStrictSecurity UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions *bool false
license License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html *License false

Back to TOC

VMAlertStatus#

VMAlertStatus defines the observed state of VMAlert

Field Description Scheme Required
replicas ReplicaCount Total number of non-terminated pods targeted by this VMAlert cluster (their labels match the selector). int32 false
updatedReplicas UpdatedReplicas Total number of non-terminated pods targeted by this VMAlert cluster that have the desired version spec. int32 false
availableReplicas AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMAlert cluster. int32 false
unavailableReplicas UnavailableReplicas Total number of unavailable pods targeted by this VMAlert cluster. int32 false
updateStatus UpdateStatus defines a status for update rollout, effective only for statefuleMode UpdateStatus false
reason Reason defines fail reason for update process, effective only for statefuleMode string false

Back to TOC

VMSingle#

VMSingle is fast, cost-effective and scalable time-series database.

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMSingleSpec false
status VMSingleStatus false

Back to TOC

VMSingleList#

VMSingleList contains a list of VMSingle

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMSingle true

Back to TOC

VMSingleSpec#

VMSingleSpec defines the desired state of VMSingle

Field Description Scheme Required
podMetadata PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods. *EmbeddedObjectMetadata false
image Image - docker image settings for VMSingle if no specified operator uses default config version Image false
imagePullSecrets ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod []v1.LocalObjectReference false
secrets Secrets is a list of Secrets in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods. []string false
configMaps ConfigMaps is a list of ConfigMaps in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods. []string false
logLevel LogLevel for victoria metrics single to be configured with. string false
logFormat LogFormat for VMSingle to be configured with. string false
replicaCount ReplicaCount is the expected size of the VMSingle it can be 0 or 1 if you need more - use vm cluster *int32 false
revisionHistoryLimitCount The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. *int32 false
storageDataPath StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary –storageDataPath, its users responsibility to mount proper device into given path. string false
storage Storage is the definition of how storage will be used by the VMSingle by default it`s empty dir *v1.PersistentVolumeClaimSpec false
storageMetadata StorageMeta defines annotations and labels attached to PVC for given vmsingle CR EmbeddedObjectMetadata false
volumes Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. []v1.Volume false
volumeMounts VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSingle container, that are generated as a result of StorageSpec objects. []v1.VolumeMount false
resources Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used v1.ResourceRequirements false
affinity Affinity If specified, the pod's scheduling constraints. *v1.Affinity false
tolerations Tolerations If specified, the pod's tolerations. []v1.Toleration false
securityContext SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. *v1.PodSecurityContext false
serviceAccountName ServiceAccountName is the name of the ServiceAccount to use to run the VMSingle Pods. string false
schedulerName SchedulerName - defines kubernetes scheduler name string false
runtimeClassName RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ *string false
podSecurityPolicyName PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. string false
hostAliases HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. []v1.HostAlias false
containers Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. []v1.Container false
initContainers InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. []v1.Container false
priorityClassName PriorityClassName assigned to the Pods string false
hostNetwork HostNetwork controls whether the pod may use the node network namespace bool false
dnsPolicy DNSPolicy sets DNS policy for the pod v1.DNSPolicy false
dnsConfig Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. *v1.PodDNSConfig false
topologySpreadConstraints TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ []v1.TopologySpreadConstraint false
insertPorts InsertPorts - additional listen ports for data ingestion. *InsertPorts false
port Port listen port string false
removePvcAfterDelete RemovePvcAfterDelete - if true, controller adds ownership to pvc and after VMSingle objest deletion - pvc will be garbage collected by controller manager bool false
retentionPeriod RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention string true
vmBackup VMBackup configuration for backup *VMBackup false
license License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html *License false
extraArgs ExtraArgs that will be passed to VMSingle pod for example remoteWrite.tmpDataPath: /tmp map[string]string false
extraEnvs ExtraEnvs that will be added to VMSingle pod []v1.EnvVar false
serviceSpec ServiceSpec that will be added to vmsingle service spec *AdditionalServiceSpec false
serviceScrapeSpec ServiceScrapeSpec that will be added to vmsingle VMServiceScrape spec *VMServiceScrapeSpec false
livenessProbe LivenessProbe that will be added CRD pod *v1.Probe false
readinessProbe ReadinessProbe that will be added CRD pod *v1.Probe false
startupProbe StartupProbe that will be added to CRD pod *v1.Probe false
nodeSelector NodeSelector Define which Nodes the Pods are scheduled on. map[string]string false
terminationGracePeriodSeconds TerminationGracePeriodSeconds period for container graceful termination *int64 false
readinessGates ReadinessGates defines pod readiness gates []v1.PodReadinessGate false
streamAggrConfig StreamAggrConfig defines stream aggregation configuration for VMSingle *StreamAggrConfig false
useStrictSecurity UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions *bool false

Back to TOC

VMSingleStatus#

VMSingleStatus defines the observed state of VMSingle

Field Description Scheme Required
replicas ReplicaCount Total number of non-terminated pods targeted by this VMSingle. int32 true
updatedReplicas UpdatedReplicas Total number of non-terminated pods targeted by this VMSingle. int32 true
availableReplicas AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMSingle. int32 true
unavailableReplicas UnavailableReplicas Total number of unavailable pods targeted by this VMSingle. int32 true
singleStatus UpdateStatus defines a status of single node rollout UpdateStatus false
reason Reason defines a reason in case of update failure string false

Back to TOC

Rule#

Rule describes an alerting or recording rule.

Field Description Scheme Required
record Record represents a query, that will be recorded to dataSource string false
alert Alert is a name for alert string false
expr Expr is query, that will be evaluated at dataSource string true
debug Debug enables logging for rule it useful for tracking *bool false
for For evaluation interval in time.Duration format 30s, 1m, 1h or nanoseconds string false
keep_firing_for KeepFiringFor will make alert continue firing for this long even when the alerting expression no longer has results. Use time.Duration format, 30s, 1m, 1h or nanoseconds string false
labels Labels will be added to rule configuration map[string]string false
annotations Annotations will be added to rule configuration map[string]string false
update_entries_limit UpdateEntriesLimit defines max number of rule's state updates stored in memory. Overrides -rule.updateEntriesLimit in vmalert. *int false

Back to TOC

RuleGroup#

RuleGroup is a list of sequentially evaluated recording and alerting rules.

Field Description Scheme Required
name Name of group string true
interval evaluation interval for group string false
rules Rules list of alert rules []Rule true
limit Limit the number of alerts an alerting rule and series a recording rule can produce int false
concurrency Concurrency defines how many rules execute at once. int false
labels Labels optional list of labels added to every rule within a group. It has priority over the external labels. Labels are commonly used for adding environment or tenant-specific tag. map[string]string false
extra_filter_labels ExtraFilterLabels optional list of label filters applied to every rule's request withing a group. Is compatible only with VM datasource. See more details at https://docs.victoriametrics.com#prometheus-querying-api-enhancements Deprecated, use params instead map[string]string false
tenant Tenant id for group, can be used only with enterprise version of vmalert See more details at https://docs.victoriametrics.com/vmalert.html#multitenancy string false
params Params optional HTTP URL parameters added to each rule request url.Values false
type Type defines datasource type for enterprise version of vmalert possible values - prometheus,graphite string false
headers Headers contains optional HTTP headers added to each rule request Must be in form header-name: value For example:\n headers:\n - &#34;CustomHeader: foo&#34;\n - &#34;CustomHeader2: bar&#34; []string false
notifier_headers NotifierHeaders contains optional HTTP headers added to each alert request which will send to notifier Must be in form header-name: value For example:\n headers:\n - &#34;CustomHeader: foo&#34;\n - &#34;CustomHeader2: bar&#34; []string false

Back to TOC

VMRule#

VMRule defines rule records for vmalert application

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMRuleSpec true
status VMRuleStatus false

Back to TOC

VMRuleList#

VMRuleList contains a list of VMRule

Field Description Scheme Required
metadata metav1.ListMeta false
items Items list of VMRule []*VMRule true

Back to TOC

VMRuleSpec#

VMRuleSpec defines the desired state of VMRule

Field Description Scheme Required
groups Groups list of group rules []RuleGroup true

Back to TOC

APIServerConfig#

APIServerConfig defines a host and auth methods to access apiserver. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config

Field Description Scheme Required
host Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number string true
basicAuth BasicAuth allow an endpoint to authenticate over basic authentication *BasicAuth false
bearerToken Bearer token for accessing apiserver. string false
bearerTokenFile File to read bearer token for accessing apiserver. string false
tlsConfig TLSConfig Config to use for accessing apiserver. *TLSConfig false
authorization *Authorization false

Back to TOC

AttachMetadata#

AttachMetadata configures metadata attachment

Field Description Scheme Required
node Node instructs vmagent to add node specific metadata from service discovery Valid for roles: pod, endpoints, endpointslice. *bool false

Back to TOC

Authorization#

Authorization configures generic authorization params

Field Description Scheme Required
type Type of authorization, default to bearer string false
credentials Reference to the secret with value for authorization *v1.SecretKeySelector false
credentialsFile File with value for authorization string false

Back to TOC

Endpoint#

Endpoint defines a scrapeable endpoint serving Prometheus metrics.

Field Description Scheme Required
port Name of the service port this endpoint refers to. Mutually exclusive with targetPort. string false
targetPort Name or number of the pod port this endpoint refers to. Mutually exclusive with port. *intstr.IntOrString false
path HTTP path to scrape for metrics. string false
scheme HTTP scheme to use for scraping. string false
params Optional HTTP URL parameters map[string][]string false
follow_redirects FollowRedirects controls redirects for scraping. *bool false
interval Interval at which metrics should be scraped string false
scrape_interval ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used string false
scrapeTimeout Timeout after which the scrape is ended string false
sampleLimit SampleLimit defines per-endpoint limit on number of scraped samples that will be accepted. uint64 false
oauth2 OAuth2 defines auth configuration *OAuth2 false
authorization Authorization with http header Authorization *Authorization false
tlsConfig TLSConfig configuration to use when scraping the endpoint *TLSConfig false
bearerTokenFile File to read bearer token for scraping targets. string false
bearerTokenSecret Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. *v1.SecretKeySelector false
honorLabels HonorLabels chooses the metric's labels on collisions with target labels. bool false
honorTimestamps HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. *bool false
basicAuth BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints *BasicAuth false
metricRelabelConfigs MetricRelabelConfigs to apply to samples before ingestion. []*RelabelConfig false
relabelConfigs RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config []*RelabelConfig false
proxyURL ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. *string false
vm_scrape_params VMScrapeParams defines VictoriaMetrics specific scrape parametrs *VMScrapeParams false
attach_metadata AttachMetadata configures metadata attaching from service discovery AttachMetadata false

Back to TOC

NamespaceSelector#

NamespaceSelector is a selector for selecting either all namespaces or a list of namespaces.

Field Description Scheme Required
any Boolean describing whether all namespaces are selected in contrast to a list restricting them. bool false
matchNames List of namespace names. []string false

Back to TOC

OAuth2#

OAuth2 defines OAuth2 configuration

Field Description Scheme Required
client_id The secret or configmap containing the OAuth2 client id SecretOrConfigMap true
client_secret The secret containing the OAuth2 client secret *v1.SecretKeySelector false
client_secret_file ClientSecretFile defines path for client secret file. string false
token_url The URL to fetch the token from string true
scopes OAuth2 scopes used for the token request []string false
endpoint_params Parameters to append to the token URL map[string]string false

Back to TOC

ProxyAuth#

ProxyAuth represent proxy auth config Only VictoriaMetrics scrapers supports it. See https://github.com/VictoriaMetrics/VictoriaMetrics/commit/a6a71ef861444eb11fe8ec6d2387f0fc0c4aea87

Field Description Scheme Required
basic_auth *BasicAuth false
bearer_token *v1.SecretKeySelector false
bearer_token_file string false
tls_config *TLSConfig false

Back to TOC

RelabelConfig#

RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines <metric_relabel_configs>-section of configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs

Field Description Scheme Required
source_labels UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131 []string false
target_label UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131 string false
sourceLabels The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. []string false
separator Separator placed between concatenated source label values. default is ';'. string false
targetLabel Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. string false
regex Regular expression against which the extracted value is matched. Default is '(.*)' string false
modulus Modulus to take of the hash of the source label values. uint64 false
replacement Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' string false
action Action to perform based on regex matching. Default is 'replace' string false
if If represents metricsQL match expression (or list of expressions): '{name=~&#34;foo_.*&#34;}' StringOrArray false
match Match is used together with Labels for action: graphite string false
labels Labels is used together with Match for action: graphite map[string]string false

Back to TOC

SecretOrConfigMap#

SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.

Field Description Scheme Required
secret Secret containing data to use for the targets. *v1.SecretKeySelector false
configMap ConfigMap containing data to use for the targets. *v1.ConfigMapKeySelector false

Back to TOC

TLSConfig#

TLSConfig specifies TLSConfig configuration parameters.

Field Description Scheme Required
caFile Path to the CA cert in the container to use for the targets. string false
ca Stuct containing the CA cert to use for the targets. SecretOrConfigMap false
certFile Path to the client cert file in the container for the targets. string false
cert Struct containing the client cert file for the targets. SecretOrConfigMap false
keyFile Path to the client key file in the container for the targets. string false
keySecret Secret containing the client key file for the targets. *v1.SecretKeySelector false
serverName Used to verify the hostname for the targets. string false
insecureSkipVerify Disable target certificate validation. bool false

Back to TOC

VMScrapeParams#

VMScrapeParams defines scrape target configuration that compatible only with VictoriaMetrics scrapers VMAgent and VMSingle

Field Description Scheme Required
relabel_debug *bool false
metric_relabel_debug *bool false
disable_compression *bool false
disable_keep_alive *bool false
no_stale_markers *bool false
stream_parse *bool false
scrape_align_interval *string false
scrape_offset *string false
proxy_client_config ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy *ProxyAuth false
headers Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version []string false

Back to TOC

VMServiceScrape#

VMServiceScrape is scrape configuration for endpoints associated with kubernetes service, it generates scrape configuration for vmagent based on selectors. result config will scrape service endpoints

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMServiceScrapeSpec true
status VMServiceScrapeStatus false

Back to TOC

VMServiceScrapeList#

VMServiceScrapeList contains a list of VMServiceScrape

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMServiceScrape true

Back to TOC

VMServiceScrapeSpec#

VMServiceScrapeSpec defines the desired state of VMServiceScrape

Field Description Scheme Required
discoveryRole DiscoveryRole - defines kubernetes_sd role for objects discovery. by default, its endpoints. can be changed to service or endpointslices. note, that with service setting, you have to use port: &#34;name&#34; and cannot use targetPort for endpoints. string false
jobLabel The label to use to retrieve the job name from. string false
targetLabels TargetLabels transfers labels on the Kubernetes Service onto the target. []string false
podTargetLabels PodTargetLabels transfers labels on the Kubernetes Pod onto the target. []string false
endpoints A list of endpoints allowed as part of this ServiceScrape. []Endpoint true
selector Selector to select Endpoints objects by corresponding Service labels. metav1.LabelSelector false
namespaceSelector Selector to select which namespaces the Endpoints objects are discovered from. NamespaceSelector false
sampleLimit SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. uint64 false

Back to TOC

ArbitraryFSAccessThroughSMsConfig#

ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service scrape selected by the vmagent instance is allowed to use arbitrary files on the file system of the vmagent container. This is the case when e.g. a service scrape specifies a BearerTokenFile in an endpoint. A malicious user could create a service scrape selecting arbitrary secret files in the vmagent container. Those secrets would then be sent with a scrape request by vmagent to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.

Field Description Scheme Required
deny bool false

Back to TOC

PodMetricsEndpoint#

PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.

Field Description Scheme Required
port Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. string false
targetPort Deprecated: Use 'port' instead. *intstr.IntOrString false
path HTTP path to scrape for metrics. string false
scheme HTTP scheme to use for scraping. string false
params Optional HTTP URL parameters map[string][]string false
follow_redirects FollowRedirects controls redirects for scraping. *bool false
interval Interval at which metrics should be scraped string false
scrape_interval ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used string false
scrapeTimeout Timeout after which the scrape is ended string false
sampleLimit SampleLimit defines per-podEndpoint limit on number of scraped samples that will be accepted. uint64 false
honorLabels HonorLabels chooses the metric's labels on collisions with target labels. bool false
honorTimestamps HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. *bool false
metricRelabelConfigs MetricRelabelConfigs to apply to samples before ingestion. []*RelabelConfig false
relabelConfigs RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config []*RelabelConfig false
proxyURL ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. *string false
basicAuth BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints *BasicAuth false
bearerTokenFile File to read bearer token for scraping targets. string false
bearerTokenSecret Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. *v1.SecretKeySelector false
tlsConfig TLSConfig configuration to use when scraping the endpoint *TLSConfig false
oauth2 OAuth2 defines auth configuration *OAuth2 false
authorization Authorization with http header Authorization *Authorization false
vm_scrape_params VMScrapeParams defines VictoriaMetrics specific scrape parametrs *VMScrapeParams false
attach_metadata AttachMetadata configures metadata attaching from service discovery AttachMetadata false
filterRunning FilterRunning applies filter with pod status == running it prevents from scrapping metrics at failed or succeed state pods. enabled by default *bool false

Back to TOC

VMPodScrape#

VMPodScrape is scrape configuration for pods, it generates vmagent’s config for scraping pod targets based on selectors.

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMPodScrapeSpec false
status VMPodScrapeStatus true

Back to TOC

VMPodScrapeList#

VMPodScrapeList contains a list of VMPodScrape

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMPodScrape true

Back to TOC

VMPodScrapeSpec#

VMPodScrapeSpec defines the desired state of VMPodScrape

Field Description Scheme Required
jobLabel The label to use to retrieve the job name from. string false
podTargetLabels PodTargetLabels transfers labels on the Kubernetes Pod onto the target. []string false
podMetricsEndpoints A list of endpoints allowed as part of this PodMonitor. []PodMetricsEndpoint true
selector Selector to select Pod objects. metav1.LabelSelector false
namespaceSelector Selector to select which namespaces the Endpoints objects are discovered from. NamespaceSelector false
sampleLimit SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. uint64 false

Back to TOC

Image#

Image defines docker image settings

Field Description Scheme Required
repository Repository contains name of docker image + it's repository if needed string false
tag Tag contains desired docker image version string false
pullPolicy PullPolicy describes how to pull docker image v1.PullPolicy false

Back to TOC

InsertPorts#

Field Description Scheme Required
graphitePort GraphitePort listen port string false
influxPort InfluxPort listen port string false
openTSDBHTTPPort OpenTSDBHTTPPort for http connections. string false
openTSDBPort OpenTSDBPort for tcp and udp listen string false

Back to TOC

VMBackup#

Field Description Scheme Required
acceptEULA AcceptEULA accepts enterprise feature usage, must be set to true. otherwise backupmanager cannot be added to single/cluster version. https://victoriametrics.com/legal/esa/ bool true
snapshotCreateURL SnapshotCreateURL overwrites url for snapshot create string false
snapshotDeleteURL SnapShotDeleteURL overwrites url for snapshot delete string false
concurrency Defines number of concurrent workers. Higher concurrency may reduce backup duration (default 10) *int32 false
destination Defines destination for backup string false
destinationDisableSuffixAdd DestinationDisableSuffixAdd - disables suffix adding for cluster version backups each vmstorage backup must have unique backup folder so operator adds POD_NAME as suffix for backup destination folder. bool false
customS3Endpoint Custom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set *string false
credentialsSecret CredentialsSecret is secret in the same namespace for access to remote storage The secret is mounted into /etc/vm/creds. *v1.SecretKeySelector false
disableHourly Defines if hourly backups disabled (default false) *bool false
disableDaily Defines if daily backups disabled (default false) *bool false
disableWeekly Defines if weekly backups disabled (default false) *bool false
disableMonthly Defines if monthly backups disabled (default false) *bool false
image Image - docker image settings for VMBackuper Image false
port Port for health check connections string false
logFormat LogFormat for VMSelect to be configured with. default or json *string false
logLevel LogLevel for VMSelect to be configured with. *string false
resources Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used v1.ResourceRequirements false
extraArgs extra args like maxBytesPerSecond default 0 map[string]string false
extraEnvs []v1.EnvVar false
volumeMounts VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container, that are generated as a result of StorageSpec objects. []v1.VolumeMount false
restore Restore Allows to enable restore options for pod Read more: https://docs.victoriametrics.com/vmbackupmanager.html#restore-commands *VMRestore false

Back to TOC

VMCluster#

VMCluster is fast, cost-effective and scalable time-series database. Cluster version with

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMClusterSpec true
status VMClusterStatus false

Back to TOC

VMClusterList#

VMClusterList contains a list of VMCluster

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMCluster true

Back to TOC

VMClusterSpec#

VMClusterSpec defines the desired state of VMCluster

Field Description Scheme Required
retentionPeriod RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention string true
replicationFactor ReplicationFactor defines how many copies of data make among distinct storage nodes *int32 false
podSecurityPolicyName PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. string false
serviceAccountName ServiceAccountName is the name of the ServiceAccount to use to run the VMSelect, VMStorage and VMInsert Pods. string false
clusterVersion ClusterVersion defines default images tag for all components. it can be overwritten with component specific image.tag value. string false
imagePullSecrets ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod []v1.LocalObjectReference false
license License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html *License false
vmselect *VMSelect false
vminsert *VMInsert false
vmstorage *VMStorage false
useStrictSecurity UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions *bool false

Back to TOC

VMClusterStatus#

VMClusterStatus defines the observed state of VMCluster

Field Description Scheme Required
updateFailCount Deprecated. int true
lastSync Deprecated. string false
clusterStatus UpdateStatus false
reason string false

Back to TOC

VMInsert#

Field Description Scheme Required
name Name is deprecated and will be removed at 0.22.0 release string false
podMetadata PodMetadata configures Labels and Annotations which are propagated to the VMSelect pods. *EmbeddedObjectMetadata false
image Image - docker image settings for VMInsert Image false
secrets Secrets is a list of Secrets in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. []string false
configMaps ConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. []string false
logFormat LogFormat for VMSelect to be configured with. default or json string false
logLevel LogLevel for VMSelect to be configured with. string false
minReadySeconds MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state int32 false
replicaCount ReplicaCount is the expected size of the VMInsert cluster. The controller will eventually make the size of the running cluster equal to the expected size. *int32 true
revisionHistoryLimitCount The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. *int32 false
volumes Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. []v1.Volume false
volumeMounts VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects. []v1.VolumeMount false
resources Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ v1.ResourceRequirements false
affinity Affinity If specified, the pod's scheduling constraints. *v1.Affinity false
tolerations Tolerations If specified, the pod's tolerations. []v1.Toleration false
securityContext SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. *v1.PodSecurityContext false
containers Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. []v1.Container false
initContainers InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMSelect configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. []v1.Container false
priorityClassName Priority class assigned to the Pods string false
hostNetwork HostNetwork controls whether the pod may use the node network namespace bool false
dnsPolicy DNSPolicy sets DNS policy for the pod v1.DNSPolicy false
dnsConfig Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. *v1.PodDNSConfig false
topologySpreadConstraints TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ []v1.TopologySpreadConstraint false
extraArgs map[string]string false
insertPorts InsertPorts - additional listen ports for data ingestion. *InsertPorts false
port Port listen port string false
clusterNativeListenPort ClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup string false
schedulerName SchedulerName - defines kubernetes scheduler name string false
runtimeClassName RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ *string false
extraEnvs ExtraEnvs that will be added to VMSelect pod []v1.EnvVar false
serviceSpec ServiceSpec that will be added to vminsert service spec *AdditionalServiceSpec false
serviceScrapeSpec ServiceScrapeSpec that will be added to vminsert VMServiceScrape spec *VMServiceScrapeSpec false
updateStrategy UpdateStrategy - overrides default update strategy. *appsv1.DeploymentStrategyType false
rollingUpdate RollingUpdate - overrides deployment update params. *appsv1.RollingUpdateDeployment false
podDisruptionBudget PodDisruptionBudget created by operator *EmbeddedPodDisruptionBudgetSpec false
livenessProbe LivenessProbe that will be added CRD pod *v1.Probe false
readinessProbe ReadinessProbe that will be added CRD pod *v1.Probe false
startupProbe StartupProbe that will be added to CRD pod *v1.Probe false
hpa HPA defines kubernetes PodAutoScaling configuration version 2. *EmbeddedHPA false
nodeSelector NodeSelector Define which Nodes the Pods are scheduled on. map[string]string false
terminationGracePeriodSeconds TerminationGracePeriodSeconds period for container graceful termination *int64 false
readinessGates ReadinessGates defines pod readiness gates []v1.PodReadinessGate false

Back to TOC

VMRestore#

Field Description Scheme Required
onStart OnStart defines configuration for restore on pod start *VMRestoreOnStartConfig false

Back to TOC

VMRestoreOnStartConfig#

Field Description Scheme Required
enabled Enabled defines if restore on start enabled bool false

Back to TOC

VMSelect#

Field Description Scheme Required
name Name is deprecated and will be removed at 0.22.0 release string false
podMetadata PodMetadata configures Labels and Annotations which are propagated to the VMSelect pods. *EmbeddedObjectMetadata false
image Image - docker image settings for VMSelect Image false
secrets Secrets is a list of Secrets in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. []string false
configMaps ConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. []string false
logFormat LogFormat for VMSelect to be configured with. default or json string false
logLevel LogLevel for VMSelect to be configured with. string false
minReadySeconds MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state int32 false
replicaCount ReplicaCount is the expected size of the VMSelect cluster. The controller will eventually make the size of the running cluster equal to the expected size. *int32 true
revisionHistoryLimitCount The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. *int32 false
volumes Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. []v1.Volume false
volumeMounts VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects. []v1.VolumeMount false
resources Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ v1.ResourceRequirements false
affinity Affinity If specified, the pod's scheduling constraints. *v1.Affinity false
tolerations Tolerations If specified, the pod's tolerations. []v1.Toleration false
securityContext SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. *v1.PodSecurityContext false
containers Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. []v1.Container false
initContainers InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMSelect configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. []v1.Container false
priorityClassName Priority class assigned to the Pods string false
hostNetwork HostNetwork controls whether the pod may use the node network namespace bool false
dnsPolicy DNSPolicy sets DNS policy for the pod v1.DNSPolicy false
dnsConfig Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. *v1.PodDNSConfig false
topologySpreadConstraints TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ []v1.TopologySpreadConstraint false
cacheMountPath CacheMountPath allows to add cache persistent for VMSelect, will use &#34;/cache&#34; as default if not specified. string false
persistentVolume Storage - add persistent volume for cacheMounthPath its useful for persistent cache use storage instead of persistentVolume. *StorageSpec false
storage StorageSpec - add persistent volume claim for cacheMountPath its needed for persistent cache *StorageSpec false
extraEnvs ExtraEnvs that will be added to VMSelect pod []v1.EnvVar false
extraArgs map[string]string false
port Port listen port string false
clusterNativeListenPort ClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup string false
schedulerName SchedulerName - defines kubernetes scheduler name string false
runtimeClassName RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ *string false
serviceSpec ServiceSpec that will be added to vmselect service spec *AdditionalServiceSpec false
serviceScrapeSpec ServiceScrapeSpec that will be added to vmselect VMServiceScrape spec *VMServiceScrapeSpec false
podDisruptionBudget PodDisruptionBudget created by operator *EmbeddedPodDisruptionBudgetSpec false
livenessProbe LivenessProbe that will be added CRD pod *v1.Probe false
readinessProbe ReadinessProbe that will be added CRD pod *v1.Probe false
startupProbe StartupProbe that will be added to CRD pod *v1.Probe false
hpa Configures horizontal pod autoscaling. Note, enabling this option disables vmselect to vmselect communication. In most cases it's not an issue. *EmbeddedHPA false
nodeSelector NodeSelector Define which Nodes the Pods are scheduled on. map[string]string false
rollingUpdateStrategy RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate appsv1.StatefulSetUpdateStrategyType false
terminationGracePeriodSeconds TerminationGracePeriodSeconds period for container graceful termination *int64 false
readinessGates ReadinessGates defines pod readiness gates []v1.PodReadinessGate false
claimTemplates ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet []v1.PersistentVolumeClaim false

Back to TOC

VMStorage#

Field Description Scheme Required
name Name is deprecated and will be removed at 0.22.0 release string false
minReadySeconds MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state int32 false
podMetadata PodMetadata configures Labels and Annotations which are propagated to the VMSelect pods. *EmbeddedObjectMetadata false
image Image - docker image settings for VMStorage Image false
secrets Secrets is a list of Secrets in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>. []string false
configMaps ConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>. []string false
logFormat LogFormat for VMSelect to be configured with. default or json string false
logLevel LogLevel for VMSelect to be configured with. string false
replicaCount ReplicaCount is the expected size of the VMStorage cluster. The controller will eventually make the size of the running cluster equal to the expected size. *int32 true
revisionHistoryLimitCount The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. *int32 false
volumes Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. []v1.Volume false
volumeMounts VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects. []v1.VolumeMount false
resources Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ v1.ResourceRequirements false
affinity Affinity If specified, the pod's scheduling constraints. *v1.Affinity false
tolerations Tolerations If specified, the pod's tolerations. []v1.Toleration false
securityContext SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. *v1.PodSecurityContext false
containers Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. []v1.Container false
initContainers InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMSelect configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. []v1.Container false
priorityClassName Priority class assigned to the Pods string false
hostNetwork HostNetwork controls whether the pod may use the node network namespace bool false
dnsPolicy DNSPolicy sets DNS policy for the pod v1.DNSPolicy false
dnsConfig Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. *v1.PodDNSConfig false
topologySpreadConstraints TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ []v1.TopologySpreadConstraint false
storageDataPath StorageDataPath - path to storage data string false
storage Storage - add persistent volume for StorageDataPath its useful for persistent cache *StorageSpec false
terminationGracePeriodSeconds TerminationGracePeriodSeconds period for container graceful termination int64 false
schedulerName SchedulerName - defines kubernetes scheduler name string false
runtimeClassName RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ *string false
port Port for health check connetions string false
vmInsertPort VMInsertPort for VMInsert connections string false
vmSelectPort VMSelectPort for VMSelect connections string false
vmBackup VMBackup configuration for backup *VMBackup false
extraArgs map[string]string false
extraEnvs ExtraEnvs that will be added to VMSelect pod []v1.EnvVar false
serviceSpec ServiceSpec that will be create additional service for vmstorage *AdditionalServiceSpec false
serviceScrapeSpec ServiceScrapeSpec that will be added to vmstorage VMServiceScrape spec *VMServiceScrapeSpec false
podDisruptionBudget PodDisruptionBudget created by operator *EmbeddedPodDisruptionBudgetSpec false
livenessProbe LivenessProbe that will be added CRD pod *v1.Probe false
readinessProbe ReadinessProbe that will be added CRD pod *v1.Probe false
startupProbe StartupProbe that will be added to CRD pod *v1.Probe false
maintenanceInsertNodeIDs MaintenanceInsertNodeIDs - excludes given node ids from insert requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. lets say, you have pod-0, pod-1, pod-2, pod-3. to exclude pod-0 and pod-3 from insert routing, define nodeIDs: [0,3]. Useful at storage expanding, when you want to rebalance some data at cluster. []int32 false
maintenanceSelectNodeIDs MaintenanceInsertNodeIDs - excludes given node ids from select requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. []int32 false
nodeSelector NodeSelector Define which Nodes the Pods are scheduled on. map[string]string false
rollingUpdateStrategy RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate appsv1.StatefulSetUpdateStrategyType false
readinessGates ReadinessGates defines pod readiness gates []v1.PodReadinessGate false
claimTemplates ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet []v1.PersistentVolumeClaim false

Back to TOC

VMNodeScrape#

VMNodeScrape defines discovery for targets placed on kubernetes nodes, usually its node-exporters and other host services. InternalIP is used as address for scraping.

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMNodeScrapeSpec false
status VMNodeScrapeStatus false

Back to TOC

VMNodeScrapeList#

VMNodeScrapeList contains a list of VMNodeScrape

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMNodeScrape true

Back to TOC

VMNodeScrapeSpec#

VMNodeScrapeSpec defines specification for VMNodeScrape.

Field Description Scheme Required
jobLabel The label to use to retrieve the job name from. string false
targetLabels TargetLabels transfers labels on the Kubernetes Node onto the target. []string false
port Name of the port exposed at Node. string false
path HTTP path to scrape for metrics. string false
scheme HTTP scheme to use for scraping. string false
params Optional HTTP URL parameters map[string][]string false
follow_redirects FollowRedirects controls redirects for scraping. *bool false
interval Interval at which metrics should be scraped string false
scrape_interval ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used string false
scrapeTimeout Timeout after which the scrape is ended string false
oauth2 OAuth2 defines auth configuration *OAuth2 false
authorization Authorization with http header Authorization *Authorization false
tlsConfig *TLSConfig false
bearerTokenFile File to read bearer token for scraping targets. string false
bearerTokenSecret Secret to mount to read bearer token for scraping targets. The secret needs to be accessible by the victoria-metrics operator. *v1.SecretKeySelector false
honorLabels HonorLabels chooses the metric's labels on collisions with target labels. bool false
honorTimestamps HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. *bool false
basicAuth BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints *BasicAuth false
metricRelabelConfigs MetricRelabelConfigs to apply to samples before ingestion. []*RelabelConfig false
relabelConfigs RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config []*RelabelConfig false
proxyURL ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. *string false
selector Selector to select kubernetes Nodes. metav1.LabelSelector false
sampleLimit SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. uint64 false
vm_scrape_params VMScrapeParams defines VictoriaMetrics specific scrape parametrs *VMScrapeParams false

Back to TOC

CRDRef#

CRDRef describe CRD target reference.

Field Description Scheme Required
kind Kind one of: VMAgent VMAlert VMCluster VMSingle or VMAlertManager string true
name Name target CRD object name string true
namespace Namespace target CRD object namespace. string true

Back to TOC

StaticRef#

StaticRef - user-defined routing host address.

Field Description Scheme Required
url URL http url for given staticRef. string false
urls URLs allows setting multiple urls for load-balancing at vmauth-side. []string false

Back to TOC

TargetRef#

TargetRef describes target for user traffic forwarding. one of target types can be chosen: crd or static per targetRef. user can define multiple targetRefs with different ref Types.

Field Description Scheme Required
crd CRD describes exist operator's CRD object, operator generates access url based on CRD params. *CRDRef false
static Static - user defined url for traffic forward, for instance http://vmsingle:8429 *StaticRef false
paths Paths - matched path to route. []string false
hosts []string false
target_path_suffix QueryParams []string json:\&#34;queryParams,omitempty\&#34; TargetPathSuffix allows to add some suffix to the target path It allows to hide tenant configuration from user with crd as ref. it also may contain any url encoded params. string false
headers Headers represent additional http headers, that vmauth uses in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.68.0 version of vmauth []string false
response_headers ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.93.0 version of vmauth []string false
retry_status_codes RetryStatusCodes defines http status codes in numeric format for request retries Can be defined per target or at VMUser.spec level e.g. [429,503] []int false
load_balancing_policy LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default &#34;least_loaded&#34;) *string false
drop_src_path_prefix_parts DropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. *int false

Back to TOC

VMUser#

VMUser is the Schema for the vmusers API

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMUserSpec false
status VMUserStatus false

Back to TOC

VMUserIPFilters#

VMUserIPFilters defines filters for IP addresses supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filters

Field Description Scheme Required
deny_list []string false
allow_list []string false

Back to TOC

VMUserList#

VMUserList contains a list of VMUser

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMUser true

Back to TOC

VMUserSpec#

VMUserSpec defines the desired state of VMUser

Field Description Scheme Required
name Name of the VMUser object. *string false
username UserName basic auth user name for accessing protected endpoint, will be replaced with metadata.name of VMUser if omitted. *string false
password Password basic auth password for accessing protected endpoint. *string false
passwordRef PasswordRef allows fetching password from user-create secret by its name and key. *v1.SecretKeySelector false
tokenRef TokenRef allows fetching token from user-created secrets by its name and key. *v1.SecretKeySelector false
generatePassword GeneratePassword instructs operator to generate password for user if spec.password if empty. bool false
bearerToken BearerToken Authorization header value for accessing protected endpoint. *string false
targetRefs TargetRefs - reference to endpoints, which user may access. []TargetRef true
default_url DefaultURLs backend url for non-matching paths filter usually used for default backend with error message []string false
ip_filters IPFilters defines per target src ip filters supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filters VMUserIPFilters false
headers Headers represent additional http headers, that vmauth uses in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.68.0 version of vmauth []string false
response_headers ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.93.0 version of vmauth []string false
retry_status_codes RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503] []int false
max_concurrent_requests MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth *int false
load_balancing_policy LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default &#34;least_loaded&#34;) *string false
drop_src_path_prefix_parts DropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. *int false
tls_insecure_skip_verify TLSInsecureSkipVerify - whether to skip TLS verification when connecting to backend over HTTPS. See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup bool false
metric_labels MetricLabels - additional labels for metrics exported by vmauth for given user. map[string]string false
disable_secret_creation DisableSecretCreation skips related secret creation for vmuser bool false

Back to TOC

EmbeddedIngress#

EmbeddedIngress describes ingress configuration options.

Field Description Scheme Required
class_name ClassName defines ingress class name for VMAuth *string false
name Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names string false
labels Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels map[string]string false
annotations Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations map[string]string false
tlsHosts TlsHosts configures TLS access for ingress, tlsSecretName must be defined for it. []string false
tlsSecretName TlsSecretName defines secretname at the VMAuth namespace with cert and key https://kubernetes.io/docs/concepts/services-networking/ingress/#tls string false
extraRules ExtraRules - additional rules for ingress, must be checked for correctness by user. []v12.IngressRule false
extraTls ExtraTLS - additional TLS configuration for ingress must be checked for correctness by user. []v12.IngressTLS false
host Host defines ingress host parameter for default rule It will be used, only if TlsHosts is empty string false

Back to TOC

VMAuth#

VMAuth is the Schema for the vmauths API

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMAuthSpec false
status VMAuthStatus false

Back to TOC

VMAuthList#

VMAuthList contains a list of VMAuth

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMAuth true

Back to TOC

VMAuthSpec#

VMAuthSpec defines the desired state of VMAuth

Field Description Scheme Required
podMetadata PodMetadata configures Labels and Annotations which are propagated to the VMAuth pods. *EmbeddedObjectMetadata false
image Image - docker image settings for VMAuth if no specified operator uses default config version Image false
imagePullSecrets ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod []v1.LocalObjectReference false
secrets Secrets is a list of Secrets in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods. []string false
configMaps ConfigMaps is a list of ConfigMaps in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods. []string false
logLevel LogLevel for victoria metrics single to be configured with. string false
logFormat LogFormat for VMAuth to be configured with. string false
minReadySeconds MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state int32 false
replicaCount ReplicaCount is the expected size of the VMAuth *int32 false
revisionHistoryLimitCount The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10. *int32 false
volumes Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. []v1.Volume false
volumeMounts VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAuth container, that are generated as a result of StorageSpec objects. []v1.VolumeMount false
resources Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used v1.ResourceRequirements false
affinity Affinity If specified, the pod's scheduling constraints. *v1.Affinity false
tolerations Tolerations If specified, the pod's tolerations. []v1.Toleration false
securityContext SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. *v1.PodSecurityContext false
serviceAccountName ServiceAccountName is the name of the ServiceAccount to use to run the VMAuth Pods. string false
schedulerName SchedulerName - defines kubernetes scheduler name string false
runtimeClassName RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/ *string false
podSecurityPolicyName PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used. string false
hostAliases HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. []v1.HostAlias false
containers Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc. []v1.Container false
initContainers InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. []v1.Container false
priorityClassName PriorityClassName assigned to the Pods string false
hostNetwork HostNetwork controls whether the pod may use the node network namespace bool false
dnsPolicy DNSPolicy sets DNS policy for the pod v1.DNSPolicy false
dnsConfig Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. *v1.PodDNSConfig false
topologySpreadConstraints TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ []v1.TopologySpreadConstraint false
port Port listen port string false
selectAllByDefault SelectAllByDefault changes default behavior for empty CRD selectors, such userSelector. with selectAllByDefault: true and empty userSelector and userNamespaceSelector Operator selects all exist users with selectAllByDefault: false - selects nothing bool false
userSelector UserSelector defines VMUser to be selected for config file generation. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAuth namespace. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
userNamespaceSelector UserNamespaceSelector Namespaces to be selected for VMAuth discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAuth namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault *metav1.LabelSelector false
extraArgs ExtraArgs that will be passed to VMAuth pod for example remoteWrite.tmpDataPath: /tmp map[string]string false
extraEnvs ExtraEnvs that will be added to VMAuth pod []v1.EnvVar false
serviceSpec ServiceSpec that will be added to vmsingle service spec *AdditionalServiceSpec false
serviceScrapeSpec ServiceScrapeSpec that will be added to vmauth VMServiceScrape spec *VMServiceScrapeSpec false
podDisruptionBudget PodDisruptionBudget created by operator *EmbeddedPodDisruptionBudgetSpec false
ingress Ingress enables ingress configuration for VMAuth. *EmbeddedIngress false
livenessProbe LivenessProbe that will be added CRD pod *v1.Probe false
readinessProbe ReadinessProbe that will be added CRD pod *v1.Probe false
startupProbe StartupProbe that will be added to CRD pod *v1.Probe false
nodeSelector NodeSelector Define which Nodes the Pods are scheduled on. map[string]string false
terminationGracePeriodSeconds TerminationGracePeriodSeconds period for container graceful termination *int64 false
readinessGates ReadinessGates defines pod readiness gates []v1.PodReadinessGate false
unauthorizedAccessConfig UnauthorizedAccessConfig configures access for un authorized users []VMAuthUnauthorizedPath false
useStrictSecurity UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions *bool false
license License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html *License false
configSecret ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAuth object, which contains auth configuration for vmauth, configuration must be inside secret key: config.yaml. It must be created and managed manually. If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders string false

Back to TOC

VMAuthStatus#

VMAuthStatus defines the observed state of VMAuth

Field Description Scheme Required
updateStatus UpdateStatus defines a status for update rollout, effective only for statefuleMode UpdateStatus false
reason Reason defines fail reason for update process, effective only for statefuleMode string false

Back to TOC

VMAuthUnauthorizedPath#

VMAuthUnauthorizedPath defines url_map for unauthorized access

Field Description Scheme Required
src_paths Paths src request paths []string false
url_prefix URLs defines url_prefix for dst routing []string false
ip_filters IPFilters defines filter for src ip address enterprise only VMUserIPFilters false
src_hosts SrcHosts is the list of regular expressions, which match the request hostname. []string false
headers Headers represent additional http headers, that vmauth uses in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.68.0 version of vmauth []string false
response_headers ResponseHeaders represent additional http headers, that vmauth adds for request response in form of [&#34;header_key: header_value&#34;] multiple values for header key: [&#34;header_key: value1,value2&#34;] it's available since 1.93.0 version of vmauth []string false
retry_status_codes RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503] []int false
load_balancing_policy LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default &#34;least_loaded&#34;) *string false
drop_src_path_prefix_parts DropSrcPathPrefixParts is the number of /-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. *int false

Back to TOC

TargetEndpoint#

TargetEndpoint defines single static target endpoint.

Field Description Scheme Required
targets Targets static targets addresses in form of [&#34;192.122.55.55:9100&#34;,&#34;some-name:9100&#34;]. []string true
labels Labels static labels for targets. map[string]string false
port Default port for target. string false
path HTTP path to scrape for metrics. string false
scheme HTTP scheme to use for scraping. string false
params Optional HTTP URL parameters map[string][]string false
follow_redirects FollowRedirects controls redirects for scraping. *bool false
sampleLimit SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. uint64 false
interval Interval at which metrics should be scraped string false
scrape_interval ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used string false
scrapeTimeout Timeout after which the scrape is ended string false
oauth2 OAuth2 defines auth configuration *OAuth2 false
tlsConfig TLSConfig configuration to use when scraping the endpoint *TLSConfig false
bearerTokenFile File to read bearer token for scraping targets. string false
bearerTokenSecret Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. *v1.SecretKeySelector false
basicAuth BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints *BasicAuth false
authorization Authorization with http header Authorization *Authorization false
metricRelabelConfigs MetricRelabelConfigs to apply to samples before ingestion. []*RelabelConfig false
relabelConfigs RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config []*RelabelConfig false
proxyURL ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. *string false
honorLabels HonorLabels chooses the metric's labels on collisions with target labels. bool false
honorTimestamps HonorTimestamps controls whether vmagent respects the timestamps present in scraped data. *bool false
vm_scrape_params VMScrapeParams defines VictoriaMetrics specific scrape parametrs *VMScrapeParams false

Back to TOC

VMStaticScrape#

VMStaticScrape defines static targets configuration for scraping.

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMStaticScrapeSpec false
status VMStaticScrapeStatus false

Back to TOC

VMStaticScrapeList#

VMStaticScrapeList contains a list of VMStaticScrape

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMStaticScrape true

Back to TOC

VMStaticScrapeSpec#

VMStaticScrapeSpec defines the desired state of VMStaticScrape.

Field Description Scheme Required
jobName JobName name of job. string false
targetEndpoints A list of target endpoints to scrape metrics from. []*TargetEndpoint true
sampleLimit SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. uint64 false

Back to TOC

ProbeTargetIngress#

ProbeTargetIngress defines the set of Ingress objects considered for probing.

Field Description Scheme Required
selector Select Ingress objects by labels. metav1.LabelSelector false
namespaceSelector Select Ingress objects by namespace. NamespaceSelector false
relabelingConfigs RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config []*RelabelConfig false

Back to TOC

VMProbe#

VMProbe defines a probe for targets, that will be executed with prober, like blackbox exporter. It helps to monitor reachability of target with various checks.

Field Description Scheme Required
metadata metav1.ObjectMeta false
spec VMProbeSpec true
status VMProbeStatus false

Back to TOC

VMProbeList#

VMProbeList contains a list of VMProbe

Field Description Scheme Required
metadata metav1.ListMeta false
items []VMProbe true

Back to TOC

VMProbeSpec#

VMProbeSpec contains specification parameters for a Probe.

Field Description Scheme Required
jobName The job name assigned to scraped metrics by default. string false
vmProberSpec Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. VMProberSpec true
module The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml string false
targets Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. VMProbeTargets false
interval Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. string false
scrape_interval ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used string false
scrapeTimeout Timeout for scraping metrics from the Prometheus exporter. string false
params Optional HTTP URL parameters map[string][]string false
follow_redirects FollowRedirects controls redirects for scraping. *bool false
sampleLimit SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. uint64 false
bearerTokenFile File to read bearer token for scraping targets. string false
bearerTokenSecret Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. *v1.SecretKeySelector false
basicAuth BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints *BasicAuth false
oauth2 OAuth2 defines auth configuration *OAuth2 false
authorization Authorization with http header Authorization *Authorization false
tlsConfig TLSConfig configuration to use when scraping the endpoint *TLSConfig false
vm_scrape_params VMScrapeParams defines VictoriaMetrics specific scrape parametrs *VMScrapeParams false

Back to TOC

VMProbeTargetStaticConfig#

VMProbeTargetStaticConfig defines the set of static targets considered for probing.

Field Description Scheme Required
targets Targets is a list of URLs to probe using the configured prober. []string true
labels Labels assigned to all metrics scraped from the targets. map[string]string false
relabelingConfigs More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config []*RelabelConfig false

Back to TOC

VMProbeTargets#

VMProbeTargets defines a set of static and dynamically discovered targets for the prober.

Field Description Scheme Required
staticConfig StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. *VMProbeTargetStaticConfig false
ingress Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. *ProbeTargetIngress false

Back to TOC

VMProberSpec#

VMProberSpec contains specification parameters for the Prober used for probing.

Field Description Scheme Required
url Mandatory URL of the prober. string true
scheme HTTP scheme to use for scraping. Defaults to http. string false
path Path to collect metrics from. Defaults to /probe. string false

Back to TOC